whatnext?

I like Sygate, but the problem I am having is that the user interface does not usually seem to load automatically at startup. I think the program may run in the background unseen, but it is disturbing that I have to run the program manually to see the interface. It used to load automatically, though it was always slow to do so. That is why I am thinking of switching. Also, the interface only shows on the user who logs in first. That can be an inconvenience, though on the other hand, since I usually am the first to log in, it keeps other users from allowing things to access the internet, so maybe it is actually safer! I think I will try something else... probably Comodo or Online Armor. Tried ZA free once and hated it. Couldn't make heads or tails of it, couldn't get it to behave. Sygate seems easier. I am not very knowledgeable about FW's.

Yay! I installed SP3 (from the big download). I had MS tech support on the phone with me, in case I experienced problems, but I didn't. Haven't yet tested all programs and peripherals, but I haven't noticed any adverse effects yet. Thank you for all the help! I will give it about a week, to make sure all is working well, then will switch from Sygate to a different FW. (Is there a reason you recommend Online Armor free over Comodo free?) After all the scans we've run, I feel comfortable whitelisting all my current programs. Oh -- I re-enabled Tea Timer. Do you think that should be ok, or will in conflict with my other anti-malware (WinPatrol free, Windows Defender, a-squared anti-dialer free)? That should bring us to the end of this thread -- thanks again!!!

Spybot 1.6.2 found 5 problems, all Firefox bookmarks on a limited user acct. One bookmark was labeled "Aornum", and was from newfb.iwon.com. Four bookmarks were labeled "Spywareinfo.TrafficZ", and were from spywareinfo.com. I let Spybot fix all of these (though I thought maybe the latter were FP's?). Do you think it is necessary to re-run all the backups? (I would rather not...) I tend not to use my bookmarks much these days (other than the ones on my bookmarks toolbar. I usually just search Google again or use my Zotero snapshots. Spybot didn't find any Zotero problems.

Thank you. I believe my latest ASR backup creation worked. And I used Syncback to copy all user data to the external drive, too. I have just installed SpyBot 1.6.2, and will do a full scan. If there is a problem, I will post back here. Otherwise, I am ready for SP3. Thanks very much for all the help.

Thank you so much for all your help. I have not installed SP3 yet because I am having trouble getting a good backup. Tried 2ce yesterday. First time, chose backup option "backup up everything on this computer". Well, it tried to recursively backup the external drive I was backing up to! (I'd had this happen once before, but had forgotten.) So that didn't work -- drive filled up. Second time, tried using ASR wizard. Wasn't sure exactly which files it was backing up. But when it finished 2-3 hrs later, it seemed like it had tried to copy the c: drive, as I desired, and it prompted me for the floppy for the system files. (I have borrowed a floppy drive.) Problem is, according to the log, the backup failed: The operation did not successfully complete. Log did not specify a reason, but backup time was given as less than 10 min. However, there is a 70GB backup file on the external drive. Ugh... Will try again later. Might try using Macrium Reflect for the first time, if I can figure out how to make the BartPE boot diskette. Will post to PC Help forum if I have problems.

I have NoScript and AdBlock Plus installed. And I do use ERUNT. I had been using CCleaner registry cleaner pretty regularly -- guess I've just been lucky that it never screwed things up. Hoping to make more progress toward SP3 today...

Regarding the links you provided -- F-Secure Health Check reminded me that Spybot teatimer is turned off. Should I turn it back on? I wasn't 100% clear on how to use the hphosts site. I assume I need to download some file? I looked up one of my email providers (myway.com), and found out they are supposedly engaged in malware distribution (EMD). That was news to me -- bad news, since I have several yrs worth of correspondence on their server, and it will be hard to leave that behind! How reliable are these assessments, do you know? I have downloaded (but not yet installed) sitehound for both FF and IE. (I also recently added the web-of-trust (WOT) add-on to Firefox.) Before installing SP3, I still need to run Detect and Repair for Word, maybe another AV scan, do an incremental backup (or a new ASR backup), and toggle System Restore, And maybe run CCleaner again. Is it okay to use it to clean the registry, if I back up the changes first? Will try to get SP3 installed tomorrow or the next day. I downloaded the big version (about 20 min with DSL).

