Jsmtty Posted September 6, 2007 ID:8074 Share Posted September 6, 2007 Hi,I've been browsing here for quite some time. I'm having a similar problem with popups. I would appreciate any help you can give ! Here is my HJT log and Panda Scan log:Logfile of HijackThis v1.99.1Scan saved at 11:34:51 PM, on 9/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Symantec\pcAnywhere\awhost32.exeC:\Program Files\NavNT\defwatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\NavNT\rtvscan.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeC:\WINDOWS\system32\MsgSys.EXEC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\system32\hphmon05.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Program Files\NavNT\vptray.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\PROGRA~1\MAILFR~1\mantispm.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exeC:\Program Files\Logitech\SetPoint\KEM.exeC:\Program Files\Logitech\SetPoint\KHALMNPR.EXEC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exeC:\Documents and Settings\All Users\Start Menu\Programs\Startup\YacsMon.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXEC:\Documents and Settings\All Users\Desktop\My Downloads\AVG\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybizR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybizO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeO4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exeO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Matador] "C:\PROGRA~1\MAILFR~1\mantispm.exe" -quietO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeO4 - Global Startup: Bluetooth Manager.lnk = ?O4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exeO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO4 - Global Startup: YacsMon.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exeO9 - Extra 'Tools' menuitem: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cabO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cabO16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installshield.com/install/iftwclix.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...ab?1129166305125O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat....cab?1177621409953O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocxO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = robyco.comO17 - HKLM\Software\..\Telephony: DomainName = robyco.comO17 - HKLM\System\CCS\Services\Tcpip\..\{53D0049E-F1EA-42EC-A153-8678F2D3A74A}: NameServer = 65.17.128.7,65.17.128.3O17 - HKLM\System\CCS\Services\Tcpip\..\{B2975A30-2DE3-41D0-90D1-BE186F844043}: NameServer = 65.17.128.7,65.17.128.3O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = robyco.comO20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dllO20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dllO20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exeO23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeO23 - Service: WLANKEEPER - Intel Link to post Share on other sites More sharing options...
Jsmtty Posted September 6, 2007 Author ID:8084 Share Posted September 6, 2007 A little more info here...Hopefully this helps:We mistakenly downloaded a program called "Web Media Player" on Saturday 09/01/07. This is also when the problems began. I'm 99% sure that this is the root of the problem.Also wanted to share this... I see some very strange .log files in my C:\Windows folder that were all added/modified on 09/01/07. I'll paste a couple of examples here...just in case that helps.Here is part of a file called netfxocm.log:[08/11/04,17:07:29] ********************************************************************************[08/11/04,17:07:29] CUrtOcmSetup()[08/11/04,17:07:29] Installs NETFX component[08/11/04,17:07:29] OS Edition is Neither Embedded Nor Server. Initially not marked for installation.