Hijack This - What can I safely delete

[It's a new year!]

Listed below is the log file from Hijack This. What can I safely remove?

Logfile of HijackThis v1.97.7
Scan saved at 9:37:19 PM, on 1/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Home.ORGANIZATION\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network
Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network
Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [Zone Labs Client]
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - User Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet
Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: www.asu.edu
O15 - Trusted Zone: http://mailcenter.comcast.net
O15 - Trusted Zone: www.comcastsupport.com
O15 - Trusted Zone: http://www.dslreports.com
O15 - Trusted Zone: http://cgi.ebay.com
O15 - Trusted Zone: www.frontierairlines.com
O15 - Trusted Zone: http://classic.zone.msn.com
O15 - Trusted Zone: http://www.papajohns.com
O15 - Trusted Zone: http://ssl2.papajohnsonline.com
O15 - Trusted Zone: http://ssl4.papajohnsonline.com
O15 - Trusted Zone: http://login.passport.net
O15 - Trusted Zone: http://www.pizzahut.com
O15 - Trusted Zone: http://www.popcap.com
O15 - Trusted Zone: http://www.southwest.com
O15 - Trusted Zone: http://www.stop-sign.com
O15 - Trusted Zone: http://security.symantec.com
O15 - Trusted Zone: http://securityresponse.symantec.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37994.175162037
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry
Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

[Heather]

http://forums.spywareinfo.com/index.php?s=&act=Post&CODE=00&f=11

Post the log to the above website and they will go thru it and tell you
what to remove......that is the one I use and recommend. I see some in
there, but would feel more comfortable letting the experts at the
Spyforum tell you.

Cheers...Heather

Listed below is the log file from Hijack This. What can I safely remove?

Logfile of HijackThis v1.97.7
Scan saved at 9:37:19 PM, on 1/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Home.ORGANIZATION\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network
Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network
Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [Zone Labs Client]
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - User Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet
Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: www.asu.edu
O15 - Trusted Zone: http://mailcenter.comcast.net
O15 - Trusted Zone: www.comcastsupport.com
O15 - Trusted Zone: http://www.dslreports.com
O15 - Trusted Zone: http://cgi.ebay.com
O15 - Trusted Zone: www.frontierairlines.com
O15 - Trusted Zone: http://classic.zone.msn.com
O15 - Trusted Zone: http://www.papajohns.com
O15 - Trusted Zone: http://ssl2.papajohnsonline.com
O15 - Trusted Zone: http://ssl4.papajohnsonline.com
O15 - Trusted Zone: http://login.passport.net
O15 - Trusted Zone: http://www.pizzahut.com
O15 - Trusted Zone: http://www.popcap.com
O15 - Trusted Zone: http://www.southwest.com
O15 - Trusted Zone: http://www.stop-sign.com
O15 - Trusted Zone: http://security.symantec.com
O15 - Trusted Zone: http://securityresponse.symantec.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37994.175162037
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry
Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

[It's a new year!]

Thanks for the help

http://forums.spywareinfo.com/index.php?s=&act=Post&CODE=00&f=11

Post the log to the above website and they will go thru it and tell you
what to remove......that is the one I use and recommend. I see some in
there, but would feel more comfortable letting the experts at the
Spyforum tell you.

Cheers...Heather

Listed below is the log file from Hijack This. What can I safely remove?

Logfile of HijackThis v1.97.7
Scan saved at 9:37:19 PM, on 1/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Home.ORGANIZATION\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network
Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network
Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [Zone Labs Client]
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - User Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet
Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: www.asu.edu
O15 - Trusted Zone: http://mailcenter.comcast.net
O15 - Trusted Zone: www.comcastsupport.com
O15 - Trusted Zone: http://www.dslreports.com
O15 - Trusted Zone: http://cgi.ebay.com
O15 - Trusted Zone: www.frontierairlines.com
O15 - Trusted Zone: http://classic.zone.msn.com
O15 - Trusted Zone: http://www.papajohns.com
O15 - Trusted Zone: http://ssl2.papajohnsonline.com
O15 - Trusted Zone: http://ssl4.papajohnsonline.com
O15 - Trusted Zone: http://login.passport.net
O15 - Trusted Zone: http://www.pizzahut.com
O15 - Trusted Zone: http://www.popcap.com
O15 - Trusted Zone: http://www.southwest.com
O15 - Trusted Zone: http://www.stop-sign.com
O15 - Trusted Zone: http://security.symantec.com
O15 - Trusted Zone: http://securityresponse.symantec.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -

http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37994.175162037

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry
Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