Here is the log from my Kaspersky online scan: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Friday, February 13, 2009 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Friday, February 13, 2009 23:24:18 Records in database: 1794250 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Files scanned: 252165 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 03:49:54 File name / Threat name / Threats count C:\Documents and Settings\(ADMIN_USER)\My Documents\downloaded files\a2AntiDialerSetup.exe Infected: not-a-virus:RemoteAdmin.Win32.Rejoice.l 1 The selected area was scanned. ---------- END OF KASPERSKY REPORT ----------------------------- I am guessing this is a false positive. I do have a-squared anti-dialer installed, and I do still have the installer, but I've had it there since 2007, and it's never been picked up as infected before, either by previous Kaspersky scans or any other scans. I could, of course, delete it. I just keep things so that I can see what I've installed and when. I uploaded the suspect file to jotti.org. -----JOTTI RESULTS -------- Service load: 0% 100% File: a2AntiDialerSetup.exe Status: INFECTED/MALWARE MD5: f7a634dc30e5bcdcf2d67cef45c9bc85 Packers detected: PE_PATCH.UPX, UPX Scanner results Scan taken on 14 Feb 2009 04:04:52 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found MULDROP.Trojan (probable variant) F-Prot Antivirus Found nothing F-Secure Anti-Virus Found not-a-virus:RemoteAdmin.Win32.Rejoice.l (6, 2, 606) G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found not-a-virus:RemoteAdmin.Win32.Rejoice.l NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing ------- END JOTTI RESULTS ----------- If you think this is a false positive, then I guess I am about ready to download and install (the BIG) SP3! I will toggle System Restore and do an incremental backup first. Thank you for the links to the ani-malware programs. I have Spyware Blaster and WinPatrol, but I will add the others. I have Secunia PSI installed, and I will try the F-Secure Health Check. I think I should also check my FW, both before and after switching from Sygate to Comodo or Online Armor. (I had been planning on using Comodo free, but I see you are recommending Online Armor free.) Thank you so much for all the help and instruction. I learned about some new programs (some of which I will not run on my own!) and feel my system is probably cleaner and better tuned than ever. And I feel a lot more secure about installing SP3 now. Thanks for all your time.

Can you please leave the thread open until I get the AV scan results (later today, I expect)? Thanks!

Re-installed Java. Thanks for the link and instructions. In the future, when updating Java, should I uninstall the older version before installing the newer version? I had been installing over the old, then removing the older version. (And it took me awhile to learn that you needed to uninstall the old versions -- initially, I thought maybe the new depended on the old -- so when I learned you were supposed to uninstall, I had a bit of a backlog.) Thank you again!

Just curious about one thing -- if I am using FF (with the NoScript extension) -- and if I am very careful about email attachements -- how did I get the infections I mentioned in my post yesterday? Did I inappropriately allow some site in NoScript that was not as safe as I thought it was? I hope I am not straying too far off topic here --- but if you have a link to a page which suggests IE security settings for the Internet Zone, I'd appreciate it. I never use IE (except for Windows Update) if I can avoid it. So I used to have my Internet zone setting set for really high security, so that no site would work unless I put it in my trusted sites zone. But I think maybe one of IE updates I installed yesterday moved my Internet zone settings back to medium high (and my Trusted Sites to medium). Although maybe that's ok? Also, I often have a cookie problem in IE. If I want to use a site, and I have to allow cookies, I add the site to the list of sites allowed to leave cookies. But that never seems to work --it usually still tells me that I have to allow cookies. And sometimes when the information bar opens and says click here if you want to allow whatever, and then I click, and it still tells me click here to allow... I guess I've just become inexperienced with IE, since I use FF nearly exclusively.