[08/11/04,17:07:29] OC_PREINITIALIZE - SubComponent: [08/11/04,17:07:29] OnPreInitialize(), charWidth = 3[08/11/04,17:07:29] OC_INIT_COMPONENT - SubComponent: (null)[08/11/04,17:07:29] InitializeComponent()[08/11/04,17:07:29] OC_QUERY_STATE - SubComponent: netfx[08/11/04,17:07:29] OnQueryState()[08/11/04,17:07:29] Called with OCSELSTATETYPE_ORIGINAL ... determining if we were installed previously.[08/11/04,17:07:29] OnQueryState(),Return Value is 0[08/11/04,17:07:29] OC_CALC_DISK_SPACE - SubComponent: netfx[08/11/04,17:07:29] OnCalculateDiskSpace(), adding = 1[08/11/04,17:07:29] SetVariableDirs()[08/11/04,17:07:29] OnCalculateDiskSpace(), adding size from section netfx_install[08/11/04,17:07:29] OC_WIZARD_CREATED - SubComponent: (null)[08/11/04,17:07:29] OnWizardCreated()[08/11/04,17:09:56] OC_QUERY_STATE - SubComponent: netfx[08/11/04,17:09:56] OnQueryState()[08/11/04,17:09:56] Called with OCSELSTATETYPE_CURRENT.[08/11/04,17:09:56] OnQueryState(),Return Value is 1[08/11/04,17:09:56] OC_CALC_DISK_SPACE - SubComponent: netfx[08/11/04,17:09:56] OnCalculateDiskSpace(), adding = 1[08/11/04,17:09:56] OnCalculateDiskSpace(), adding size from section netfx_install[08/11/04,17:11:22] NOTIFY_NDPINSTALL - SubComponent: netfx[08/11/04,17:11:22] OnNdpInstall(), subcomponent netfx with flag = 0[08/11/04,17:11:22] ...called by component TabletPC Component Setup[08/11/04,17:11:22] Dependent component telling us not to install ... they will not be installing on this machine.[08/11/04,17:11:22] NOTIFY_NDPINSTALL - SubComponent: netfx[08/11/04,17:11:22] OnNdpInstall(), subcomponent netfx with flag = 0[08/11/04,17:11:22] ...called by component eHome Component Setup[08/11/04,17:11:22] Dependent component telling us not to install ... they will not be installing on this machine.[08/11/04,17:11:23] OC_QUEUE_FILE_OPS - SubComponent: (null)[08/11/04,17:11:23] OnQueueFileOperations was not called, since subcomponent is unknown[08/11/04,17:11:23] OC_QUEUE_FILE_OPS - SubComponent: netfx[08/11/04,17:11:23] StateChanged() Original=1, Current=0[08/11/04,17:11:23] OnQueueFileOperations()[08/11/04,17:11:23] Netfx is not set to install[08/11/04,17:12:36] OC_QUERY_STATE - SubComponent: netfx[08/11/04,17:12:36] OnQueryState()[08/11/04,17:12:36] Called with OCSELSTATETYPE_FINAL ... will set subcomponent registry flag.[08/11/04,17:12:36] Netfx is not set to install[08/11/04,17:12:36] OnQueryState(),Return Value is 2[10/05/05,19:26:45] ********************************************************************************[10/05/05,19:26:45] CUrtOcmSetup()[10/05/05,19:26:45] Installs NETFX component[10/05/05,19:26:45] OS Edition is Neither Embedded Nor Server. Initially not marked for installation.[10/05/05,19:26:45] OC_PREINITIALIZE - SubComponent: [10/05/05,19:26:45] OnPreInitialize(), charWidth = 3[10/05/05,19:26:45] OC_INIT_COMPONENT - SubComponent: (null)[10/05/05,19:26:45] InitializeComponent()[10/05/05,19:26:45] OC_QUERY_STATE - SubComponent: netfx[10/05/05,19:26:45] OnQueryState()[10/05/05,19:26:45] Called with OCSELSTATETYPE_ORIGINAL ... determining if we were installed previously.[10/05/05,19:26:45] OnQueryState(),Return Value is 0[10/05/05,19:26:45] OC_CALC_DISK_SPACE - SubComponent: netfx[10/05/05,19:26:45] OnCalculateDiskSpace(), adding = 1[10/05/05,19:26:45] SetVariableDirs()[10/05/05,19:26:45] OnCalculateDiskSpace(), adding size from section netfx_install[10/05/05,19:26:45] OC_WIZARD_CREATED - SubComponent: (null)[10/05/05,19:26:45] OnWizardCreated()[10/05/05,19:26:45] OC_QUERY_STATE - SubComponent: netfx[10/05/05,19:26:45] OnQueryState()[10/05/05,19:26:45] Called with OCSELSTATETYPE_CURRENT.