CommonName Pain

Hello,

I had several spyware problems last week and eliminated (I think) most of them. However, my browser is still getting hijaked periodically, and I'm getting popups on startup.

Have run Adaware and SpyBot, which keeps finding and eliminating "CommonName." So I guess that's the ticket. After running both these programs, here is my HijakThis log. Any help would me much appreciated.

========================

Logfile of HijackThis v1.97.7
Scan saved at 11:17:34 PM, on 5/23/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\INTERNET KEYWORD\INETMGR.EXE
C:\WINDOWS\SYSTEM\HPDLLHOST.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\GURUNET\GURUNET.EXE
C:\PROGRAM FILES\INTERNET KEYWORD\INETSVC.EXE
C:\PROGRAM FILES\COMMON FILES\ATOMICA SHARED\AGTSERV.EXE
C:\PROGRAM FILES\COMMON FILES\ATOMICA SHARED\agtexe16.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\SECURITY\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/default.armx
O2 - BHO: Atomica BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\PROGRAM FILES\COMMON FILES\ATOMICA SHARED\AGTBHO.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - C:\PROGRAM FILES\INTERNET KEYWORD\INETKW.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\INETMGR.EXE
O4 - HKLM\..\Run: [000hpdllhost] C:\WINDOWS\SYSTEM\hpdllhost.exe
O4 - HKLM\..\Run: [readdb40] rundll32.exe C:\WINDOWS\SYSTEM\READDB40.DLL,EnableRunDLL32
O4 - HKLM\..\Run: [nssysconf] C:\WINDOWS\SYSTEM\subieos.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Startup: GuruNet.lnk = C:\Program Files\GuruNet\GuruNet.exe
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {13E23C9E-3018-4AC1-B998-C08BF1814DB0} - http://ftp.gurunet.com/pub/cabs/GNInstaller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38107.972025463
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://billing-a.mhi.aol.com/netagent/objects/custappx2.CAB

 

Hello farley,

Before you start, please move HijackThis to a separate folder of its own. The program will make backups to the folder it's in. These easily get lost in a folder with other programs.

Please closedown all the browser windows, window instances and have hijacthis fix the following entries.

O4 - HKLM\..\Run: [000hpdllhost] C:\WINDOWS\SYSTEM\hpdllhost.exe
O4 - HKLM\..\Run: [readdb40] rundll32.exe C:\WINDOWS\SYSTEM\READDB40.DLL,EnableRunDLL32
O4 - HKLM\..\Run: [nssysconf] C:\WINDOWS\SYSTEM\subieos.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

The entries in Navy color is optional to remove but recommended because it's a mjor resource hog.

Reboot your machine and boot into safe mode by tapping F8 key(8-9 times) at bootup.

This may happen that file is hidden so first unhide the files using following instructions...
http://service1.symantec.com/SUPPOR...Virus Corporate Edition&ver=8.x&osv=&osv_lvl=

Search and If present, delete the following file..

C:\WINDOWS\SYSTEM\subieos.exe
C:\WINDOWS\SYSTEM\READDB40.DLL
C:\WINDOWS\SYSTEM\hpdllhost.exe

Reboot your machine and boot into normal mode.

Rescan your machine with hijackthis and please post a fresh log..

With Thanks !
Newkid !

 

Hey thanks, New Kid,

I did as you said, and here's the log. Btw, only found C:\WINDOWS\SYSTEM\hpdllhost.exe

===================

Logfile of HijackThis v1.97.7
Scan saved at 1:47:02 AM, on 5/24/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\INTERNET KEYWORD\INETMGR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\GURUNET\GURUNET.EXE
C:\PROGRAM FILES\INTERNET KEYWORD\INETSVC.EXE
C:\PROGRAM FILES\COMMON FILES\ATOMICA SHARED\AGTSERV.EXE
C:\PROGRAM FILES\COMMON FILES\ATOMICA SHARED\agtexe16.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\SECURITY\HIJAKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/default.armx
O2 - BHO: Atomica BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\PROGRAM FILES\COMMON FILES\ATOMICA SHARED\AGTBHO.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - C:\PROGRAM FILES\INTERNET KEYWORD\INETKW.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\INETMGR.EXE
O4 - HKLM\..\Run: [nssysconf] C:\WINDOWS\SYSTEM\subieos.exe
O4 - HKLM\..\Run: [000hpdllhost] C:\WINDOWS\SYSTEM\hpdllhost.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Startup: GuruNet.lnk = C:\Program Files\GuruNet\GuruNet.exe
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {13E23C9E-3018-4AC1-B998-C08BF1814DB0} - http://ftp.gurunet.com/pub/cabs/GNInstaller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38107.972025463
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://billing-a.mhi.aol.com/netagent/objects/custappx2.CAB

=============

cheers...

