[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows sign in screen

Posted on 2005-04-29
39
Medium Priority
?
576 Views
Last Modified: 2013-12-11
Good Evening, I have been away from my computer for a couple of weeks and find on my windows sign on screen (something I have because I don't know how to delete this), there is a name which is not mine. Before going away I had been hacked a few times and apparently they have been successful. Please let me know how I can get rid of this, what I need to do. Thank you for your kindess.
0
Comment
Question by:Ruthee
  • 14
  • 14
  • 9
37 Comments
 
LVL 29

Expert Comment

by:blue_zee
ID: 13898963

Search for files with the extension *.PWL and rename them *.OLD.

Reboot and when presented with the logon screen DON'T type anything, just press enter.

See if that solves the problem.

Zee
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 13898969

After solving that problem:

First of all, download NOW this Winsock fix (FREE):
http://downloads.subratam.org/WinsockFix.zip
If you lose internet access after the cleanup, run this tool.

After that, download the fully functional trial version of Spy Sweeper:
http://www.webroot.com/downloads/?WRSID=595f27d74dd2795a56af83b763c321e1
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once ('in use').

Download Ad-Aware (FREE) from here:
http://lavasoft.element5.com/support/download/
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once ('in use').

Also excellent is SpyBot Search & Destroy (FREE) available here:
http://www.spychecker.com/download/download_spybot.html
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once ('in use').
You should also apply the 'immunize' function, since it blocks roughly 1900 known 'bad' runs/apis/apps.

Even if Ad-Aware and SpyBot S&D are similar, they do clean different things. You should have both of them and use REGULARLY.

You can also install 'preventive' software that will help you control these nasties:

SpywareBlaster (FREE):
http://www.javacoolsoftware.com/spywareblaster.html
Prevents the installation of Active-X based spyware, malware, dialers, etc
Currently protects you against 3500+ nasties.
Advantage: no system resources used!!!
Just download, install and UPDATE.

All of them extremely useful but you must keep them UPDATED.

Suggestion: Make sure you can see all files and folders and run Ad-aware and Spybot S&D in Safe Mode.

Zee
0
 

Author Comment

by:Ruthee
ID: 13900456
Zee, How do I go about finding the .PWL extension files, and how do I go about changing them to .OLD?

Thanks, Ruth
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:Ruthee
ID: 13900499
Zee, Did as you suggested and found .PWL files, four of them, and changed them to .OLD as you suggested. I rebooted and the name was still on the sign on screen so will go further as you suggested. Ruthee
0
 

Author Comment

by:Ruthee
ID: 13902569
Zee, Things were getting worse so I used the recovery program and it took me back to Wednesday, 4/27/05. When I wanted to go anywhere on the internet I was re-directed to Zone Alarm. I had cancelled this program because it seemed to cause more problems than helping. To get back to you I needed to use the recovery program. I will see what will happen next and get back to y ou. As usual, you are the greatest. Ruthee
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 13903647
If your problems still exist after following Zee's suggestions, you could see if you have a BHO.
What are BHOs ?     Description here:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebgen/html/bho.asp       

To download BHODemon, which would disable the BHOs:
http://www.spywareinfo.com/downloads/bhod/

Quote:
Think of BHODemon as a guardian for your Internet browser:  It protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually.  For BHO detection this program is highly recommended.
Unquote:

Alternate site to download BHODemon (if needed):
http://www.definitivesolutions.com/files/BHODemon10Setup.exe

If then you STILL have a problem, you could try "HighjackThis" which has the ability to identify and remove any obstinate hijackware/spyware.  If this finally proves necessary, post back first with your findings, and we can give you the
appropriate details to download and use HighjackThis.

Jonvee.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 13913734
Ruthee,
Have you been able to fix your problem using any of the comments above, or have other difficulties arisen ?
If perhaps you require something explained in a different way, please ask.
0
 

Author Comment

by:Ruthee
ID: 13917856
Jonvee and Zee,

I am slowly losing my mind. Now the sign in screen doesn't even exist as it always downloaded when I started the computer. Another problem was with Zone Alarm where they would not allowme to access the internet. I tried to print the instructions on what to do and the program stopped me from printing these instructions. I feel crazy. I don't know what to do. What happened to the windows sign in screen. Somebody obviously is playing with my computer and I just don't know what to do. I thank both of you for your kindness and patience in attempting to help me. I had downloaded that BHO program and it wouldn't allow me to use internet explore browser - this confuses me so i got rid of that. Please tell me what to do with that "Hijack" program. I want you to know that I really appreciate your help. Ruth
0
 
LVL 27

Assisted Solution

by:Jonvee
Jonvee earned 500 total points
ID: 13918027
Instructions for using HighjackThis:
First create a folder where you would like the HijackThis file to reside, and run it from there, not from the Desktop or a temp folder.  It is important that you download this file to its OWN folder as this folder will be used when HijackThis makes backups. Temp folders get deleted, taking with them HJT's 'backups' of items that were 'fixed'.