Sorry, haven't had a chance to run an online AV scan yet. High winds tonight, so don't want to run it overnight. (Already lost power once today.) Should be able to get to it tomorrow. Meanwhile, mouse died again, so I plugged in my new mouse. Installed the Logitech Setpoint software. Now I have even more stuff running at startup. And when I patched QuickTime, it also added a startup. Can you please tell me the best way to control startups (if the program itself doesn't give you an option) -- should I use Windows Defender or WinPatrol or something else? Do all these programs really need to be running all the time? Someone should invent a "close all apps" app, so you don't have to waste time exiting each one when you want to install software or run a scan. I also installed the MetaFrame Presentation Server Client (Plug-in) and Citrix Presentation Server Client. When I get to the point of installing SP3, in additon to closing AV and other security programs, should I close Sygate FW? If yes, should I turn Windows FW on? Thanks -- back soon with the results of the AV scan.

Ugh, I see what you mean about Search 4.0. And I do hope you can't search across users (from a non-admin acct). I don't suppose there is any going back? I will reinstall Java, and run one more AV scan. I'll let you know what is found. I followed the link you gave for SP3. It's a bit disconcerting to have it say in all caps: DO NOT CLICK DOWNLOAD IF YOU ARE UPDATING JUST ONE COMPUTER. But if you're sure that is the best way to do this... It does seem iffy to try to download such a huge patch from Windows Update. (I see it's 1-3 hrs, depending on your DSL speed -- I don't know mine.) Is it going to ask me for input as I install it? Will I have to make any choices? If yes, maybe I should have a MS tech support person standing by. Will it reboot multiple times? If yes, do I just log back into the admin acct each time? Thanks!

Thank you for the link. As far as I can tell, I am not having any malware symptoms. The last known infections I had were (from most recent to furthest back): 1. Trojan.DNSChanger (detected and removed by Malwarebytes quick scan on 12-25-08). 2. Trace.Directory.Berm.Amazon Toolbar!A2 (detected by a-squared free smart scan on 12-25-08). I thought this might be related to Amazon's MP3 Downloader, which I had just installed. (Also, I had experienced a BSOD after the install, but possibly that was caused by connecting my mp3 player for the first time - it hasn't happened since.) I uninstalled the MP3 Downloader, and the toolbar is no longer detected. 3. AdWare_MEMWATCHER (detected by TrendMicro Housecall online scanner on 11-25-08) - After Googling, I decided the AdWare_MEMWATCHER might be a false positive related to SpyBot's Host file immunization program, so I didn't do anything about it. When I uploaded my HOSTS file to the jotti.org online scanner, ArcaVir found Adware.Softomate.K, CPSecure found Troj.W32.Qhost.ajk, but no other scanners detected anything. So I decided to treat all of these as false positives, and ignore them. 4. Heuristics.Reserved.Word.Exploit (detected by Malwarebytes quick scan on 11-25-08). Wasn't sure what to do with this, because I didn't want to be too quick to delete a system file (C:\Windows\system32\SMSS.TMP). So I started running other scans, found the problems listed above, some of which were probably false positives, but which distracted me so much that I forgot to do anything about this! Meanwhile, it is no longer being detected.... If these are all gone (or innocent), then hopefully my system is clean. Maybe I should re-run SpyBot, Ad-Aware, and maybe the a2-free quick scan? And maybe Kaspersky online or ESET NOD32 online? (I've never be able to get NOD32 to run yet -- I tried adding it to trusted sites in IE7, but that didn't work, and my security settings are too high.) OR maybe I should just leave well-enough alone, since I don't seem to have symptoms??? If I run enough scans, I'm likely to find something else! Today, I ran Windows Update and installed some high priority patches (but not SP3). I also installed two optional patches, a root certificate update and Windows Search 4.0 for Windows XP. (This last means I have another program running at startup. I don't know if that's a good thing, but I thought maybe it would speed up the Windows Search function.) I will also do the Detect and Repair option to try to solve my Word crashes. Do you think I am ready to re-install Java? And am I ready for SP3? Microsoft is offering free help with the SP3 install (and it makes me nervous that they feel they need to do this). Do you think I should I take them up on that, or just install it through Windows Update? Thanks very much, again.