[Heather]

You are welcome. Btw.....browser hijacking is becoming increasingly
common and it is a vague thing at first to recognize. My home page
changed with the first couple......the last one prevented me from
opening IE to get to Spyforum. I keep Hijack This on the desktop as a
just-in-case.

CoolWebSearch is a bitch to keep up with and I will check out Sandy's
Darnit Page to see what links and new info she has added.

Sandi Hardmeier is a Microsoft MVP that I met on alt.comp.virus many
years ago. She has an excellent website on all sorts of malware, but
has been dealing with spyware and hijackers more as of late. I will
include the link below dealing with the hijacking......but there is
loads of stuff to read on her pages......so have a browse and see what's
happening out there. We see a lot of people on the MS news groups that
have one or more of these blasted exploits.

http://www.mvps.org/inetexplorer/Darnit.htm#menu

Cheers.....Heather

 

[Gabriele Neukam]

On that special day, Heather, ([email protected]) said...

browser hijacking is becoming increasingly
common and it is a vague thing at first to recognize. My home page
changed with the first couple......the last one prevented me from
opening IE to get to Spyforum.

Heather, why does that happen to you again and again?

I don't have to worry about homepage hijacks at all - maybe because I am
using Opera?

Why don't you deactive Windows Scripting Host and JScript; it would help
preventing from getting the IE hijacked every other day.

Or maybe switching to Mozilla/Firebird or Opera might help. Both are
immune to these attacks. I don't miss much on the web while browsing
with that exotic thingie from Scandinavia.


Gabriele Neukam

(e-mail address removed)

 

[Heather]

On that special day, Heather, ([email protected]) said...


Heather, why does that happen to you again and again?

Hi Gabby......

To be honest, it has only happened to me once.....from an older, out of
date, genealogy website that had been taken over by the 'bad
guys'......the other times were when my daughter and a soon-to-be
ex-fiance (picture Mum praying here, grin) were on here and I had
lowered my security for them.

And when the first one happened, it was almost a year ago and we didn't
know all that much about them then. But we do now. They are an
annoyance, rather than a problem, once you know what they are.

Or maybe switching to Mozilla/Firebird or Opera might help. Both are
immune to these attacks. I don't miss much on the web while browsing >

with that exotic thingie from Scandinavia.

Perhaps it would, but I happen to prefer IE.....and it usually is immune
to these takeovers with higher security. I have seen people come to the
MS groups who have a problem with Mozilla. Perhaps it is just 'user
error'.

But thanks for the information. I have looked at both Mozilla and
Opera, but never felt the need to switch.

Best.....Heather

 

[Bart Bailey]

I don't have to worry about homepage hijacks at all - maybe because I am
using Opera?