HighjackThis can be a little awkward to use, but you can take your time and hopefully the following instructions will
help.  They only LOOK excessive because i have added so much detail in an attempt to explain as much as possible.
But, please do NOT click the HighjackThis button named  "FIX", until we have hopefully established what the problem is.
If it gets confusing part way through the process, don't worry, you can just 'close' HJT and complete.

Download the latest version of HighjackThis ( v1.99.0 ) from here:
                                   http://www.majorgeeks.com/download3155.html

If you have previously run and fixed anything with Spybot Search and Destroy or AdAware, please reboot before scanning with HJT.   Concise instructions explain how to use it.         Click the "Do a system scan and save a logfile" button.
You will have created a file named hijackthis.log .  Save it in a permanent folder such as 'My Documents'.

Now access this next link on the internet, and you'll see a text 'window' (we'll return to this in a moment):
                                  http://www.hijackthis.de/
Alternative site >>     http://www.hijackthis.de/index.php?langselect=english

Look at your 'HijackThis' text (LOG), which you may have written in 'Notepad' or 'Wordpad'.
Then on the toolbar at the top, select 'Edit'.
From the 'dropdown menu' click 'Select all' which HIGHLIGHTS your text(LOG).
Hover the mouse 'prompt' over the highlighted text.
Right click. Select 'copy'.
Then paste the results in the 'window' mentioned above, to have them automatically analysed within seconds.

Paste your logfile in this box, like this:
Right click your mouse when hovering over this textbox, and select 'Paste'.
Then select 'analyse', and then select 'Save analyse'.
A new page will open.  Paste the ADDRESS of that page in your next post to us, NOT the log, so that we may
view(as you can) your HighjackThis log that will now have a number of recommendations, with items colored in green(safe), yellow(possibly nasty or unknown), and red(nasty .. or words to that effect).
From here we can confirm what items to remove, if any.     Please ask, if in doubt.
Jonvee
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 13918137

Ruthee,

I believe the disappeared login was a resulte of deleting the *.PWL files.

That is normal!

Can you access the internet with your browser (IE or Forefox)? Or are you posting from a different computer?

Why do you say Zone Alarma doesn't allow you to access the internet?

Have you tried closing Zone Alarm? Do you access internet after that?

If your answer is yes, uninstall Zone Alarm, reboot and reinstall.

See if that solves the problem, because you DO need Zone Alarm running in your PC.

How up to date are you with your virus scanning?

And for spyware and malware (Ad-Aware, Spybot)? Are definitions current?

Looking forward to your comments.

Zee
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 13918179
One way of creating a folder, in case you need reminding  :)

My computer > Explore > click "Local Disk (D)" preferably.  
If your HD has only a C: Drive, no problem, just click "Local Disk (C)" instead.

At the top of the window select "File", then hover over "New", then click "Folder".  
Of several ways of creating a new folder, this is just one of them.  You can name it anything you like,
perhaps "HJT" will be most suitable.  It's here that you can download the HighjackThis program,
when asked.  
You can name it as D:\HJT          [or    C:\HJT       ]
Hope this makes sense.
0
 

Author Comment

by:Ruthee
ID: 13918359
This is my second try to write to Zee. The other one just froze and wouldn't go anywhere. I still have the name on the sign on screen. Also, Zone Alarm wouldn't let me access the internet. They gave instructions but couldn't print them for some reason. My virus program was run two days ago and was fine.
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 13918396

Let's try from start again:
;-)

First of all, download NOW this Winsock fix (FREE):
http://downloads.subratam.org/WinsockFix.zip
If you lose internet access after the cleanup, run this tool.

After that, download the fully functional trial version of Spy Sweeper:
http://www.webroot.com/downloads/?WRSID=595f27d74dd2795a56af83b763c321e1
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once ('in use').

Download Ad-Aware (FREE) from here:
http://lavasoft.element5.com/support/download/
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once ('in use').

Also excellent is SpyBot Search & Destroy (FREE) available here:
http://www.spychecker.com/download/download_spybot.html
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once ('in use').
You should also apply the 'immunize' function, since it blocks roughly 1900 known 'bad' runs/apis/apps.

Even if Ad-Aware and SpyBot S&D are similar, they do clean different things. You should have both of them and use REGULARLY.

You can also install 'preventive' software that will help you control these nasties:

SpywareBlaster (FREE):
http://www.javacoolsoftware.com/spywareblaster.html
Prevents the installation of Active-X based spyware, malware, dialers, etc
Currently protects you against 3500+ nasties.
Advantage: no system resources used!!!
Just download, install and UPDATE.

All of them extremely useful but you must keep them UPDATED.

