[window]

[problem]
a single popup from Adult Friend Finder.com


[programs used]
Ad-Aware SE
Hijack This
Spybot Search and Destroy
Spyware Blaster
DSO Stop 2
Bazooka


[hijack this log]
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\first\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot\SDHelper.dll
O4 - HKLM\..\Run: [SysMon] C:\windows\system32\mswkrwr32.exe


[spybot s&d log]
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\LSP.sbi
2004-11-29 Includes\Cookies.sbi
2004-12-01 Includes\Dialer.sbi
2004-12-02 Includes\Hijackers.sbi
2004-12-01 Includes\Keyloggers.sbi
2004-12-01 Includes\Malware.sbi
2004-11-29 Includes\Revision.sbi
2004-11-29 Includes\Security.sbi
2004-12-01 Includes\Spybots.sbi
2004-12-01 Includes\Trojans.sbi
2004-11-29 Includes\Tracks.uti


[progress]
adawareSE--scans clean

hijackthis--you tell me

spywareblaster--scans clean

bazooka--scans clean

spybot s&d--using this program i have (4) re-occuring DSO (data sorce object) files that get listed as possible exploit, removal function is used but files remain after reboot/re-scan popup persists

i follow procedure found on http://security.grey...om/adv/gm001-ie about setting registery zone value to (3) this solved nothing popup remains



this is seriously pissing me off What the... must i do short of reinstall to kill 1 freaking popup

[Advertisements]

What is your operating System? Win98 - WinME - WinXP Home or Pro
WinXP SP2

[ELP44]

What is your operating System? Win98 - WinME - WinXP Home or Pro
WinXP SP2

[window]

WIN XP pro sp2

[window]

just installed McAfee Security Suite Pro

found a few virus/adware programs running that none of my others had found ..popups still wont stop

[ELP44]

I Find Pop-Up Stopper Free virsion from Panicware to be of Great help.
You might wish to try it.

[admin]

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
O4 - HKLM\..\Run: [SysMon] C:\windows\system32\mswkrwr32.exe

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\windows\system32\mswkrwr32.exe

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working.