[Sick, sick Computer] -
Sick, sick Computer
Discuss Sick, sick Computer
Posted by: LAS1250
My daughter;s computer keeps getting infected with viruses and trojans. Pc-cillin doesn't clean them; neither does Noadware.
Any help would be appreciated!
Here's her log:
Logfile of HijackThis v1.98.2
Scan saved at 1:28:47 PM, on 12/2/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\winupdt.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AOL Companion\companion.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Allison Symos\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.comcast.net[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper100.dll
O2 - BHO: SDWin32 Class - {5FC8E5BB-AD5D-4EB6-B4AF-E30E3250DB4F} - C:\WINDOWS\System32\xyfoj.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [xyfojc] C:\WINDOWS\System32\xyfojc.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Help - {839083C1-5C6D-49CE-BAA4-3E97B107A90B} - [url]http://www.comcast.net/memberservices/[/url] (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {93649635-3E25-47B1-91F7-14513D68C6CC} - [url]http://www.comcast.net[/url] (file missing) (HKCU)
O9 - Extra button: Support - {D7E5EFD7-DB8C-4940-BC84-4A8DCD26643C} - [url]http://www.comcastsupport.com[/url] (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{53639490-5701-465A-8A6F-77EFF06F5F53}: NameServer = 205.188.146.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{53639490-5701-465A-8A6F-77EFF06F5F53}: NameServer = 205.188.146.146
Posted by: southernlady
LAS1250, I'm Liz and I will be reading your log.
Also you are running hijack this out of a temporary directory on your desktop. Can you please create a folder in "My Documents" or in My Programs but NOT on the desktop or in a temporary folder. That creates problems if you do. and name it Hijackthis unzip'Hijack This to that folder.
Then extract hijackthis into the folder you have created and run it from there. The reason for this is that Hijackthis backup files may be deleted if it is being run from a temporary folder.
Okay, do you have AdAware and/or Spybot istalled and have you run
them? And have you run a virus scan today? If so, what did it tell you?
If not, do a virus scan with your A/V and let us know what it says.
Then Please download Adaware from the link below first
[url]http://www.majorgeeks.com/download506.html[/url] Scan it with your A/V first, then Install it and & update it B4 scanning.
In settings under 'scanning,' have it set to 'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favorites for banned URL's,'
'scan my host's file.'
In 'tweaks' under 'scanning engine' set it to 'unload recognized processes
during scanning.' Also in 'tweaks' under 'cleaning engine' set it to
'Automatically try to unregister objects prior to deletion' & 'let Windows
remove files in use at next reboot.'
Select 'activate in-depth scan' before starting scan.
When the scan is finished select 'next.'
Remove what it finds by placing a check in the box to the left of the object.
Reboot
Download Spybot Search & Destroy.
[url]http://www.majorgeeks.com/download2471.html[/url]
Scan it with your A/V program before installing it.
Install the program and launch it.
Before scanning press Online and Search for Updates .
Put a check mark at and install all updates.
Click Check for Problems and when the scan is finished let Spybot fix/remove
all it finds marked in [COLOR=Red]RED[/COLOR].
Restart your computer, post another Hijack This log. Liz
Posted by: southernlady
LAS1250, Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"
[b]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url][/b]
[b]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url][/b]
[b]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
[b]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
[b]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
[b]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url][/b]
[b]R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=[/b]
[b]R3 - Default URLSearchHook is missing[/b]
[b]O1 - Hosts: 69.20.16.183 ieautosearch[/b]
[b]O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll[/b]
[b]O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper100.dll[/b]
[b]O2 - BHO: SDWin32 Class - {5FC8E5BB-AD5D-4EB6-B4AF-E30E3250DB4F} - C:\WINDOWS\System32\xyfoj.dll[/b]
[b]O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll[/b]
[b]O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll[/b]
[b]O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[/b]
[b]O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe[/b]
[b]O4 - HKLM\..\Run: [xyfojc] C:\WINDOWS\System32\xyfojc.exe[/b]
[b]O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe[/b]
[b]O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"[/b]
[b]O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm[/b]
[b]O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm[/b]
[b]O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm[/b]
Restart to safe mode. [url]http://service1.symantec.com/SUPPOR...001052409420406[/url]
Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"
Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"
Now find and delete these files:
C:\Program Files\[b]Support.com\bin\tgcmd.exe[/b]
C:\Program Files\[b]Viewpoint\Viewpoint Manager\ViewMgr.exe[/b]
C:\Program Files\[b]Web_Rebates\WebRebates0.exe[/b]
C:\WINDOWS\System32\[b]winupdt.exe[/b]
C:\Program Files\[b]Web_Rebates\WebRebates1.exe[/b]
Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Go to Start > Run and type %temp%in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
Then go to Add/Remove programs:
We are getting rid of this entry:
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe
Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> [b]Add/Remove Programs/cleaneahtioga /start[/b]
Empty the Recycle Bin
Then post another log. Liz
Posted by: LAS1250
Thank you Liz for your help! My daughter's computer is with her at college. We moved the program to the main drive in a folder. She ran HT again and new items came up. She will post the new log now before she proceed with anything else. Thank you again.