Suggestion: Make sure you can see all files and folders and run Ad-aware and Spybot S&D in Safe Mode.

Zee

0
 
LVL 29

Expert Comment

by:blue_zee
ID: 13918401
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 13919580
Ruthee,
You stated earlier >>             "My virus program was run two days ago and was fine"

Ok, but it's always good policy to run two or three virus scanners particularly when you have a problem,
for example those excellent online, free ones that Zee has listed.  Reason for this is that often one scanner will find something that a second scanner misses!  Use two or three of them at least, and you'll gain the advantages of them all.
0
 

Author Comment

by:Ruthee
ID: 13950483
Zee and Jonvee,

First, thank you both for your help. Second, I was going through the system.ini and found under password list the following: Default=C:\windows\default.pwl, HPauthorized custom-c:\windows\.hp, and then the name that was on the password list: Ruthie7154087. I unchecked this. Did I do the right thing. As you see by using the name "Ruthie" it seems to me that this is targeted directly to me, that someone who apparently knows me is doing this. I know no other person who has been having the problems that I have been having with my password to aol hijacked and then changed and then hijacked. What do you think? Again, thanks to you both. Ruthee
0
 

Author Comment

by:Ruthee
ID: 13950708
Hi again. I have traced this through zone alarm by their isp number. this must be the person who is hacking me. ruth

WHOIS results for 172.130.0.0
Generated by www.DNSstuff.com
Location: United States [City: Sterling, Virginia]

NOTE: More information appears to be available at AOL-NOC-ARIN.


OrgName:    America Online
OrgID:      AOL
Address:    22000 AOL Way
City:       Dulles
StateProv:  VA
PostalCode: 20166
Country:    US

NetRange:   172.128.0.0 - 172.191.255.255
CIDR:       172.128.0.0/10
NetName:    AOL-172BLK
NetHandle:  NET-172-128-0-0-1
Parent:     NET-172-0-0-0-0
NetType:    Direct Allocation
NameServer: DAHA-01.NS.AOL.COM
NameServer: DAHA-02.NS.AOL.COM
NameServer: DAHA-07.NS.AOL.COM
Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:    2000-03-24
Updated:    2003-08-08

TechHandle: AOL-NOC-ARIN
TechName:   America Online, Inc.
TechPhone:  +1-703-265-4670
TechEmail:  *******@aol.net

OrgAbuseHandle: AOL382-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-703-265-4670
OrgAbuseEmail:  *****@aol.net

OrgNOCHandle: AOL236-ARIN
OrgNOCName:   NOC
OrgNOCPhone:  +1-703-265-4670
OrgNOCEmail:  ***@aol.net

OrgTechHandle: AOL-NOC-ARIN
OrgTechName:   America Online, Inc.
OrgTechPhone:  +1-703-265-4670
OrgTechEmail:  *******@aol.net

# ARIN WHOIS database, last updated 2005-05-06 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

[If E-mail address(es) were hidden on this page, you can click here to get the results with the E-mail address.



--------------------------------------------------------------------------------

(C) Copyright 2000-2005 R. Scott Perry
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 13950756

Have you updated Zone Alarm recently?

Check This way: double-click the ZA icon on the taskbar, click Overview, Preferences tab, click the Check for Update button and update if necessary.

In ZA ckeck also Firewall, Main tab. Are the sliders set to High in Internet Zone Security and Trusted Zone Security? If not, set them at High level.

After this it will not be easy (or even common) for someone to hijack your PC. And a home user  is not a common target for hackers.

On this topic, are you doing any banking with your PC? Shopping on the internet and paying with Credit Card?

That WHOIS scan doesn't help.

Zee
0
 

Author Comment

by:Ruthee
ID: 13959796
Jonvee,

I used the Hijack This program and this was the address of the browser: http://www.hijackthis.de/index.pbp#anl. I hope this is what you were looking for, if not I copies their solutions and will await for your answer. I can send the solutions on to you. Thanks again. Ruth
0
 

Author Comment

by:Ruthee
ID: 13960632
Jon Vee

I think this is the address you want:

http:/ww.hijackthis.de/logfiles/60f616d6974527a5b981dc743178fb40.html  Ruthee.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 13960658
Ruthee
When i click on the page that you sent i'm getting " The page cannot be found".
Yet the address you gave appears correct >>      http://www.hijackthis.de/index.pbp#anl

Did you initially see this next address, with the heading "HijackThis log file analysis",  i'm guessing that you did ?
http://www.hijackthis.de/

If so, that seems fine.   But could it be that you had this heading, prior to completion >>   "Warning: Page has Expired"  ??
If so that would explain things, the 'HighjackThis reply' didn't wait long enough for you to extract the details!  
No problem, but maybe you could just recheck please, and resend that address of your analysis to us once more.