And here is my RootRepeal log: ROOTREPEAL © AD, 2007-2008 ================================================== Scan Time: 2009/02/10 12:45 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB6531000 Size: 98304 File Visible: No Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF79B5000 Size: 8192 File Visible: No Status: - Name: giveio.sys Image Path: giveio.sys Address: 0xF7A50000 Size: 1664 File Visible: No Status: - Name: hiber_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS Address: 0xF799F000 Size: 8192 File Visible: No Status: - Name: mchInjDrv.sys Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys Address: 0xB38FB000 Size: 2560 File Visible: No Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB40C9000 Size: 45056 File Visible: No Status: - Name: speedfan.sys Image Path: speedfan.sys Address: 0xF798F000 Size: 5248 File Visible: No Status: - Name: uphcleanhlp.sys Image Path: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Address: 0xB3E9F000 Size: 6752 File Visible: No Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! SSDT ------------------- #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xbaf22b30 #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb65796b8 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6579574 #: 053 Function Name: NtCreateThread Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xbaf226f0 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6579a52 #: 066 Function Name: NtDeviceIoControlFile Status: Hooked by "IPVNMon.sys" at address 0xf7850b23 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb657914c #: 108 Function Name: NtMapViewOfSection Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xbaf22470 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb657964e #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb657908c #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb65790f0 #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xbaf22c50 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb657976e #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb657972e #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb65798ae #: 249 Function Name: NtShutdownSystem Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xbaf22990 #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xbaf228d0 #: 263 Function Name: NtUnloadKey Status: Hooked by "C:\WINDOWS\system32\Drivers\uphcleanhlp.sys" at address 0xb3e9f63c #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xbaf22d60

Here are my MBAM and HJT logs. I will run RootRepeal later today. *************** MBAM quick scan ************** Malwarebytes' Anti-Malware 1.33 Database version: 1742 Windows 5.1.2600 Service Pack 2 2/10/2009 9:51:29 AM mbam-log-2009-02-10 (09-51-29).txt Scan type: Quick Scan Objects scanned: 67734 Time elapsed: 3 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ***** END MBAM QUICK SCAN ***** **************************** ****** HJT LOG *************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:53:40 AM, on 2/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Strokeit\strokeit.exe C:\Documents and Settings\(ADMIN_USER)\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\a-squared Anti-Dialer\a2service.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Macrium\Reflect\ReflectService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.bitdefender.com O15 - Trusted Zone: http://*.lavasoft.com O15 - Trusted Zone: http://*.windowsupdate.com O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...wlscbase969.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185414703250 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37540.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 10753 bytes

Oh, and regarding using Detect and Repair for Word...I understand you need to have your Word installation discs available. I have a set of CD's supplied by Dell that came with my computer. They contain MS Works Suite 2003, and Disc 1 of the set contains Microsoft Word 2002. So if Detect and Repair wants my original installation disc, will that work? I'm worried because it is so old -- pre-SP1, I believe (certainly pre-SP2), and many, many patches out-of-date. I am always a little worried that my original installation disc's won't be recognized/usable.

Thanks for the suggestions. I wasn't actually trying to install Adobe Air -- it just came along when I updated Adobe Reader (see http://get.adobe.com/reader/). Now that I have looked it up, I can't see why I'd ever want it. Maybe I can uninstall it. In Add/Remove, the following are installed: Acrobat.com ver 1.1.377 Adobe AIR Adobe Flash Player 10 Plug-in Adobe Reader 9 I don't really understand the inter-dependence of these programs, and why Adobe makes you install them all. And it seems like Acrobat is still labeled 'beta' -- are they, essentially, forcing you to test their beta software? (http://www.adobe.com/products/reader/ : "Create PDF files with Adobe