Posted by: southernlady
Glad I could help...once we get it clean, I'll tell you how to tighten the security on the computer and suggest an alternate browser that will help keep her computer from getting these things, okay? Liz
Posted by: Ali7
Hi Liz, thanks so much for your help! I'm the one with the sick computer. Here is my lastest log.
Logfile of HijackThis v1.98.2
Scan saved at 8:35:01 PM, on 12/2/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\AOL Companion\companion.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\winupdt.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\antispyware\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.comcast.net[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url]http://websearch.drsnsrch.com/sidesearch.cgi?id=[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper100.dll
O2 - BHO: SDWin32 Class - {5FC8E5BB-AD5D-4EB6-B4AF-E30E3250DB4F} - C:\WINDOWS\System32\xyfoj.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [xyfojc] C:\WINDOWS\System32\xyfojc.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Help - {839083C1-5C6D-49CE-BAA4-3E97B107A90B} - [url]http://www.comcast.net/memberservices/[/url] (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {93649635-3E25-47B1-91F7-14513D68C6CC} - [url]http://www.comcast.net[/url] (file missing) (HKCU)
O9 - Extra button: Support - {D7E5EFD7-DB8C-4940-BC84-4A8DCD26643C} - [url]http://www.comcastsupport.com[/url] (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{53639490-5701-465A-8A6F-77EFF06F5F53}: NameServer = 205.188.146.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{53639490-5701-465A-8A6F-77EFF06F5F53}: NameServer = 205.188.146.146
Posted by: southernlady
Have you done the fixes as I suggested? Liz
Posted by: LAS1250
Liz-
We're at this point:
Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
The files won't delete
Also, should she have disabled sys restore first?
Posted by: southernlady
Yes, and I forget to mention that.
Okay, let's see if we can get the temp files removed another way. Liz
Posted by: LAS1250
We moved on and are at the last point of:
Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove via Start -> Settings -> Add/Remove Programs/cleaneahtioga /start
We can't see an entry like this in add/remove. Can she do it in My Computer?
Posted by: southernlady
Her problem may be that they are Read Only, so I want her to go and download this file:
[url]http://www.kellys-korner-xp.com/xp_tweaks.htm[/url] # 135
If that one doesn't work try this one:
[url]http://www.snapfiles.com/get/achanger.html[/url]
And if that one doesn't work try this one:
[url]http://www.webattack.com/get/moveonboot.html[/url]
One of the three SHOULD work on that folder. Liz
Posted by: southernlady
If it's not in the Add/Remove, do it from the HiJack log. Liz
Posted by: LAS1250
can we run HT in safe mode or reboot?
Posted by: southernlady
You can run it in safe mode. Liz
Posted by: LAS1250
and do we need to reboot, disable sys restore, then do these steps again... or post another log first?
Posted by: southernlady
Disable System Restore, do these steps, then reboot and post another log. Liz
Posted by: LAS1250
Liz,
I thin everything looks good now. She's run some scans with HT and NoAdware and everthing is clean. She's running pc-cillin now. Thanks so much for your help!
Posted by: southernlady
Okay, well I'm heading to bed if she wants to post one last log to verify it , I'll check it in the morning.