Have to log off for a while, but will look out for your reply upon my return.   You seem to be almost there  ;-)
Thanks.    Jonvee.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 13960694

Same problem with this one, Ruth  >>        http:/ww.hijackthis.de/logfiles/60f616d6974527a5b981dc743178fb40.html
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 13960833
If you continue having problems Ruth, there is an alternative and we can still do it.  The Moderator(s) probably won't mind on this one occasion if you send the whole page of your HighjackThis analysis to us.  It shows the green, yellow,
and (maybe)red markers, with advice on how to proceed(It's just that it clutters up this thread(problem)).  
 
Preferably try the original method first, but if still no good, send the LOG as just described.     Thanks.
Jonvee.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 13963678
Ruth
Some additional 'pasting' instructions, should you decide that you have to send the whole page of your HighjackThis 'analysis' to us:

Display your Notepad with the HijackThis (LOG) 'analysis' text.
Select 'Edit' on toolbar.
From the dropdown menu, click 'Select all' which highlights your text.
Hover the mouse 'prompt' over the highlighted text.
Right click. Select 'copy'.

Having previously opened the Experts Exchange 'comments box' to us,
right click your mouse when hovering over 'comments' box, and select 'Paste'.  That should do it.
0
 

Author Comment

by:Ruthee
ID: 13967739
Jonvee

I did send you the results yesterday but see tht it isn't pasted here. I tried again this morning and the analysis page's address is http://www.hijackthisde/index.php#anl, same as before. I will try to send the results again to you. Thanks for all your trouble. Ruth
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 13968432
Took another look at HighjackThis.  Apologies Ruth, but the operating procedure appears to have changed recently.  
Perhaps if you note the 'Tip' on the analysis page which says ...

            "Copy the LINK at the bottom of the page (save analysis) and paste it in your post".  (possibly you did?)
i tried this and it worked perfectly!  Maybe you'd like another shot at sending this address.

Alternative analysis site, but the results are the same:
http://www.hijackthis.de/index.php?langselect=english
0
 

Author Comment

by:Ruthee
ID: 13977900
I trust this will help:



HijackThis log file analysis
HijackThis is a program used by experienced users in order to detect browser hijackers. It allows you to identify any sort of spyware and malware (as well as some trojan horses and worms). This is achieved by scanning special zones of the registry as well as the hard disk drive, the results being listed in a structured window. Another feature of HijackThis is the creation of a log file, which can be saved as a simple text file and opened by any text editor (notepad as default). Until now, inexperienced users, who could not analyze the log file by themselves, had no other choice than posting it in a specialized forum and to hope that a more experienced user takes some time to analyze it. The script presented on this page is a way to analyze your log without help from the outside: simply copy/paste the content of the log file in the textbox below and hit the analyze button. HijackThis is free and does not need to be installed. It can be downloaded here:
Because of a few misunderstandings I advert, that I only develop this online analysis and not the tool HijackThis.
To the authors homepage | Direct download | [mirror]
Languages: Deutsch - French - English - Italian - Czech

If you have a question concerning the analysis, you can post it in one of these forums:
HijackThis.de Supportforum Deutsch | English
HijackThis.de Chat chat.hijackthis.de
(irc.quakenet.org #hijackthis)
Forospyware.com (Spanish) www.forospyware.com 

Tip: Copy the link at the bottom of the page (save analysis) and paste it in your post


 You can paste a logfile in this textbox
   
or you can choose a logfile from your computer
 
 
  Entry   Kind
(Safe, Nasty, Unknown)     Description     Tip
  Help us to keep this free service online! Please give us a small donation via PayPal.    
  Entry   Kind
(Safe, Nasty, Unknown)      Description     Tip
  Logfile of HijackThis v1.99.1  
Safe.   Shows the version of HijackThis an. The newest version is: v1.99.1!   This should be the newest version. (v1.99.1)
  Platform: Windows ME (Win9x 4.90.3000)          
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)  
Safe.   Shows the version of your Internet Explorer. Newest Version is: 6.00.2800.1106!   This should be the newest version. (6.00.2800.1106)
  C:\WINDOWS\SYSTEM\MSGSRV32.EXE  
Safe.   running process. (MSGSRV32.EXE)
Systemprozess - Windows Message Server  
 
  C:\WINDOWS\SYSTEM\MPREXE.EXE  
Safe.   running process. (MPREXE.EXE)
Systemprozess - Erlaubt mehr als einen Netzwerkclienten und 95, 98 oder ME einzurichten.  
 