[10/05/05,19:26:45] OnQueryState(),Return Value is 1[10/05/05,19:26:45] OC_CALC_DISK_SPACE - SubComponent: netfx[10/05/05,19:26:45] OnCalculateDiskSpace(), adding = 1[10/05/05,19:26:45] OnCalculateDiskSpace(), adding size from section netfx_install[10/05/05,19:26:46] OC_QUEUE_FILE_OPS - SubComponent: (null)[10/05/05,19:26:46] OnQueueFileOperations was not called, since subcomponent is unknown[10/05/05,19:26:46] OC_QUEUE_FILE_OPS - SubComponent: netfx[10/05/05,19:26:46] StateChanged() Original=1, Current=0[10/05/05,19:26:46] OnQueueFileOperations()[10/05/05,19:26:46] Netfx is not set to install[10/05/05,19:26:47] OC_QUERY_STATE - SubComponent: netfx[10/05/05,19:26:47] OnQueryState()[10/05/05,19:26:47] Called with OCSELSTATETYPE_FINAL ... will set subcomponent registry flag.[10/05/05,19:26:47] Netfx is not set to install[10/05/05,19:26:47] OnQueryState(),Return Value is 2[10/12/05,20:22:44] ********************************************************************************[10/12/05,20:22:44] CUrtOcmSetup()[10/12/05,20:22:44] Installs NETFX component[10/12/05,20:22:44] OS Edition is Neither Embedded Nor Server. Initially not marked for installation.[10/12/05,20:22:44] OC_PREINITIALIZE - SubComponent: [10/12/05,20:22:44] OnPreInitialize(), charWidth = 3[10/12/05,20:22:44] OC_INIT_COMPONENT - SubComponent: (null)[10/12/05,20:22:44] InitializeComponent()[10/12/05,20:22:44] OC_QUERY_STATE - SubComponent: netfx[10/12/05,20:22:44] OnQueryState()[10/12/05,20:22:44] Called with OCSELSTATETYPE_ORIGINAL ... determining if we were installed previously.[10/12/05,20:22:44] OnQueryState(),Return Value is 0[10/12/05,20:22:44] OC_CALC_DISK_SPACE - SubComponent: netfx[10/12/05,20:22:44] OnCalculateDiskSpace(), adding = 1[10/12/05,20:22:44] SetVariableDirs()[10/12/05,20:22:44] OnCalculateDiskSpace(), adding size from section netfx_install[10/12/05,20:22:45] OC_CLEANUP - SubComponent: (null)[10/12/05,20:22:45] OnCleanup()[10/12/05,20:22:52] ********************************************************************************[10/12/05,20:22:52] CUrtOcmSetup()[10/12/05,20:22:52] Installs NETFX component[10/12/05,20:22:52] OS Edition is Neither Embedded Nor Server. Initially not marked for installation.[10/12/05,20:22:52] OC_PREINITIALIZE - SubComponent: [10/12/05,20:22:52] OnPreInitialize(), charWidth = 3[10/12/05,20:22:52] OC_INIT_COMPONENT - SubComponent: (null)[10/12/05,20:22:52] InitializeComponent()[10/12/05,20:22:52] OC_QUERY_STATE - SubComponent: netfx[10/12/05,20:22:52] OnQueryState()[10/12/05,20:22:52] Called with OCSELSTATETYPE_ORIGINAL ... determining if we were installed previously.[10/12/05,20:22:52] OnQueryState(),Return Value is 0[10/12/05,20:22:52] OC_CALC_DISK_SPACE - SubComponent: netfx[10/12/05,20:22:52] OnCalculateDiskSpace(), adding = 1[10/12/05,20:22:52] SetVariableDirs()[10/12/05,20:22:52] OnCalculateDiskSpace(), adding size from section netfx_install[10/12/05,20:22:53] OC_CLEANUP - SubComponent: (null)[10/12/05,20:22:53] OnCleanup()[10/12/05,20:39:29] _________________________________________________________________________________________________________Here is part of a file called msgsocm.log:Initialize setup: MSGROCM.DLL 08/11/04 17:07:28[msmsgs - OC_PREINITIALIZE] - complete[msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x0 0x0 VersionOnCD: 0x40007 0xbb8 - complete[msmsgs - OC_QUERY_STATE] - complete[msmsgs - OC_WIZARD_CREATED] - complete[msmsgs - OC_QUERY_STATE] - complete[msmsgs - OC_QUERY_CHANGE_SEL_STATE] - complete[msmsgs - OC_CALC_DISK_SPACE] - complete[msmsgs - OC_QUEUE_FILE_OPS] - complete[msmsgs - OC_QUEUE_FILE_OPS] - complete[msmsgs - OC_QUERY_STEP_COUNT] - complete[msmsgs - OC_QUERY_STEP_COUNT] - complete[msmsgs - OC_ABOUT_TO_COMMIT_QUEUE] - complete[msmsgs - OC_ABOUT_TO_COMMIT_QUEUE] - complete[msmsgs - OC_COMPLETE_INSTALLATION] - complete[msmsgs - OC_COMPLETE_INSTALLATION] - complete[msmsgs - OC_QUERY_STATE] - complete[msmsgs - OC_CLEANUP] - completeInitialize setup: MSGROCM.DLL 10/05/05 19:26:44[msmsgs - OC_PREINITIALIZE] - complete[msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb8 VersionOnCD: 0x40007 0xbb8 - complete[msmsgs - OC_QUERY_STATE] - complete[msmsgs - OC_WIZARD_CREATED] - complete[msmsgs - OC_QUERY_STATE] - complete[msmsgs - OC_QUERY_CHANGE_SEL_STATE] - complete[msmsgs - OC_CALC_DISK_SPACE] - complete[msmsgs - OC_QUEUE_FILE_OPS] - complete[msmsgs - OC_QUEUE_FILE_OPS] - complete[msmsgs - OC_QUERY_STEP_COUNT] - complete[msmsgs - OC_QUERY_STEP_COUNT] - complete[msmsgs - OC_ABOUT_TO_COMMIT_QUEUE] - complete[msmsgs - OC_ABOUT_TO_COMMIT_QUEUE] - complete[msmsgs - OC_COMPLETE_INSTALLATION] - complete[msmsgs - OC_COMPLETE_INSTALLATION] - complete[msmsgs - OC_QUERY_STATE] - complete[msmsgs - OC_CLEANUP] - completeInitialize setup: MSGROCM.DLL 10/12/05 20:22:42[msmsgs - OC_PREINITIALIZE] - complete[msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete[msmsgs - OC_QUERY_STATE] - complete[msmsgs - OC_CLEANUP] - completeInitialize setup: MSGROCM.DLL 10/12/05 20:22:52[msmsgs - OC_PREINITIALIZE] - complete[msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete[msmsgs - OC_QUERY_STATE] - complete[msmsgs - OC_CLEANUP] - completeInitialize setup: MSGROCM.DLL 10/12/05 20:39:28[msmsgs - OC_PREINITIALIZE] - complete[msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete[msmsgs - OC_QUERY_STATE] - complete[msmsgs - OC_CLEANUP] - completeInitialize setup: MSGROCM.DLL 10/12/05 20:39:35[msmsgs - OC_PREINITIALIZE] - complete[msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete[msmsgs - OC_QUERY_STATE] - complete[msmsgs - OC_CLEANUP] - completeInitialize setup: MSGROCM.DLL 10/12/05 20:39:39[msmsgs - OC_PREINITIALIZE] - complete[msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete[msmsgs - OC_QUERY_STATE] - complete[msmsgs - OC_CLEANUP] - completeInitialize setup: MSGROCM.DLL 10/12/05 20:39:44[msmsgs - OC_PREINITIALIZE] - complete[msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete[msmsgs - OC_QUERY_STATE] - complete[msmsgs - OC_CLEANUP] - completeInitialize setup: MSGROCM.DLL 10/12/05 20:39:49[msmsgs - OC_PREINITIALIZE] - complete[msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete[msmsgs - OC_QUERY_STATE] - complete[msmsgs - OC_CLEANUP] - completeInitialize setup: MSGROCM.DLL 10/12/05 20:39:54[msmsgs - OC_PREINITIALIZE] - complete[msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete[msmsgs - OC_QUERY_STATE] - complete[msmsgs - OC_CLEANUP] - completeInitialize setup: MSGROCM.DLL 10/12/05 20:39:59[msmsgs - OC_PREINITIALIZE] - complete[msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete[msmsgs - OC_QUERY_STATE] - complete[msmsgs - OC_CLEANUP] - completeInitialize setup: MSGROCM.DLL 10/12/05 20:40:04[msmsgs - OC_PREINITIALIZE] - complete[msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete[msmsgs - OC_QUERY_STATE] - complete[msmsgs - OC_CLEANUP] - complete Link to post Share on other sites More sharing options...
JeanInMontana Posted September 6, 2007 ID:8092 Share Posted September 6, 2007 Hi and welcome to Malwarebytes. Did you uninstall the program? Please do so if you haven't. Panda flags it as undesireable. Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm You need to get this program please http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe and post a log from it. Make sure you install it to a folder of it's own on C:\ post the SmitFraud fix log and a log from this HJT in your next post please. Link to post Share on other sites More sharing options...
