wextract_cleanup0

I would deny the process like advised. Not perminitly, just do it the first time, if all our normal programs are working fine you can deny if perminitly next time it tries. In the mean time I would equipt yourself with some nice tools to protect yourself:

Removal:

*** Turn off System Restore (Windows XP) ***

1) Run a FREE online virus scan, http://housecall.trendmicro.com/housecall/start_corp.asp   - Even though you hopefully already have a virus scanner, it’s always nice to get another opinion.

2) Adware Personal SE: http://files3.majorgeeks.com/files/c3cbd51329ff1a0169174e9a78126ee1/spyware/aawsepersonal.exe  - be sure to run the update after you have completed the install.

3) CWSheddar - http://files3.majorgeeks.com/files/c3cbd51329ff1a0169174e9a78126ee1/spyware/cwshredder.exe  - This is good to run just to make sure.

4) HiJackThis - which you’re already have, so just post log to site I gave you above to make sure the other products didn't miss anything.

If hijack this looks ok, reboot and move along to PREVENTION.

Prevention:

1) Virus software: If you have money buy, Kaspersky, www.kaspersky.com , otherwise go with: AVG 7.0 FREE - http://free.grisoft.com/freeweb.php/doc/2/ . Kaspersky is extremely useful for it blocks malicious scripts from the web, which a large percent of spyware comes from, also has definitions for adware/riskware/malware/etc.

2) Software firewall: Sygate Personal Firewall: http://smb.sygate.com/download_buy.htm - both a Pro version for money, or use the free edition. This is user friendly and one of the only software firewalls that prevent .DLL injection, which is commonly used with trojans/keyloggers.

3) Run windows updates to make sure you are fully patched. Also might want to try: http://www.microsoft.com/technet/security/tools/mbsahome.mspx - great to to analyze your system. You'd want to run this as soon as you plug into the internet.

4) Spyware Blaster - http://www.javacoolsoftware.com/spywareblaster.html
This is great for blocking dialers and other spyware form accessing your computer. Works with both IE & Mozilla and updates and free as well. Doesn't have to be running, just install, updated, "enable all protection" and follow those steps once a week or so.

5) Always a good idea to have a backup browser, these days tons of exploits are publically released against Internet Explorer. I'd check out Firefox: http://www.mozilla.org/products/firefox/

Additonal clean up:
CCleaner - http://www.majorgeeks.com/download.php?det=4191
This program will clean out, temp, temp internet files, all the other junk that sites around on the computer, will help performance.

RegCleaner - http://www.majorgeeks.com/download.php?det=460
This program will remove any missing or invalid registry entries as well as perform a complete backup of changes you made. Very nice addition to system maintainance.

Conclusion:
With these programs I’m confident this resolve your issue. I use these same programs on a daily basis and have yet to be let down. Please don’t hesitate to reply with any questions or concerns. I’ll also provide you with a few link resources to keep up to date on daily threats!

Resources/References:
SANS Institute:
http://isc.sans.org/
This site has a daily diary that keeps on top of all the latest threats. I live by this site. If you a real security freak, you can get the system tray icon at: http://www.labreatechnologies.com/ISCAlert.zip

McAfee Portal Site:
http://myavert.avertlabs.com/myavert/default.aspx?index=1
Great to see the latest virus/exploit threats on a daily level, which is the most active, etc.

Analyst's Diary (virustotal.com)
http://www.viruslist.com/en/weblog

Congrats and good luck,

Jorden
Tech-Security

It depends on what he was doing when the message appeared.  If he was installing software that needs to make system modifications after a restart, but before Windows starts, he should allow it.

Hi!

It's a legitimate Windows program.
Part of Media Player, Visual Studio, . Net framework, etc.

RF

Also of Norton Antivirus!!