Pop ups killing me, ideas?

Unknown
edited July 2006 in Spyware & Virus Removal
Hello. I've got a pesky spyware(I guess it is) and I am getting bombarded by pop ups. I've run AdAware (Even though I clean all, I keep getting 'coolwebsearch' on re-scans...so this might be the problem) and Spybot (comes up clean), and am fully up to date with windows. I do not have an additional firewall (using windows XP firewall), but I will probably install one after gettting this sucker cleaned. I am very compter savvy and work in an IT support position so to have to admit I am beat by this thing sucks, but I'm getting tired of the pop ups. I've got XP's pop up blocker running now so it is under control, but I want it gone so I would appreciate the help if someone wants to give it. I run a really clean machine normally so whenever I've had a bug before it sticks out like a sore thumb. Not so this time. Let me know if anyone has any ideas.


Thanks,
Bill

Here is my HiJackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:22:09 AM, on 7/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Bill\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {47489CC3-B1AB-4414-A7D9-4A6380D819D8} (ConfigManager Control) - http://68.60.56.88/ConfigManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153485658984
O16 - DPF: {817444B5-4D12-4EEB-8E78-C547E84F80B6} (EngineManager Control) - http://68.60.56.88/EngineManager.cab
O16 - DPF: {E7B12A6B-341F-4765-A9EA-29A745916878} (ImageViewer Control) - http://68.60.56.88/ImageViewer.cab
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - D:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe

PS. I know that the WGA stuff is crap, and will kill it, but I don't think that is part of the problem. Correct me if I am wrong. I only let it install since I was trying to get TOTALLY up to date on updates.

Comments

  • chiazchiaz
    edited July 2006
    Please launch HijackThis and place a tick by the following entry:
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page
    Close all other windows and press "Fix Checked". Then close HijackThis and restart the computer.


    Please download, install, and update Ewido anti-spyware
    1. Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
    2. After the update finishes (the status bar at the bottom will display "Update successful")
    3. Close ewido. Do not run it yet.

    Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.
    • In Safe Mode, load Ewido and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
    • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
    • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
    • Restart back into Normal Mode.

    Please perform another scan with Hijack This, and then post back with a copy of the Ewido log and the new HijackThis log.
  • bmeyer1968
    edited July 2006
    Ok. I installed ewido and ran it in safe mode. Here is the log of that:
    ewido anti-spyware - Scan Report

    + Created at: 6:10:46 PM 7/23/2006

    + Scan result:



    HKLM\SOFTWARE\Classes\CLSID\{176407B4-E211-4E16-BFFA-63C50AA24B06} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    D:\WINDOWS\comsetup.log:zvrpic -> Adware.SearchPage : Cleaned with backup (quarantined).
    D:\WINDOWS\system32\dmonwv.dll_tobedeleted -> Downloader.Agent.agw : Cleaned with backup (quarantined).
    D:\WINDOWS\Greenstone.bmp:iyeng -> Downloader.Agent.bq : Cleaned with backup (quarantined).
    D:\WINDOWS\Q819696.log:ofnms -> Downloader.Agent.bq : Cleaned with backup (quarantined).
    D:\WINDOWS\SchedLgU.Txt:zspkv -> Downloader.Agent.bq : Cleaned with backup (quarantined).
    D:\WINDOWS\WMPrfKor.prx:rjfuek -> Downloader.Agent.bq : Cleaned with backup (quarantined).
    D:\WINDOWS\wmprfnor.prx:bwabw -> Downloader.Agent.bq : Cleaned with backup (quarantined).
    D:\WINDOWS\Gone Fishing.bmp:xazoz -> Downloader.Agent.kd : Cleaned with backup (quarantined).
    D:\WINDOWS\KB822603.log:zymqq -> Downloader.Agent.kd : Cleaned with backup (quarantined).
    D:\WINDOWS\KB840374.log:mbirm -> Downloader.Agent.kd : Cleaned with backup (quarantined).
    D:\WINDOWS\Santa Fe Stucco.bmp:mffrb -> Downloader.Agent.kd : Cleaned with backup (quarantined).
    D:\WINDOWS\_default.pif:nbvzd -> Downloader.Agent.kd : Cleaned with backup (quarantined).
    D:\WINDOWS\_default.pif:nnlya -> Downloader.Agent.kd : Cleaned with backup (quarantined).
    D:\WINDOWS\_default.pif:sjezn -> Downloader.Agent.kd : Cleaned with backup (quarantined).
    D:\WINDOWS\dahotfix.log:uzhoh -> Downloader.Agent.kd : Cleaned with backup (quarantined).
    D:\WINDOWS\doom3.ini:tcgzd -> Downloader.Agent.kd : Cleaned with backup (quarantined).
    D:\WINDOWS\rjfue.dat:urgaz -> Downloader.Agent.kd : Cleaned with backup (quarantined).
    D:\WINDOWS\win.ini:qmmpu -> Downloader.Agent.kd : Cleaned with backup (quarantined).
    D:\WINDOWS\wmprffra.prx:witxh -> Downloader.Agent.kd : Cleaned with backup (quarantined).
    H:\WarezP2P_TDL.exe -> Downloader.Small : Cleaned with backup (quarantined).
    C:\Drivers\Utilities\Game support\Homeworld Support.zip/Cataclysm/Cataclysm Trainer.zip/trainer.exe -> Dropper.Small : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@heritagegalleries.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@lawdepotcom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    D:\Documents and Settings\Christal\Cookies\christal@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@e-2dj6whl4gocpsgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
    D:\Documents and Settings\Christal\Cookies\christal@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    D:\Documents and Settings\Bill\Cookies\bill@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    D:\WINDOWS\DVDFab.INI:fskhd -> Trojan.Agent.bi : Cleaned with backup (quarantined).
    D:\WINDOWS\KB824141.log:syxvk -> Trojan.Agent.bi : Cleaned with backup (quarantined).
    D:\WINDOWS\_default.pif:cvflum -> Trojan.Agent.bi : Cleaned with backup (quarantined).
    D:\WINDOWS\_default.pif:fbgmx -> Trojan.Agent.bi : Cleaned with backup (quarantined).
    D:\WINDOWS\_default.pif:gnelv -> Trojan.Agent.bi : Cleaned with backup (quarantined).
    D:\WINDOWS\_default.pif:lkwnq -> Trojan.Agent.bi : Cleaned with backup (quarantined).
    D:\WINDOWS\iis6.log:pbkbb -> Trojan.Agent.bi : Cleaned with backup (quarantined).
    D:\WINDOWS\msmqinst.log:xclkj -> Trojan.Agent.bi : Cleaned with backup (quarantined).
    D:\WINDOWS\ulqma.dat:swxwo -> Trojan.Agent.bi : Cleaned with backup (quarantined).
    D:\WINDOWS\wmprfheb.prx:zinokz -> Trojan.Agent.bi : Cleaned with backup (quarantined).
    D:\WINDOWS\wmprfita.prx:pidkj -> Trojan.Agent.bi : Cleaned with backup (quarantined).
    C:\Drivers\Miscellaneous\Trial-Reset.v2.5.exe -> Trojan.LdPinch.abn : Cleaned with backup (quarantined).