I wouldn't say for sure that any of the problems I experience on the computer are due to infections -- it seems to me that they might just as easily be due to problems with buggy software or patches. But I'm not sure... (In the past, even when my scans have detected infections due to Trojans or Toolbars, I have never experienced symptoms such as browser hijacking, popups, slow downs, etc. Some infections turned out, after Googling, to be false positives, but some seemed to be real.) The problems I am experiencing now are: 1. Problems with Word -- I have MS Word 2002 (10.6850.6845 SP2). a) It tends to crash pretty often. Often this happens when I am closing the program. I have found that if often will crash if I close the program without first closing open documents. Even if I close documents, I need to pause before closing the program to prevent crashes. Starting maybe about a month ago, I have to accept the end-user EULA each time I start the program! I've been assuming that this might be due to a Windows Update patch that is problematic. I was hoping Dial-a-fix would fix my Word problems, but it hasn't. Perhaps I should try the "Detect and repair" option in the Word Help menu? 2. Problem with Adobe Reader 9.0 -- (Adobe Reader is also installed as a plug-in in Firefox) I cannot always open pdf files on one (limited) user in Firefox (or outside of Firefox, either). Some files open fine, but for others, the error msg is "the file is damaged and cannot be repaired". Or sometimes it will display a blank page and say "done". However, if I switch to another (limited) user, the same file will open just fine. I think I may have fixed this today. I opened Firefox>Tools>Applications. Various Adobe programs were listed (eg, Acrobat and Air). I didn't see Reader listed. When I searched for "pdf file", it seemed to indicate that pdf's were to be opened by Acrobat. I switched this to Adobe Reader 9, and could then open a file that I had been unable to open previously. I haven't experimented enough to know if this has resolved all my Adobe problems. 3. Often I get an "access denied" msg when I try to delete a file, even if I am on the admin acct. I don't think this is due to malware, though. 4. Sygate Personal Firewall doesn't load promptly -- or at least the user interface doesn't load promptly, though sometimes I think the program is actually running. I often seem to need to start it manually, though it is set to run at startup. (It also will only show the user interface to the user who logs on first, but this is a known issue.) However, this is a program which is no longer being maintained, so I am not that surprised that I am having problems with it. I plan to move to Comodo free firewall. That's all I can think of right now, though I am sure there are other little annoyances that I try to live with or work around. Sorry, I've gotten a bit behind schedule. I will run the scans you requested tomorrow. Thanks!