I'm glad we got it clean. Liz
Posted by: Ali7
Hi Liz, I ran PC-cillin and it told me I still have 6 viruses. Here is what it said:
TROG_AGENT.FL
polall1r.exe(C:\Recyclers\S-1-5-21-193...
This came up 3 times and in between each, there was a virus that had been quarantined with the address of:
C:\Recycler\S-1-5-21-1935655697-60
I'm not sure if you need to know all this, but I figured I'd let you know. I also ran NoAdware and it came up clean.
Here's my latest scan results, thanks again!!
Logfile of HijackThis v1.98.2
Scan saved at 11:54:03 PM, on 12/2/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AOL Companion\companion.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\antispyware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.comcast.net/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.comcast.net[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Help - {839083C1-5C6D-49CE-BAA4-3E97B107A90B} - [url]http://www.comcast.net/memberservices/[/url] (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {93649635-3E25-47B1-91F7-14513D68C6CC} - [url]http://www.comcast.net[/url] (file missing) (HKCU)
O9 - Extra button: Support - {D7E5EFD7-DB8C-4940-BC84-4A8DCD26643C} - [url]http://www.comcastsupport.com[/url] (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url]
Posted by: southernlady
Did you follow PC-cillin's advice as far as getting rid of those viruses? Quarentining them is fine but deleting them is better.
Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"
[b]O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl[/b]
[b]O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll[/b]
Then post another log. Liz
Posted by: LAS1250
Liz,
Ali is in class now, but we'll work on this this afternoon.
Should she disable sys restore before running pc-cillin and HT?
Last night, I had her run pc-cillin updates with sys restore on, then she disabled it to scan. I haven't spoken to her after the last scan, but I doubt she did anything yet about the trojan. We've tried following pc-cillin's directions to manually remove this before without success.
I wonder why NoAdware didn't pick up the trojan this time. I think it did before.
This would be a lot easier if her computer was home and I could work on it. We really appreciate your patience in this 3 way conversation!
Posted by: southernlady
NoAdware isn't a good product to use: [url]http://www.spywarewarrior.com/rogue_anti-spyware.htm#products[/url] altho it HAS come off the list of rouge products.
If you want a list of good ones, check here:
[url]http://lists.gpick.com/pages/Spyware_Tools.htm[/url] or here:
[url]http://www.majorgeeks.com/downloads31.html[/url]
Either one will give you a good listing and then check against the page I gave you: [url]http://www.spywarewarrior.com/rogue_anti-spyware.htm#products[/url]
She needs to keep system restore disabled until her computer is clean. She could be reinfecting herself. Liz
Posted by: Ali7
Hey Liz, when I was at class, my computer ran a PC-cillin scan and it said I didn't have any viruses this time. Does this mean my computer's clean now? I deleted those that you told me to delete after running the Hijack This and here is my current log. Thanks for your help!
Logfile of HijackThis v1.98.2
Scan saved at 12:21:05 PM, on 12/3/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL Companion\companion.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\antispyware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.comcast.net/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.comcast.net[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Help - {839083C1-5C6D-49CE-BAA4-3E97B107A90B} - [url]http://www.comcast.net/memberservices/[/url] (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {93649635-3E25-47B1-91F7-14513D68C6CC} - [url]http://www.comcast.net[/url] (file missing) (HKCU)
O9 - Extra button: Support - {D7E5EFD7-DB8C-4940-BC84-4A8DCD26643C} - [url]http://www.comcastsupport.com[/url] (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url]
Posted by: southernlady
Ali7, sorry it took so long to get back to you but I had a Christmas party yesterday along with some errands. Anyway, your log is clean.
Now, do this:
This article will be posted soon but here is what we recommend:
How did I get infected in the first place
This advice is reposted from the advice given by Tony Klein, the acknowledged spyware & malware expert who supports many forums on the net.
I have added a few minor updates to it
You usually get infected because your security settings are too low.
Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:
1) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself.
2) Go to IE > Tools > Windows Update > Product Updates, and install ALL Security Updates listed.
It's important to always keep current with the latest security fixes from Microsoft. Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.
3) Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.
Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.
So why is activex so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?
And some more advice:
4) Install Javacool's SpywareBlaster [url]http://www.majorgeeks.com/download2859.html[/url] It will protect you from all spy/foistware in it's database by blocking installation of their ActiveX objects.
Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)
Press "select all", then "kill all checked", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so.
Let's also not forget that SpyBot Search and Destroy [url]http://www.majorgeeks.com/download2471.html[/url] has the Immunize feature which works roughly the same way.
It can't hurt to use both.
5) Another brilliant program by Javacool we recommend is SpywareGuard. [url]http://www.majorgeeks.com/download3045.html[/url]
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard. It now also features Download Protection and Browser Hijacking Protection!
6) IE-SPYAD [url]https://netfiles.uiuc.edu/ehowes/www/resource.htm[/url] puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
7) The IE hosts [url]http://mvps.org/winhelp2002/hosts.htm[/url] file blocks ads, banners, cookies, web bugs, and even most hijackers. This is accomplished by blocking the Server that supplies these little gems.
Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by the DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements.It Now includes most major parasites, hijackers and unwanted Search Engines!
In many cases this can speed the loading of web pages by not having to wait for these ads, banners, hit counters, etc. to load.
This also helps to protect your Privacy by blocking servers that track your viewing habits, known as "click-thru tracking".
However as time has progressed the focus of this project has changed from blocking ads/banners to protecting the user from the many parasites that now exist on the Internet. It doesn't serve much purpose if you block the ad banner from displaying, but get hijacked by a parasite from an evil script or download contained on the web site. The object is to surf faster while preserving your Safety, Security and Privacy.
Incidentally, another site with an enormous amount of information on computer security, and which is well worth a visit is [url]http://www.wilders.org/[/url]
Finally, after following up on all these recommendations, why not run Jason Levine's Browser Security Tests. [url]http://www.jasons-toolbox.com/BrowserSecurity/[/url]
They will provide you with an insight on how vulnerable you might still be to a number of common exploits.
If you are using XP or windows 2000 or 2003 then this application will also help a lot to prevent hijacking
[url]http://www.prevx.com/default.asp[/url]
And make sure your Antivirus and firewall is switched on and kept updated.
I hope NOT to see you in THIS forum again :) Liz
Posted by: Kaniver
Liz I just wanted to jump in and tip my hat to you for being such a helpfull person. It's your kind that make this forum such a great place to be.
One quick question. Do you recommend that windows restore be disabeled as a usual practice? I normally do because of the space is saves and the problems it seems to have a potential to cause.
Also I recently installed diskkeeper and I have to say I really like this program. Like you I rarely recommend software but this one is a keeper. It sorta massages your HD......lol
Keep that helpfull attitude...I like it!
Posted by: southernlady
Kaniver, I try to but there are some windows systems where you can't. and thanks for such kind words. I try to help. Some I can't cause I don't have the knowledge yet but I'm working on it. Liz
Posted by: LAS1250
Liz,
Thank you for all your help. Ali is cramming for finals. I'm sure she'll be along to thank you herself once she's got some time.
I'm going to follow your suggestions for my computer, too!
Posted by: southernlady
Here is one for everyday that will also be posted soon.
[quote][b][u]Normal maintenance[/u][/b]
Run regular maintenance on your PC...just as you would keep your house clean, your PC runs better when it's organized as well.
1) Use Disk Clean up and get rid of unneeded files. Compress old ones
2) Go thru your Add/Remove program and get rid of anything you haven't used lately, esp if you have the disk for it and can reinstall it or download it at a later date should you decide you want it again. Just letting it sit on your hard drive taking up space is ridiculous if you aren't using it.
3) Run the Disk Defrag on a periodic basis. If you have Norton Systemworks, set it up so that you can see how degragged your computer is and let it tell you when to defrag.
4) Remember to do a drive check every so often. You do this going to MY COMPUTER then SELECT YOUR DRIVE(C) right click it and go down to PROPERTIES on the pop up box select the second tab along TOOLS and click the top box CHECK ERRORS NOW.