    ::Report end



    Then I rebooted into normal mode and ran Hijack This, here is the latest log:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:16:22 PM, on 7/23/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Symantec AntiVirus\DefWatch.exe
    D:\Program Files\ewido anti-spyware 4.0\guard.exe
    D:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Symantec AntiVirus\Rtvscan.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\system32\MsgSys.EXE
    D:\PROGRA~1\SYMANT~1\VPTray.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\ewido anti-spyware 4.0\ewido.exe
    D:\Documents and Settings\Bill\Desktop\HijackThis.exe

    O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://neucitrix.neumannhomes.com/Citrix/ICAWEB/en/ica32/wficat.cab
    O16 - DPF: {47489CC3-B1AB-4414-A7D9-4A6380D819D8} (ConfigManager Control) - http://68.60.56.88/ConfigManager.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153485658984
    O16 - DPF: {817444B5-4D12-4EEB-8E78-C547E84F80B6} (EngineManager Control) - http://68.60.56.88/EngineManager.cab
    O16 - DPF: {E7B12A6B-341F-4765-A9EA-29A745916878} (ImageViewer Control) - http://68.60.56.88/ImageViewer.cab
    O20 - Winlogon Notify: NavLogon - D:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - D:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
    O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe


    I turned off the pop up blocker and I still appear to be getting the pop ups. I ran for about 3 minutes and the first one came up as I am typing this. When I re-ran ad-aware it came up with 2 hits on 'coolwebsearch' this time where there was only 1 before. I can re-run ewido but it took a long time so I thought I'd check back in for an update.

    The seemingly 'bad' registry entry that nothing seems able to work on is:
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_*008F__6Q*00D4*00F5*0013'*00AA*00B4*00C6*00D08]

    I even went in to safe mode (before starting this thread) and just tried to edit anything in that key...nothing would save there. I don't know if that helps, but both AdAware and ewido found this key...said it was coolweb....and both said they got it. Both were wrong.

    Thanks for any ideas at this point, other than just rebuilding. I wouldn't really mind doing that since I've been running this load for well over a year now, but I do NOT like admitting defeat.

    Bill
  • chiazchiaz
    edited July 2006
    Download and run CWShredder from its own folder.
    http://cwshredder.net/bin/CWShredder.exe
    Click Fix and then Next, let it fix everything it asks about.

    Then reboot and post another log.
  • bmeyer1968
    edited July 2006
    I ran the CWshred and it came up that there was no problem found.

    Here is the latest HiJack this log:

    Logfile of HijackThis v1.99.1
    Scan saved at 7:16:57 AM, on 7/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Symantec AntiVirus\DefWatch.exe
    D:\Program Files\ewido anti-spyware 4.0\guard.exe
    D:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Symantec AntiVirus\Rtvscan.exe
    D:\WINDOWS\system32\MsgSys.EXE
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\SYMANT~1\VPTray.exe
    D:\Program Files\ewido anti-spyware 4.0\ewido.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Documents and Settings\Bill\Desktop\HijackThis.exe

    O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://neucitrix.neumannhomes.com/Citrix/ICAWEB/en/ica32/wficat.cab
    O16 - DPF: {47489CC3-B1AB-4414-A7D9-4A6380D819D8} (ConfigManager Control) - http://68.60.56.88/ConfigManager.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153485658984
    O16 - DPF: {817444B5-4D12-4EEB-8E78-C547E84F80B6} (EngineManager Control) - http://68.60.56.88/EngineManager.cab
    O16 - DPF: {E7B12A6B-341F-4765-A9EA-29A745916878} (ImageViewer Control) - http://68.60.56.88/ImageViewer.cab
    O20 - Winlogon Notify: NavLogon - D:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - D:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
    O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe

    Ewido still shows the Coolweb as does AdAware, but neither can remove the entry. I'm going to assume that the entry is some non functioning item.

    I will run with the pop up blocker off and see what happens......Nevermind, there goes one.

    Any more ideas?

    Bill
  • chiazchiaz
    edited July 2006
    Hmmmm....go HERE.
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.
This discussion has been closed.