  C:\WINDOWS\SYSTEM\SSDPSRV.EXE  
Safe.   running process. (SSDPSRV.EXE)
   
 
  C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE  
Safe.   running process. (MCVSRTE.EXE)
   
Possibly nasty! According to our database this process runs normally in c:\programme\mcafee.com\vso\! Check if you know this process and arrange a viruscheck where required.
  C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE  
Safe.   running process. (VSMON.EXE)
ZoneAlarm Firewall  
 
  C:\WINDOWS\SYSTEM\ZONELABS\ISAFE.EXE  
Safe.   running process. (ISAFE.EXE)
Bestandteil von eTrus Antivirus  
 
  C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE  
Safe.   running process. (AOLACSD.EXE)
Part of AOL  
Possibly nasty! According to our database this process runs normally in c:\programme\gemeinsame dateien\aol\acs! Check if you know this process and arrange a viruscheck where required.
  C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE  
Safe.   running process. (STMGR.EXE)
Systemwiederherstellung unter Windows ME  
 
  C:\WINDOWS\EXPLORER.EXE  
Safe.   running process. (EXPLORER.EXE)
Systemprozess für Desktop und Taskleiste.  
 
  C:\WINDOWS\SYSTEM\SYSTRAY.EXE  
Safe.   running process. (SYSTRAY.EXE)
Systemprozess - Background application that runs the Windows system tray, which provides space to display the clock time and icons installed by other applications.  
 
  C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE  
Safe.   running process. (MMKEYBD.EXE)
   
Possibly nasty! According to our database this process runs normally in c:\programme\netropa\multimedia keyboard\! Check if you know this process and arrange a viruscheck where required.
  C:\WINDOWS\SYSTEM\HPSYSDRV.EXE  
Safe.   running process. (HPSYSDRV.EXE)
   
 
  C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE  
Safe.   running process. (KEYBDMGR.EXE)
   
 
  C:\WINDOWS\SYSTEM\QTTASK.EXE  
Safe.   running process. (QTTASK.EXE)
Part of QuickTime  
Possibly nasty! According to our database this process runs normally in c:\programme\quicktime\! Check if you know this process and arrange a viruscheck where required.
  C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE  
Safe.   running process. (OSD.EXE)
   
Possibly nasty! According to our database this process runs normally in c:\programme\netropa\onscreen display\! Check if you know this process and arrange a viruscheck where required.
  C:\WINDOWS\SYSTEM\WMIEXE.EXE  
Safe.   running process. (WMIEXE.EXE)
Systemprozess - Application that gives a standard method of accessing system information, performance information, event monitors, and application monitors. The application works as a transparent task.  
 
  C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE  
Safe.   running process. (MCVSSHLD.EXE)
   
Possibly nasty! According to our database this process runs normally in c:\programme\mcafee.com\vso\! Check if you know this process and arrange a viruscheck where required.
  C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE  
Safe.   running process. (MCVSESCN.EXE)
   
Possibly nasty! According to our database this process runs normally in c:\progra~1\mcafee.com\vso! Check if you know this process and arrange a viruscheck where required.
  C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE  
Safe.   running process. (MCAGENT.EXE)
   
Possibly nasty! According to our database this process runs normally in c:\programme\mcafee.com\agent\! Check if you know this process and arrange a viruscheck where required.
  C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE  
Safe.   running process. (PPCONTROL.EXE)
   
Possibly nasty! According to our database this process runs normally in c:\programme\pestpatrol\! Check if you know this process and arrange a viruscheck where required.
  C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE  
Safe.   running process. (PPMEMCHECK.EXE)
   
Possibly nasty! According to our database this process runs normally in c:\programme\pestpatrol\! Check if you know this process and arrange a viruscheck where required.
  C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE  
Safe.   running process. (COOKIEPATROL.EXE)
   
Possibly nasty! According to our database this process runs normally in c:\programme\pestpatrol\! Check if you know this process and arrange a viruscheck where required.
  C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE  
Safe.   running process. (INCD.EXE)
   
Possibly nasty! According to our database this process runs normally in c:\programme\ahead\incd\! Check if you know this process and arrange a viruscheck where required.
  C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE  
Safe.   running process. (ZLCLIENT.EXE)
Zone Alarm  
Possibly nasty! According to our database this process runs normally in c:\programme\zone labs\zonealarm\! Check if you know this process and arrange a viruscheck where required.
  C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE  
Safe.   running process. (MMUSBKB2.EXE)
   
Possibly nasty! According to our database this process runs normally in c:\programme\netropa\multimedia keyboard\! Check if you know this process and arrange a viruscheck where required.
  C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE  
Safe.   running process. (AOLDIAL.EXE)
Part of AOL  
Possibly nasty! According to our database this process runs normally in c:\programme\gemeinsame dateien\aol\acs\! Check if you know this process and arrange a viruscheck where required.
  C:\PROGRAM FILES\AMERICA ONLINE 9.0C\AOLTRAY.EXE  
Safe.   running process. (AOLTRAY.EXE)
AOL Trayicon   Not dangerous, but unnecessary.
Possibly nasty! According to our database this process runs normally in c:\programme\aol 9.0\! Check if you know this process and arrange a viruscheck where required.
  C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE  
Safe.   running process. (HPOTDD01.EXE)
Part of Hewlett Packard  
Possibly nasty! According to our database this process runs normally in c:\programme\hewlett-packard\digital imaging\b\! Check if you know this process and arrange a viruscheck where required.
  C:\WINDOWS\SYSTEM\SPOOL32.EXE  
Safe.   running process. (SPOOL32.EXE)
Systemprozess - Application that handles the spooling of print jobs transparently. It works only when the user configures the printer to spool print jobs.  
 