And then ALWAYS. ALWAYS download and install any Critical Updates that Windows lets you know about. If you don't have your configuration set so that it will tell you and you aren't in the habit of checking periodically (like every other day) then set it so that
Windows WILL let you know there is a Critical Update. This step is an absolute necessity. SP2 is the exception to the rule, I still haven't done that one.
Then go and download these FREE programs:
1) Ad-aware [url]http://www.majorgeeks.com/download506.html[/url] (removes all adverts and ad self launch programs,feed up with pop ups get it)
2) Spy-bot [url]http://www.majorgeeks.com/download2471.html[/url] (same as ad-aware but always better two have two in this case because they'll double check everything)
3) AVG free [url]http://www.majorgeeks.com/download886.html[/url] (ok for basic scan but know not to detect major viruses) or Avast Home Edition: [url]http://www.majorgeeks.com/download1968.html[/url]
4) Zone Alarms [url]http://www.majorgeeks.com/download388.html[/url] (has a free and a paid version)
5) Sygate [url]http://www.majorgeeks.com/download3356.html[/url] (Has a free and a paid version or see the other firewall option
6) A Popup Blocker if your ISP doesn’t come with one:
[url]http://lists.gpick.com/pages/Ad~PopUp_Tools.htm[/url]
This one has been recommended by a number of people here on this web site: Google Toolbar [url]http://www.google.com[/url] (Can only be used with IE tho)
And this one, I have personal experience with and is excellent. It can be used with ANY browser:
POW [url]http://www.analogx.com.[/url]
Then you should download:
1) An Antivirus program:
Avast Home Edition: [url]http://www.majorgeeks.com/download1968.html[/url]
AVG free [url]http://www.majorgeeks.com/download886.html[/url]
Norton 2004 or 2005 [url]http://www.norton.com[/url] (a good professional antivirus,always as up to date virus definitions)
Panda Titanium [url]http://www.pandasoftware.com[/url] (another good one but slightly slows down computer applications etc)
AVG 7 pro [url]http://www.grisoft.com/us/us_index.php[/url] (again its ok but i found that it takes slightly longer for virus definitions to come out)
2) There are two other Firewall options:
Norton firewall [url]http://www.norton.com[/url] (good again stops a lot of unwanted internet activity but does become annoying if your have Bearshare, Kazaa etc installed)
Kerio [url]http://www.kerio.com/kpf_home.html[/url]
3) For making copies of your hard drive (good if you need to transfer your hard drive contents or if your hard drive keeps crashing.:
Norton Ghost: [url]http://www.norton.com[/url]
Drive image [url]http://www.r-tt.com[/url] (a software program that makes a up to date recovery point separate from system restore,good if you know your computer keeps crashing)
4) For fixing Registry and disk problems:
PC Bug Doctor [url]http://www.pcbugdoctor.com[/url] (corrects many problem but not deep registry ones)
PC Doctor Oncall [url]http://www.pcdocrx.net/cgi-bin/view...2004/index.html[/url] (does full system check fixes almost any problems)
Ashampoo WinOptimizer Platinum Suite 2
[url]http://www.ashampoo.com/[/url] (Drive Cleaner, Registry Cleaner, Internet Cleaner, DLL Cleaner,
Internet Tuner, StartUp Tuner, File Wiper, and File Associator. Free up valuable space on your hard drive. Speed up general system performance.)
Norton Systemworks 2003 or 2004: [url]http://www.norton.com[/url]
For a good listing of all this, go to: [url]http://www.wilders.org/[/url]
I hope this list helps.[/quote]
You also might want to consider an alternate browser like Firefox. If you do, let me know and I will be glad to help with the plugins and extensions. Liz
Posted by: LAS1250
Again, Liz, thanks. You'll keep me so busy with maintenance, I won't have time for my games...lol.
I know you don't like NoAdware, so I guess I'll ditch that one. I downloaded AdAware SE. Do you suggest the default settings?
I also use Ace Utilities... any concerns with that program?
Posted by: southernlady
The settings we use here on AdAware SE that were very detailed are my NORMAL settings, LOL.
As for Ace Utilities, I see nothing to concern me...in fact I saw a good rating at Spywareinfo.com the home of the HiJack log people. Liz