Same here.
I often wonder about folk that are chronically plagued with net trash.
Do you suppose it's a cyber form of Munchausen syndrome?

~~~
"oh no, my computer's ****ed up again,
someone take my hand and walk me out of this mess" ;-)

 

[Bart Bailey]

In
Message-ID:<[email protected]>

To be honest, it has only happened to me once.....from an older, out of
date, genealogy website that had been taken over by the 'bad
guys'......the other times were when my daughter

"it has only happened to me once.....
......the other times were when my daughter"

_once_ doesn't leave any room for _other times_
c'mon, fess up figgs,
how many times have you really been hit with these things? ;-)

 

[optikl]

with that exotic thingie from Scandinavia.

Perhaps it would, but I happen to prefer IE.....and it usually is immune
to these takeovers with higher security. I have seen people come to the
MS groups who have a problem with Mozilla. Perhaps it is just 'user
error'.

But thanks for the information. I have looked at both Mozilla and
Opera, but never felt the need to switch.

If you do decide to look at an alternative, look at Firebird, the
stand-alone Mozilla browser. It's a much better alternative to the
Mozilla bloat suite.

 

[Heather]

In
Message-ID:<[email protected]
om>



"it has only happened to me once.....
.....the other times were when my daughter"

_once_ doesn't leave any room for _other times_
c'mon, fess up figgs,
how many times have you really been hit with these things? ;-)

Me personally?? Once last March when no one knew what they were. And I
forgot....once a couple of weeks ago with the one that wouldn't let me
open IE.

The other two times were when said daughter and the jerk were using this
computer and they got them. They had both complained about the security
being too high, so I lowered it. Mea culpa.

And btw......two days ago, AdAware or Spybot (use them both every day)
warned me of two failed attempts to hijack IE.

Put it down to 'research'....I now recognize most of the symptoms,
grin!!

Figgs

 

[Heather]

Same here.
I often wonder about folk that are chronically plagued with net trash.
Do you suppose it's a cyber form of Munchausen syndrome?

~~~
"oh no, my computer's ****ed up again,
someone take my hand and walk me out of this mess" ;-)

Twit!! No.....I know how to get rid of them all by myself. No
hand-holding needed.

Btw......the latest variants of CoolWebSearch now disable your ability
to reach any sort of antivirus or spyforum website, I am told. So be
careful out there, my children...grin.

XX Figgs

 

[Heather]

Thanks, Optikl.......I might take a look at it. But I am way too
comfortable with IE6 (and too old to like change, grin).

XX Figgs

 

[Gary]

Me personally?? Once last March when no one knew what they were. And I
forgot....once a couple of weeks ago with the one that wouldn't let me
open IE.

The other two times were when said daughter and the jerk were using this
computer and they got them. They had both complained about the security
being too high, so I lowered it. Mea culpa.

And btw......two days ago, AdAware or Spybot (use them both every day)
warned me of two failed attempts to hijack IE.

I also use X Cleaner before shutting down. Two times now it said some
program had changed my default page in IE. It just changes it back for me.
But I never know who done it!

 

[Bart Bailey]

In Message-ID:<[email protected]> posted on Sat, 17 Jan

But I never know who done it!

Maybe let kijackthis have a peek at your config?
http://mjc1.com/mirror/hjt/

 

[Bart Bailey]

In
Message-ID:<[email protected]>

I know how to get rid of them all by myself.

Practice makes perfect, huh?
Do you think you'll ever get past the damage control regimen, and get to
the stage where they don't even make it onto your system? ;-)

 

[Heather]

In
Message-ID:<[email protected]
om>


Practice makes perfect, huh?
Do you think you'll ever get past the damage control regimen, and get

to the stage where they don't even make it onto your system? ;-)

OK Bartman......you got me there. ) SMACK!! Just added
MRU-Blaster and Spyware Blaster recently. And studying the stuff in the
Registry Cleaners.....lessons??

I will have to get up to snuff, as the saying goes......not quite the
same 'snuff' as you use, though. (VBG).

XX Figgs

 

[Bart Bailey]

In
Message-ID:<[email protected]>

lessons??

http://www.claymania.com/safe-hex.html

 

[Heather]

In
Message-ID:<[email protected]
om>

http://www.claymania.com/safe-hex.html

You ditz!! I meant lessons on the Registry stuff......not safe hex.

Figgs

 

[Bart Bailey]

In
Message-ID:<[email protected]>

You ditz!! I meant lessons on the Registry stuff......not safe hex.

Ditz?
I'm not the one with all the issues, and none of the solutions.

http://www.systweak.com/winreg/winreg.htm

 

[Fergie]

In
Message-ID:<[email protected]
om>


Ditz?
I'm not the one with all the issues, and none of the solutions.

http://www.systweak.com/winreg/winreg.htm

Super......that looks like the perfect place to start.......thanks,
Bart. I hesitate to touch much of anything in there until I understand
it better.

I take back the 'Ditz"......grin. Make that "Sir Ditz", ok??

XX Figgs