Jsmtty Posted September 6, 2007 Author ID:8095 Share Posted September 6, 2007 Hi and thanks for your response. I'm still getting the popups - but here's what I did:First, I deleted the C:\WINDOWS\Temp\NSIS_Install_WMP.exe[WebMediaPlayer.exe file from my machine.Here is the 1st SmitFraudFix Report run before rebooting in Safe Mode:SmitFraudFix v2.221Scan done at 18:09:05.26, Thu 09/06/2007Run from C:\SmitFraudFix\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in normal mode Link to post Share on other sites More sharing options...
Jsmtty Posted September 6, 2007 Author ID:8096 Share Posted September 6, 2007 Also, FWIW...I just "KNOW" the exact time and place this problem began... And when I look in my C:\Windows folder, the following .log files are preset at that exact time on that exact date. I'll attach a picture in .pdf.Thanks Again!!C_Windows_1.pdfC_Windows_1.pdf Link to post Share on other sites More sharing options...
JeanInMontana Posted September 7, 2007 ID:8110 Share Posted September 7, 2007 Did you install the media player? If so you need to uninstall it via add/remove programs. Deleting the file isn't the same.The instructions for SmitFraud are to boot into safe mode then run it. The instructions for these fixes need to be done just how they say. No variations.Download ComboFix from one of the links below:http://www.techsupportforum.com/sectools/sUBs/ComboFix.exehttp://download.bleepingcomputer.com/sUBs/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log in your next reply.Note:Do not mouseclick combofix's window while it's running. That may cause it to stallComboFix will create a folder called QooBox in C: (C:\QooBox). It will contain any folders that were quarantined. When you are done you can delete this folder - QooBox.We will see what this shows us. You can scan any of those files you attached here also http://www.virustotal.com/. Link to post Share on other sites More sharing options...
Jsmtty Posted September 7, 2007 Author ID:8113 Share Posted September 7, 2007 The media player was previously uninstalled via add/remove programs. Combo Fix has been loaded and run. After a reboot, QooBox has been deleted.No PopUps Yet !!! Still holding my breath. I'll respond again later with an update. Thanks for helping me.Here is the Combofix Log:ComboFix 07-08-30.3 - "JeffS" 2007-09-07 4:40:35.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.517 [GMT -4:00] * Created a new restore point((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:\WINDOWS\system32\nvs2.infC:\WINDOWS\system32\ujagcjrfuc.datC:\WINDOWS\system32\ujagcjrfuc.exeC:\WINDOWS\system32\ujagcjrfuc_nav.datC:\WINDOWS\system32\ujagcjrfuc_navps.dat((((((((((((((((((((((((( Files Created from 2007-08-07 to 2007-09-07 )))))))))))))))))))))))))))))))2007-09-07 04:38 51,200 --a------ C:\WINDOWS\nircmd.exe2007-09-06 18:09 4,534 --a------ C:\WINDOWS\system32\tmp.reg2007-09-06 18:07 <DIR> d-------- C:\SmitFraudFix2007-09-06 16:56 <DIR> d-------- C:\HiJackThis2007-09-06 00:22 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys2007-09-06 00:20 <DIR> d-------- C:\Program Files\Trend Micro2007-09-05 18:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan2007-09-04 15:08 <DIR> d-------- C:\Program Files\Lavasoft2007-09-04 15:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft2007-09-04 15:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2007-09-04 14:39 <DIR> d-------- C:\Program Files\SpywareBlaster2007-09-01 12:00 <DIR> d-------- C:\DOCUME~1\JeffS\APPLIC~1\TVU Networks2007-08-14 11:59 <DIR> d-------- C:\Program Files\BlueTooth2007-08-14 11:55 <DIR> d-------- C:\Program Files\Toshiba2007-08-14 11:48 86,867 -ra------ C:\WINDOWS\system32\drivers\BCOREUSB.sys2007-08-12 20:30 <DIR> d-------- C:\Program Files\iTunes2007-08-07 13:58 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys2007-08-07 13:56 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-09-06 14:29 --------- d-------- C:\Program Files\Mozilla Thunderbird2007-09-06 14:28 --------- d-------- C:\Program Files\321Studios2007-09-06 14:26 --------- d-------- C:\Program Files\MUSICMATCH2007-09-06 14:24 --------- d-------- C:\Program Files\Common Files\Real2007-09-05 23:08 --------- d-------- C:\Program Files\Windows Defender2007-09-05 23:06 --------- d-------- C:\Program Files\NavNT2007-09-05 23:02 --------- d-------- C:\Program Files\MailFrontier2007-09-05 23:00 --------- d-------- C:\Program Files\Google2007-09-05 23:00 --------- d-------- C:\Program Files\Digital Line Detect2007-09-05 23:00 --------- d-------- C:\Program Files\DellSupport2007-09-05 22:54 --------- d-------- C:\Program Files\Apoint2007-09-05 14:08 73 --a------ C:\WINDOWS\system32\ssprs.dll2007-09-05 13:59 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint2007-08-26 21:15 100 --a------ C:\WINDOWS\system32\prsgrc.dll2007-08-26 15:36 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\SopCast2007-08-26 15:34 --------- d-------- C:\Program Files\SopCast2007-08-12 20:30 --------- d-------- C:\Program Files\iPod2007-08-12 20:28 --------- d-------- C:\Program Files\Apple Software Update2007-08-05 18:02 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\Purple