Ok -- I've run ComboFix. It was a bit unnerving at times. The CF instructions I had printed didn't mention the reboot after the scan. So at first, I was scared to touch the machine to log back into the admin user acct where CF was running. I waited 10 min, then logged in. CF started to run, then paused and alerted me that my AV was running. Well, all my background programs opened! So I closed all. But I had a real dilemma, because the Sygate FW interface wasn't showing. This is a problem I have with Sygate, and is one of the reasons I plan to switch to Comodo. Sygate doesn't always load promptly -- but I think sometimes it is just the user interface that isn't showing, and the program is running in the background anyway. (It doesn't show in Task Manger, even with the interface showing, so I don't know how to check this.) Anyway, I was unsure about clicking ok to the AV alert, and letting ComboFix run even tho the FW might be running or loading. But I was scared to load Sygate and exit it, since CF was saying "don't run any programs". I finally decided to resume CF and hope for the best, and things worked out fine. After CF finished running, I restarted my background anti-malware. WinPatrol alerted me that my default search page for IE had changed from Google to some Microsoft search page. I decided to allow it, and will change it back later. Then WinPatrol alerted me of a change in my HOSTS file, which I also allowed. I am posting the CF log below. Later, I will run RootRepeal and HJT scan. Need a bit of a break now... ******************************************************************************** ******** **************************** COMBOFIX LOG ********************************************** ComboFix 09-02-07.01 - (ADMIN_USER) 2009-02-08 13:34:54.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2559.2101 [GMT -5:00] Running from: c:\documents and settings\(ADMIN_USER)\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090208-0] *On-access scanning disabled* (Updated) AV: Norton AntiVirus 2005 *On-access scanning disabled* (Outdated) FW: Norton Internet Worm Protection *enabled* FW: Sygate Personal Firewall *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\open.ico c:\windows\Web\default.htt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Service_Iprip ((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 ))))))))))))))))))))))))))))))) . 2009-02-07 09:33 . 2009-02-08 13:34 <DIR> d-------- c:\windows\system32\CatRoot2 2009-02-06 00:19 . 2009-02-06 00:19 <DIR> d-------- c:\program files\HD Tune 2009-01-31 00:02 . 2009-01-31 00:02 250 --a------ c:\windows\gmer.ini 2009-01-30 22:58 . 2009-01-30 22:58 0 --a------ c:\windows\system32\REN13.tmp 2009-01-30 22:58 . 2009-01-30 22:58 0 --a------ c:\windows\system32\REN12.tmp 2009-01-18 19:07 . 2009-01-18 19:07 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-18 18:32 . 2009-01-18 18:32 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-01-16 21:07 . 2009-01-16 21:07 <DIR> d-------- c:\documents and settings\(USER_\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-30 06:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-30 06:04 --------- d-----w c:\program files\Common Files\Adaptec Shared 2009-01-30 04:37 --------- d-----w c:\program files\a-squared Anti-Dialer 2009-01-29 04:19 --------- d-----w c:\documents and settings\(USER_N)\Application Data\Apple Computer 2009-01-24 04:03 --------- d-----w c:\documents and settings\(USER_D)\Application Data\XnView 2009-01-18 23:46 118,784 ----a-w c:\windows\SeaMonkeyUninstall.exe 2009-01-18 23:45 118,784 ----a-w c:\windows\GREUninstall.exe 2009-01-18 18:57 --------- d-----w c:\documents and settings\(USER_D)\Application Data\Apple Computer 2009-01-17 21:12 --------- d-----w c:\program files\a-squared Free 2009-01-17 21:08 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-17 21:06 --------- d-----w c:\program files\SpywareBlaster 2009-01-17 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP 2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-02 04:27 --------- d-----w c:\program files\Panda Security 2009-01-02 00:21 --------- d-----w c:\program files\iTunes 2009-01-02 00:21 --------- d-----w c:\program files\iPod 2009-01-02 00:21 --------- d-----w c:\program files\Bonjour 2009-01-02 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-02 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-02 00:20 --------- d-----w c:\program files\Common Files\Apple 2009-01-01 23:10 --------- d-----w c:\documents and settings\All Users\Application Data\CCleaner 2009-01-01 20:47 --------- d-----w c:\program files\SUPERAntiSpyware 2008-12-27 18:37 --------- d-----w c:\program files\IObit 2008-12-14 03:19 --------- d-----w c:\documents and settings\(ADMIN_USER)\Application Data\SanDisk 2008-12-13 21:46 --------- d-----w c:\documents and settings\(ADMIN_USER)\Application Data\Amazon 2008-12-13 21:38 --------- d-----w c:\documents and settings\(USER_D)\Application Data\Amazon 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-10-03 23:49 84,216 -c----w c:\documents and settings\(USER_N)\Application Data\GDIPFONTCACHEV1.DAT 2008-04-11 00:22 84,216 -c----w c:\documents and settings\(USER_D)\Application Data\GDIPFONTCACHEV1.DAT 2008-03-21 16:37 84,216 -c----w c:\documents and settings\(USER_\Application Data\GDIPFONTCACHEV1.DAT 2004-11-30 23:18 336,896 -c----w c:\documents and settings\(USER_D)\remote.exe 2004-04-10 17:43 266 ---h--w c:\program files\desktop.ini 2004-04-10 17:43 11,079 -c-h--w c:\program files\folder.htt 2001-05-24 17:59 162,304 ------w c:\program files\UNWISE.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Sygate Agent Firewall"="c:\program files\Sygate\SPF\Smc.exe" [2004-10-15 2577632] "Windows Defender User Interface"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "StrokeIt"="c:\program files\Strokeit\strokeit.exe" [2005-02-17 21504] "SansaDispatch"="c:\documents and settings\(ADMIN_USER)\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2008-12-13 79872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2006-07-20 230976] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "a-squared Anti-Dialer"="c:\program files\a-squared Anti-Dialer\a2adguard.exe" [2008-06-11 1497744] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 366400] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-10-04 c:\windows\system32\narrator.exe] c:\documents and settings\(ADMIN_USER)\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2008-11-24 728408] c:\documents and settings\All Users\Start Menu\Programs\Startup\ hueyPROTray.lnk - c:\program files\Pantone\hueyPRO\hueyPROTray.exe [2008-09-12 1081344] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-01-01 15:47 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\wmfhotfix.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ctmp3"= c:\windows\System32\ctmp3.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-01 28544] R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2008-05-20 15328] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-23 114768] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024] R2 a2AntiDialer;a-squared Anti-Dialer Service;c:\program files\a-squared Anti-Dialer\a2service.exe [2007-06-20 421496] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-23 20560] R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2008-08-06 216032] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 avgntdw;avgntdw;\??\c:\program files\AVPersonal\AVGNTDW.SYS --> c:\program files\AVPersonal\AVGNTDW.SYS [?] S3 METROP;Hewlett-Packard ScanJet 5300C/5370C;c:\windows\system32\drivers\hp53pw2k.sys [2003-09-14 131712] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-11-18 7808] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408] --- Other Services/Drivers In Memory --- *Deregistered* - IPVNMon *Deregistered* - mchInjDrv *Deregistered* - uphcleanhlp . Contents of the 'Scheduled Tasks' folder 2008-10-24 c:\windows\Tasks\BACKUP.job - c:\windows\system32\ntbackup.exe [2004-08-04 02:56] 2009-02-08 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = localhost;*.local uSearchURL,(Default) = hxxp://www.google.com IE: &Google Search IE: &Translate English Word IE: Backward Links IE: Cached Snapshot of Page IE: Similar Pages IE: Translate Page into English Trusted Zone: adobe.com\www Trusted Zone: akamai.net\a248.e Trusted Zone: bitdefender.com Trusted Zone: eset.com Trusted Zone: eset.com\www Trusted Zone: f-secure.com Trusted Zone: f-secure.com\support Trusted Zone: html-kit.com\www Trusted Zone: lavasoft.com Trusted Zone: lavasoft.de\www Trusted Zone: lavasoftusa.com\www Trusted Zone: live.com\onecare Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\office Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate Trusted Zone: microsoft.com\www Trusted Zone: netflame.cc\ssl-hints Trusted Zone: pandasecurity.com\www Trusted Zone: secunia.com Trusted Zone: secunia.com\psi Trusted Zone: symantec.com\security Trusted Zone: verizon.net\onlinehelp Trusted Zone: windowsupdate.com Trusted Zone: windowsupdate.com\download DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37540.cab FF - ProfilePath - c:\documents and settings\(ADMIN_USER)\Application Data\Mozilla\Firefox\Profiles\ebtxti7b.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll . . ------- File Associations ------- . txtfile="c:\program files\JGsoft\EditPadLite\EditPadLite.exe" "%1" . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-08 14:04:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*] "Licence0"="04F0D21-79D8-7A25-D702-433F" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(692) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\a-squared Free\a2service.exe c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\CTsvcCDA.EXE c:\program files\UPHClean\uphclean.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-02-08 14:06:48 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-08 19:06:45 Pre-Run: 244,946,087,936 bytes free Post-Run: 244,782,620,672 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 245 --- E O F --- 2009-02-07 14:29:49