  C:\WINDOWS\SYSTEM\MSTASK.EXE  
Safe.   running process. (MSTASK.EXE)
Gehört zu den Windows Powertoys von MS.  
Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required.
  C:\PROGRAM FILES\ZONE LABS\ZONEALARM\MAILFRONTIER\MANTISPM.EXE  
Unknown   running process. (MANTISPM.EXE)
MailFrontier_Desktop (Matador) email spam blocker software    This is a unknown process.
 
  C:\WINDOWS\SYSTEM\STIMON.EXE  
Safe.   running process. (STIMON.EXE)
Systemprozess - Application that provides one-touch scanning for a scanner. The application is automatically started through registry settings.  
 
  C:\WINDOWS\SYSTEM\TAPISRV.EXE  
Safe.   running process. (TAPISRV.EXE)
Systemprozess - Background service that provides Windows Telephony (TAPI) Support in Windows 98 and Windows NT 4.  
 
  C:\WINDOWS\WUAUCLT.EXE  
Safe.   running process. (WUAUCLT.EXE)
Windows Update AutoUpdate Client  
Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required.
  C:\WINDOWS\SYSTEM\DDHELP.EXE  
Safe.   running process. (DDHELP.EXE)
Direct Draw Helper, DirectX  
 
  C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE  
Safe.   running process. (WINMGMT.EXE)
   