Ghost Software, Inc2007-08-05 18:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Purple Ghost Software, Inc2007-08-05 18:01 --------- d-------- C:\Program Files\Purple Ghost2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll2007-07-19 02:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll2007-07-17 16:51 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\DDMS2007-07-16 12:12 --------- d--h----- C:\Program Files\InstallShield Installation Information2007-07-16 12:12 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\InstallShield2007-07-16 12:10 --------- d-------- C:\Program Files\DDMS2007-07-13 12:19 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\AdobeUM2007-07-12 19:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll2007-07-12 16:30 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\Apple Computer2007-07-12 10:18 --------- d-------- C:\Program Files\Common Files\Apple2007-07-12 10:18 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple2007-07-12 10:13 --------- d-------- C:\Program Files\QuickTime2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys2007-06-27 10:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll2007-06-27 10:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll2007-06-27 10:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll2007-06-27 10:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll2007-06-27 10:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll2007-06-27 10:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll2007-06-27 10:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll2007-06-27 10:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll2007-06-27 10:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll2007-06-27 10:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll2007-06-27 10:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll2007-06-27 10:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll2007-06-27 10:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll2007-06-27 10:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll2007-06-27 10:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll2007-06-27 10:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll2007-06-27 10:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll2007-06-27 10:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll2007-06-27 10:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll2007-06-27 10:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll2007-06-27 04:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe2007-06-27 04:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe2007-06-27 04:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe2007-06-27 03:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll2007-06-15 17:08 126 --a------ C:\WINDOWS\gzcdweb.bat2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33]"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59]"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 22:00]"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 12:26]"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 00:55]"HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 00:55]"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2005-07-08 00:55]"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 13:31 C:\WINDOWS\KHALMNPR.Exe]"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 08:59]"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]"ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 17:50]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]"Matador"="C:\PROGRA~1\MAILFR~1\mantispm.exe" [2006-01-20 11:44]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09][HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]"RunNarrator"=Narrator.exe[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] PCANotify.dll 2002-02-15 10:51 24638 C:\WINDOWS\system32\PCANotify.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]"C:\Program Files\Dell\Media Experience\PCMService.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERR3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44c29030-4fec-11dc-8fa0-0010c69d1c00}]AutoRun\command- E:\setupSNK.exe*Newly Created Service* - CATCHMEContents of the 'Scheduled Tasks' folder2007-09-06 03:56:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe2007-08-06 04:13:28 C:\WINDOWS\Tasks\cleanmgr.job - C:\WINDOWS\system32\cleanmgr.exe2007-06-05 13:10:25 C:\WINDOWS\Tasks\Defrag.job - C:\WINDOWS\system32\dfrg.msc2007-09-07 05:40:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe2007-09-07 06:34:12 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE**************************************************************************catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-09-07 04:44:16Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden autostart entries ...scanning hidden files ...scan completed successfullyhidden files: 0**************************************************************************Completion time: 2007-09-07 4:46:11C:\ComboFix-quarantined-files.txt ... 2007-09-07 04:45 --- E O F --- Link to post Share on other sites More sharing options...
