Why are you running around the web, posting links to my program?

When the program in question is a specialized tool and not designed for what you are posting.

Stop spamming my tool all over the...

Well, thanks 'Stein.

I should add to my previous post that Netscape 8 may also be vulnerable. Since Netscape 8 is built from the Firefox 1.x source tree, therefore it stands to reason that...

This is sensational journalism at it finest.

Firefox is not the only browser vulnerable to this type of exploit. IE7 and Safari are also vulnerable. This is probably the first, in my memory,...

There are no signs of the infections that cause those pop-ups. They would show in HijackThis and GetRunKeys.

You may want to run the Windows Genuine Advatange tool. That will tell you if your...

Your logs are coming back clean.

What issues if any are you having?

Is there a specific reason why, you have not updated your copy of XP?

As it stands now, you are running a completely...

Your runkey.txt shows no infections. This is looking more like an OS issue. Update you system to SP1a do not apply SP2 at this time.

After you have updated to SP1a post a fresh HijackThis log.

You're welcome.

Your HijackThis log is clean. Time to toggle System Restore and flush your restore points and create a fresh clean Restore Point.

Windows XP
Disable
1. Right click My Computer
2. Choose...

c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe <<=== This is the Symantec Windows Secuirty Center and should be uninstalled as the rest of Norton has been uninstalled.
...

If you want Windows Messenger running then don't fix the O9 lines related to Windows Messenger.

The intermittent Wireless conection could be cause by the wireless router, check your User Guide for...

There are other tools that can be used to reveal stuff not shown by HijackThis. Running a RootKit scanner is rarely necessary. GetRunKeys and ISeeYouXP are two examples; both of which are developed...

I am not a novice at this. There are different schools of thought on appplying SP1a to Windows XP on an infected PC. Many of the Malware training centers teach to do this; appling patches to...

Yes the O9 lines belong to Windows Messenger, which should not be running in the background on a home PC, as this constitutes a security risk. The R1 lines are redirects to MSN and are totally...

OK, lets use a different utility.

Download the attached GetRunKey.zip to your Desktop. Then extract the contents of the ZIP file directly to your desktop. Double-click getrunkey.bat. It will...

Follow the procedures outlined in this ARTICLE (http://www.malwareteks.com/e107_plugins/forum/forum_viewtopic.php?35). Do not skip any steps. Post your logs as attachments, BACK HERE.

The version of Java installed on your computer is out-of-date. Install version 1.5.0_07 available from http://www.java.com/en/download/manual.jsp. Make sure you uninstall all older versions.
...

You appear to be running a completely unpatched, original Windows XP. This is a serious sercurity risk and if not update to SP2 and brought up2date your computer will get infected again.

DO NOT...

You are running an old version of HijackThis the current version is 1.99.1. Download the current version from HERE (http://downloads.malwareteks.com/HijackThis_1991.exe). This is a installer and...

The version of Java installed on your computer is out-of-date and represents a security risk. Install version 1.5.0_07 available from http://www.java.com/en/download/manual.jsp. Make sure you...

You are running HijackThis directly from your Desktop; this is not the preferred location. Move HijackThis to C:\Program Files\HJT; run HijackThis from this location.

You have 2 Antivirus...

GiPo@MoveOnBoot 1.9.5 (English), EXE-setup (644 Kb) (http://www.gibinsoft.net/gipoutils/bin/moveonb.exe)

Even though HijackThis is not directly on the Desktop; the location you are running it from is not the preferred location. Move HijackThis to C:\Program Files\HJT. This way it will be available to...

You are running HijackThis directly from the ZIP file; this is not desirable. UnZIP HijackThis to C:\Program Files\HJT and run it from this location.

You have 2 AntiVirus applications installed,...

You have 2 Antivirus applications installed on your computer; you only need 1. Having more than 1 AV application on your computer will cause conflicts and poor system performance; pick one uninstall...

Opps, beat me to it.

Your log is clean. You are running Norton, which is a resource intensive software suite; as well as Spy Sweeper and Ewido. These 3 applications when resident are going to put a huge demand on your...

If you mean these 2 files:

C:\WINDOWS\system32\SymNeti.dll
C:\WINDOWS\system32\SymRedir.dll

Don't delete them, both files belong to Norton.

Yes I am, my skills are a little too advanced for MRU; but I enrolled anyway.:) Never hurts too go back to the basics, sometimes.

D3m3nt3d is my partner.

@daddysla no WinPFind isn't...

Download WinPFind by OldTimer (http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip)


Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind on C:\ ....

I saw that but LSPFix only repairs the Winsock LSP chain. If Winsock XP Fix fails to resolve the issue, then there oither options; like manually rebuilding the WinSock. There could be other issues...

The WinSock may be broken.

Download and run Winsock XP Fix 1.2 (http://www.majorgeeks.com/download4372.html)

Hello,

Boot to Safe Mode, and uninstall Avast Anti Virus.

How to Boot to Safe Mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam)

By...