 

Hello Farley,

Sorry, I forgot to mentioned to fix the LOP infection entries.

Please closedown all the browser windows, window instances and have hijacthis fix the following entries.

O2 - BHO: (no name) - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - C:\PROGRAM FILES\INTERNET KEYWORD\INETKW.DLL

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [nssysconf] C:\WINDOWS\SYSTEM\subieos.exe
O4 - HKLM\..\Run: [000hpdllhost] C:\WINDOWS\SYSTEM\hpdllhost.exe
The entries in Navy color is optional to remove. It's typically infrequently used tasks that can be started manually if necessary..

Atlast, I'm not sure what these are whatsoever

O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\INETMGR.EXE

Reboot your machine and boot into safe mode by tapping F8 key(8-9 times) at bootup.

This may happen that file is hidden so first unhide the files using following instructions...

http://service1.symantec.com/SUPPOR...Virus Corporate Edition&ver=8.x&osv=&osv_lvl=

Search and If present, delete the following file..

C:\WINDOWS\SYSTEM\subieos.exe
C:\WINDOWS\SYSTEM\hpdllhost.exe
C:\PROGRA~1\INTERNET KEYWORD\ <- Delete complete folder

Still in safe mode, I recommend you to please scan your machine online at http://housecall.trendmicro.com/. Don't foget to check the 'Autoclean' checkbox there.

Reboot your machine and boot into normal mode.

Rescan your machine with hijackthis and please post a fresh log..

With Thanks !
Newkid !

 

Hello again,

Sorry for the delay, but I haven't been able to get back to this until now.

I got online a couple of hours ago and did a couple of things before checking back on this site. I definitely still had a spyware. It is throwing up popups and making everything slow down. Did a spybot scan, which again found CommonName. Grrrr.

I then came back here and did everything you said. I didn't delete this file, though, as you said you weren't sure what it was:
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\INETMGR.EXE

I then went to http://housecall.trendmicro.com/ and did their scan. I told me I had a virus (Troj_vivia.a) that was uncleanable. I did "delete" it though, but don't know if that did anything. I also went to the directions on their site to delete "troj_viva" but wasn't about to find the files in regedit that they said would be there (I probably shouldn't be messing around in regedit anyway).

One thing. I wasn't about to do this scan in safe mode as you suggested because I couldn't get online in safe mode.

Finally, I rebooted and did another spybot (found nothing) scan and then an adaware (found a bunch of crap, which I deleted) scan. Then did a hijackThis scan. Here is the log.

======================================
Logfile of HijackThis v1.97.7
Scan saved at 10:48:32 PM, on 5/24/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\GURUNET\GURUNET.EXE
C:\PROGRAM FILES\COMMON FILES\ATOMICA SHARED\AGTSERV.EXE
C:\PROGRAM FILES\COMMON FILES\ATOMICA SHARED\agtexe16.exe
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\SECURITY\HIJAKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/default.armx
O2 - BHO: Atomica BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\PROGRAM FILES\COMMON FILES\ATOMICA SHARED\AGTBHO.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\INETMGR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Startup: GuruNet.lnk = C:\Program Files\GuruNet\GuruNet.exe
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {13E23C9E-3018-4AC1-B998-C08BF1814DB0} - http://ftp.gurunet.com/pub/cabs/GNInstaller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38107.972025463
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://billing-a.mhi.aol.com/netagent/objects/custappx2.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

===========================

So appreciate your help.

 

Hello Farley,

Your new logs looks clean to me. Is everything back to normal ?

Now, We recommend you to have a look on the following Link :

how did I get infected in the first place?.

With thanks !
Newkid !

 

Hey New Kid,

I probably won't know if everything is back to normal until I reboot tomorrow. Going to bed right now though.

I went to the website you recommended and followed (or will follow tomorrow -- yawn) the directions.

Thanks again for you help.

And I have only one more question. Were you really born in 1989? If so, would you please lie to me. You're making me feel old.

Cheers,

Farley

 

Hello Farley,

Will you please confirm whether your issue sorted out or not ? If your issue is sorted out then i'll request admin to close this thread.

Sorry to say, but it's True...

With Thanks !
Newkid !