JeanInMontana Posted September 7, 2007 ID:8116 Share Posted September 7, 2007 Several files were deleted all with malware type names. I'm guessing you got a new variant of Zlob from the media player and that is why SmitFraud didn't get it. Or it could have been doing the fix wrong. If this works great. I'm not seeing a firewall. If your just using the one with SP2 it's not enough.Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy, actually in your case get it, and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.SpywareBlaster from Javacool SoftwareWinPatrol by BillPStudios SiteHound by FireTrustRogueRemoverhpHostsFor an excellent list of reliable free firewalls and antivirus programs see here. You should post a final HJT log for any clean up left. Link to post Share on other sites More sharing options...
Jsmtty Posted September 8, 2007 Author ID:8130 Share Posted September 8, 2007 Great Advice ! I'll do exactly as you suggested. And...Still no Popups here.Here is my HJT Log... Please let me know if you see anything else.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:19:44 AM, on 9/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Apoint\Apoint.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeC:\WINDOWS\system32\hphmon05.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\NavNT\vptray.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\MAILFR~1\mantispm.exeC:\Program Files\Symantec\pcAnywhere\awhost32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\NavNT\defwatch.exeC:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\NavNT\rtvscan.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exeC:\Program Files\Logitech\SetPoint\KEM.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exeC:\Documents and Settings\All Users\Start Menu\Programs\Startup\YacsMon.exeC:\Program Files\Logitech\SetPoint\KHALMNPR.EXEC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exeC:\WINDOWS\system32\MsgSys.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybizO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeO4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exeO4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exeO4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startupO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKCU\..\Run: [Matador] "C:\PROGRA~1\MAILFR~1\mantispm.exe" -quietO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeO4 - Global Startup: Bluetooth Manager.lnk = ?O4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exeO4 - Global Startup: YacsMon.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra button: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exeO9 - Extra 'Tools' menuitem: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cabO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cabO16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installshield.com/install/iftwclix.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129166305125O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177621409953O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocxO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = robyco.comO17 - HKLM\Software\..\Telephony: DomainName = robyco.comO17 - HKLM\System\CCS\Services\Tcpip\..\{53D0049E-F1EA-42EC-A153-8678F2D3A74A}: NameServer = 65.17.128.7,65.17.128.3O17 - HKLM\System\CCS\Services\Tcpip\..\{B2975A30-2DE3-41D0-90D1-BE186F844043}: NameServer = 65.17.128.7,65.17.128.3O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = robyco.comO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exeO23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeO23 - Service: WLANKEEPER - Intel Link to post Share on other sites More sharing options...
JeanInMontana Posted September 8, 2007 ID:8131 Share Posted September 8, 2007 Hello again.You can put a check next to this in HJT and click fix. It is just cleanup not malware.O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)Sybot S&D TeaTimer is a great tool but if you are not familiar with your system and registry savvy it can be very confusing and annoying. I don't know what your level of experience is but if your having trouble with it you can turn it off and use the rest of the features of this great program. I hope you got the 1.5 version, it just occurred to , me I haven't updated my canned speech. The new version just came out last week. Be sure you have it.Your running wireless you really need a good firewall, one that tracks outgoing traffic and monitors programs etc. This is something that is worth paying for to get a good one. There are good free ones it just depends on the features your looking for.Keep your Windows updates current and Java Runtime you should be good to go. Don't trust anything telling you to install. lol Link to post Share on other sites More sharing options...
Jsmtty Posted September 10, 2007 Author ID:8141 Share Posted September 10, 2007 Hi Again,I downloaded and installed Spybot S&D on Friday. I'm comfortable enough with it, I think. I've done some minor registry editing on many of our machines at work and haven't destroyed anything yet ! But I see what you mean...I set of alarms and sirens by just changing my screensaver ! This thing is thorough.Windows is set to update automatically and I'll keep an eye on Java. I've downloaded a version of ZoneAlarm Firewall that I'll try this week.Thanks for your help through this! Your time and advice is much appreciated. Link to post Share on other sites More sharing options...
JeanInMontana Posted September 11, 2007 ID:8165 Share Posted September 11, 2007 Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.SpywareBlaster from Javacool SoftwareWinPatrol by BillPStudios SiteHound by FireTrustRogueRemoverhpHostsFor an excellent list of reliable free firewalls and antivirus programs see here I'm happy to have helped you and should you ever need it again we are here. I will close this thread since the issue is resolved.The instructions in this topic are for this system only. Applying them to your system can cause major damage. Link to post Share on other sites More sharing options...
Recommended Posts