Possibly nasty! According to our database this process runs normally in c:\windows\system32\wbem\! Check if you know this process and arrange a viruscheck where required.
  C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE  
Safe.   running process. (IEXPLORE.EXE)
Internet Explorer - Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox)  
Possibly nasty! According to our database this process runs normally in c:\programme\internet explorer\! Check if you know this process and arrange a viruscheck where required.
  C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE  
Safe.   running process. (IEXPLORE.EXE)
Internet Explorer - Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox)  
Possibly nasty! According to our database this process runs normally in c:\programme\internet explorer\! Check if you know this process and arrange a viruscheck where required.
  C:\WINDOWS\TEMP\TD_0011.DIR\HIJACKTHIS.EXE  
Safe.   running process. (HIJACKTHIS.EXE)
Tool, mit dem sie dieses Logfile erzeugt haben.   Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
  O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL  
Safe.   Entries found in this registry zone are potentially nasty. This application ([02478D38-C3F9-4efb-9B51-7695ECA05670] - Result: 02478D38-C3F9-4efb-9B51-7695ECA05670) has been checked. Hit rate: 99 %    
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL  
Safe.   Entries found in this registry zone are potentially nasty. This application ([06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - Result: 06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) has been checked. Hit rate: 99 %    
  O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\PROGRAM FILES\IWON\IWONBAR\2.BIN\IWONBAR.DLL  
Nasty   Entries found in this registry zone are potentially nasty. This application ([C298FB42-E3E2-11D3-ADCD-0050DAC24E8F] - Result: C298fb42-e3e2-11d3-adcd-0050dac24e8f) has been checked. Hit rate: 60 %   Must be fixed!
  O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL  
Safe.   Entries found in this registry zone are potentially nasty. This application ([BA52B914-B692-46c4-B683-905236F6F655] - Result: BA52B914-B692-46c4-B683-905236F6F655) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %    
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX  
Safe.   Entries found in this registry zone are potentially nasty. This application ([8E718888-423F-11D2-876E-00A0C9082467] - Result: 8E718888-423F-11D2-876E-00A0C9082467) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %    
  O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL  
Safe.   Entries found in this registry zone are potentially nasty. This application ([EF99BD32-C1FB-11D2-892F-0090271D4F88] - Result: EF99BD32-C1FB-11D2-892F-0090271D4F88) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %    
  O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL (file missing)  
Unnecessarily   Entries found in this registry zone are potentially nasty. This application ([4982D40A-C53B-4615-B15B-B5B5E98D167C] - Result: 4982D40A-C53B-4615-B15B-B5B5E98D167C) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %  
Unnecessary (deactivated) entry that can be fixed.
  O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\PROGRAM FILES\IWON\IWONBAR\2.BIN\IWONBAR.DLL  
Nasty   Entries found in this registry zone are potentially nasty. This application ([CA0B9B71-C2AF-11D3-B376-0800460222F0] - Result: CA0B9B71-C2AF-11D3-B376-0800460222F0) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %   Must be fixed!
  O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun  
Safe.  
Hit rate: 94 % (result)    
  O4 - HKLM\..\Run: [SystemTray] SysTray.Exe  
Safe.   SYSTRAY.EXE - System Tray Services. Provides the Volume Control, PC Card Status, Power Management and other icons that reside in the System Tray (see here). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they re available via Start -> Settings -> Control Panel
Hit rate: 99 % (result)    
  O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe  
Safe.   Multimedia keyboard manager. Required if you use the additional keys. Can also be listed as MULTIMEDIA KEYBOARD
Hit rate: 99 % (result)    
  O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe  
Unknown  
Hit rate: 5 % (result)   Unknown application.
  O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe  
Safe.   Hewlett-Packard
Hit rate: 99 % (result)    
  O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime  
Safe.   QuickTime
Hit rate: 54 % (result)   Not dangerous, but unnecessary.
  O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask  
Safe.   McAfee
Hit rate: 53 % (result)    
  O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"  
Safe.   McAfee VirusScan On-line. See also McAgentExe
Hit rate: 99 % (result)    
  O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe  
Safe.   From McAfee VirusScan On-line. The Agent is a red M icon that appears in the Windows system tray or Notification Area (if youre running Windows XP). If you dont see the agent icon, VirusScan Online may not be installed
Hit rate: 94 % (result)    
  O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE  
Safe.   From McAfee VirusScan On-line. Automatically updates your virus definitions. Leave enabled unless you regularly update these definitions
Hit rate: 48 % (result)    
  O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe  
Safe.   PestPatrol Control Terminal - launches PestPatrol features such as PPMemCheck and CookiePatrol
Hit rate: 99 % (result)    
  O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe  
Safe.  
Hit rate: 99 % (result)    
  O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe  
Safe.  
Hit rate: 99 % (result)    
  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe  
Safe.  
Hit rate: 99 % (result)    
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"  
Safe.   Firewall program from Zonelabs. Pro version inlcudes other online security options
Hit rate: 85 % (result)    
  O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s  
Safe.   This is a "scheduler" and does not turn off PC Health. For more information refer here
Hit rate: 80 % (result)   Not dangerous, but unnecessary.
  O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe  
Safe.  
Hit rate: 99 % (result)    
  O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe  
Safe.   Simple Service Discovery Protocol (SSDP) and General Event Notification Architecture (GENA) services for network plug and play functionality. Starts up a web server on port 5000. Used by Universal Plug and Play (for network device discovery). To remove this program, open Add/Remove Programs, select either Communications (Me) or Networking Services (XP), and remove the checkmark next to Universal Plug and Play
Hit rate: 99 % (result)   Not dangerous, but unnecessary.
  O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe  
Safe.   Windows ME default for System Restore. Do NOT disable!
Hit rate: 90 % (result)    
  O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding  
Safe.   Part of McAfee's SecurityCenter. Must remain checked but one user reports Windows glitches with no response from McAfee as to why
Hit rate: 99 % (result)    
  O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service  
Safe.  
Hit rate: 99 % (result)    
  O4 - HKLM\..\RunServices: [CAISafe] C:\WINDOWS\SYSTEM\ZoneLabs\isafe.exe  
Safe.   Part of Computer Associates eTrust EZAntivirus
Hit rate: 99 % (result)    
  O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"  
Safe.   AOLacsd.exe is a part of the AOL Internet Software and relates to the connection driver, essential to Internet connection. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems
Hit rate: 99 % (result)    
  O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe  
Safe.   Puts AOL icon in System Tray (*.* denotes version if present). Connect to AOL via the desktop shortcut or Start -> Programs
Hit rate: 92 % (result)   Not dangerous, but unnecessary.
  O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe  
Unknown  
Hit rate: 9 % (result)   Unknown application.
  O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML  
Nasty   The entry &AOL Toolbar search has been identified as nasty.    
  O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm  
Safe.   The entry Related has been identified as safe.   If the entry 'Related ' is not needed anymore, it should be fixed.
  O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm  
Safe.   The entry Show &Related Links has been identified as safe.   If the entry 'Show &Related Links ' is not needed anymore, it should be fixed.
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE  
Safe.   The entry Messenger has been identified as safe.   If the entry 'Messenger ' is not needed anymore, it should be fixed.
  O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE  
Safe.   The entry MSN Messenger Service has been identified as safe.   If the entry 'MSN Messenger Service ' is not needed anymore, it should be fixed.
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll  
Safe.   The entry Real.com has been identified as safe.   If the entry 'Real.com ' is not needed anymore, it should be fixed.
  O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL (file missing)  
Unnecessarily   The entry AOL Toolbar has been identified as safe.   If the entry 'AOL Toolbar ' is not needed anymore, it should be fixed.
Unnecessary (deactivated) entry that can be fixed.
  O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL (file missing)  
Unnecessarily   The entry AOL Toolbar has been identified as safe.   If the entry 'AOL Toolbar ' is not needed anymore, it should be fixed.
Unnecessary (deactivated) entry that can be fixed.
  O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com  
Possibly nasty   This entry should be fixed if this address does not belong to your PC-manufacturer or your 'Internet-Service-Provider (ISP)'.   This entry should be fixed if 'http://hp.my.yahoo.com' is not your PC-manufacturer or your 'Internet-Service-Provider (ISP)'.
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab   
Safe.   This entry has been identified as safe.    
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab   
Safe.   This entry has been identified as safe.    
  O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1441/ftp.coupons.com/v3123/cpbrkpie.cab   
Nasty   This entry is possibly nasty.   Should be fixed.
  O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab   
Possibly nasty   Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!   Check if you know this site and fix it if you do not.
  O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.2.25/worldclass/worldclass-ob-assets.cab   
Possibly nasty   Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!   Check if you know this site and fix it if you do not.
  O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab   
Safe.   This entry has been identified as safe.    
  O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB   
Safe.   This entry has been identified as safe.    
  4
Save analysis | Short analysis
(NOTICE: Your analysis will only be saved for 3 days.)
You should save this file on your hard disk drive. (right click -> save target as)  