Outlook Express problem fixed. Sorry for falsely accusing Dial-a-fix! Will run a (fresh copy) of CF tonight or tomorrow morning. Time for a late dinner!

Ok, it's a FW problem. When I turn off the Avast mail scanner, I can send/receive. I installed an Avast program update earlier today. So then I got a FW msg about the mail scanner. I thought I allowed it, but maybe I hit the wrong button, bec there's an entry in the security log that says user denied change. So I have to figure out how to allow it.

Hi -- Well, before I got to running CF (and I will download a fresh copy when I'm ready to run it), I realized that I can no longer send and receive mail with Outlook Express using my Verizon DSL email acct. I just spent about 40 min on the phone with Verizon, deleting and re-installing the account and all the parameters, but it didn't help. And Verizon assures me that there is no problem with their mail servers. So I think Dial-a-fix screwed up something in Outlook Express, but I have no idea what or how to fix it. I can use the program (compose mail, read mail, move between folders, etc), but I cannot send or receive. Any ideas?

Hi -- I ran Dia-a-fix (without untoward incident, as you predicted). Can't really tell if anything is different... but I'm sure there are probably some improvements. Was about to run CF, but someone here needs the computer (we only have one), so I will run it later today. (By the way, regarding CF, I had misunderstood your earlier instructions to mean that I should install the recovery console FIRST, meaning before running CF. Hence, my Q's about the Windows CD. I will run CF and let it handle the installation of the recovery console.)

Umm... I am trying to run Dial-a-fix, but wasn't sure which boxes to check.