Use these tips at your own risk!

Copyright © 2004 - 2005 by Mathias Mattner | Contact| File Database | Malwareupload.com
0
 
LVL 29

Accepted Solution

by:
blue_zee earned 500 total points
ID: 13978191

Ruthee,

That log is a bit messy, but start here:

Create a new folder called C:\HJT and move the HJT file to that folder, and run it from there.

Placing and running froma temp folder or desktop will not save the backups and you may need restoring an erroneous fix.

Now close all windows of your browser, run HJT, and select (tick) these to be fixed:

O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\PROGRAM FILES\IWON\IWONBAR\2.BIN\IWONBAR.DLL
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\PROGRAM FILES\IWON\IWONBAR\2.BIN\IWONBAR.DLL
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1441/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab

Now click Fix Checked. Close HJT and restart in Safe Mode.

Now delete this folder and its contents:

C:\PROGRAM FILES\IWON\

Restart again in Safe Mode and run Ad-Aware and Spybot S&D.

Restart in Normal mode after that.

See if that solved the problem or if you still have some residues.

Good luck,

Zee

0
 
LVL 29

Expert Comment

by:blue_zee
ID: 13978262

This tool will be useful to avoid similar problems in the future:

http://www.winpatrol.com/winpatrol.html

WinPatrol will alert you for changes in the system and will allow immediate "undos".

Zee
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 13988680
Ruth
Have you been able to make any significant progress?    Were you able to create a new folder called C:\HJT  as we suggested, or perhaps more important, can you move your 'HighjackThis' program across to this C:\HJT folder ?
[If you have real difficulties, it may be quicker to download HighjackThis again, directly into a created folder
named C:\HJT         (details above on 05/03) ].
If you're not finding it straightforward, this next article may assist though not all the comments may be applicable:
http://www.tomcoyote.org/hjt/?

By the way, there's no problem with that long HJT analysis list of yours, we can ask a Moderator later to delete it when we
have finished using it.

Incidently had you updated Zone Alarm (as suggested by Zee, he has a good point there)?   Zone Alarm is found to
be a good Firewall, it's very stable.

Removing(fixing) those few items listed above may well cure your problem, you may be nearly there!
Please post back if or when you require further assistance.
Jonvee
0
 

Author Comment

by:Ruthee
ID: 13991108
Zee and Jonvee

I haven't been feeling well today but will attempt your solutions when I am feeling better. Again I thank both of you for your patience and kidness. I will get back to you.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 13991172
Ruth
We're pleased to help.   Hope you're well again soon!
Jonvee
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 13991176

Ruthee,

No need to thank us.

Just get well soon.

That's what matters now.

All the best,

Zee
0
 

Author Comment

by:Ruthee
ID: 14140278
Lee, This is Ruthee. I think you should award the points as my computer is running fine at the present time due to your input. Thanks you again. Ruth
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 14142379
Thanks Lee, that was very fair!

Ruthee:   Thanks, glad your computer is running well again.  

Jonvee
0
 

Author Comment

by:Ruthee
ID: 14143723
Jonvee, I hope I didn't slight you, I appreciate your help. You guys are great. Thanks again. Ruthee
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 14147815
Ruth:    No problem!   Just pleased to be able to help you.   Good luck.

Jonvee
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this modest contribution, I want to share with the IT community (especially system administrators, IT Support Engineers and IT Help Desks) about Windows crashes/hangs and how to deal with these particular problems.
It is a real story and is one of my scariest tech experiences. Most users think that IT experts like us know how to fix all computer problems. However, if there is a time constraint and you MUST not fail the task or you will lose your job, a simple …
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question