Att: CH Authorized Malware Removal Specialists - details and all logs included

[Skeye]

I , in true newbie fashion, posted this to the incorrect forum (Windows), so here is the break down from a couple threads:

OS: XP Home
version '02 SP3

Compaq Presario
AMD Athlon XP 2600+
2.13 GHz, 224 MD RAM

Browser: Firefox latest version

Windows security setting on High.

Skill level: I am a computer 'user', not a programmer or thoroughly understanding of a computers ins and outs. No DOS experience really. So moderate navigational ability.


After my system BOSD'd, a friend lent me his system he has had in storage for awhile. He apparently maxed most of his hard drive memory space with music programs and files mostly. It had been operating between just under a 100 MB at times(I know, this is dangerous) to just above 400. When it was around 200 I consulted with my friend on what programs I could possibly remove to free up space. We removed what should have been about 200 to 300 MB, but when I looked there was just over 300 MB.

Well, it was operating okay and staying above 300(I clear the cache and temporary files after every internet session), but then there was a small Windows security update(regarding 'remote access' threat) and shortly after that I noticed it was up over 600 MB!

Yesterday, it took a long time for the system to start up and for the user profile to get started as well, then my Windows firewall alerts me it was inactive. AVG has had the email scanner mysteriously disabled a couple times recently, but 'righted themselves'. One time about 4 of the AVG scanners were inoperative, but I restarted and it was fine.

Also, recently AVG has isolated a couple potential 'hack tools':
10/22 - C:\hp\bin\Terminator.exe
10/24 - C:\System Volume Information\_restore{long line of numbers and letters}\RP8\A0000685.exe

This second one seems to possibly be relevant to my problem:

Sometimes it will be moving along just fine and then other times super slow. After the Windows security update it seemed to be moving along great, but I am on Facebook, Youtube, Tribe.net, Myspace which seems to drag it down and fill up space even after clearing internet files. Today though, I changed some settings in the System's Performance Advanced options to see if that could help with memory usage and I was on Tribe for awhile, clicked some links to Youtube and one to the ACLU's site, and after this I check my MB and it's down a bit even after I clear things, so I decide to restart the computer because it seems that helps sometimes.

Now, usually when it is starting it goes to the screen where you have two options of what to start up in and it is set to wait only 3 seconds and loads up in what it has highlighted to begin with, and that has been Windows XP Home edition, but this time it says System Recovery Console first and WinXP H ed. second and I didn't catch it before it advanced. It gave me 3 options (2 from D:\, 1 from C:\Win XP), I was able to hit enter to have it restart and then move the bar down one to highlight WIN XP HOME and then start, it worked, but when I enter my user account both the AVG and Windows firewalls have been disabled!

I enable them and restart, but it is still wanting to start in System Recovery Console.

What is going on?!

It occurred to me that possibly this computer had been 'zombied'(not really sure how that works, but I get the gist), after the Win sec. update freed up so much space and it was moving faster, like it had disconnected something that was on here taking up space and operating time, but I really don't know.

I came to this site to post to forum, clicked on the Support graphic on the main page first, then the 'Display your system information and plugins and saw that it was recommended to update things because they have necessary security updates as well. I did Java first, odd things with Java had been happening(it was interfering with my accessing Hushmail.com) so I was hoping this would help, but after installing the Java site has a test graphic that didn't work and gave me this:

Java Plug-in 1.6.0_10
Using JRE version 1.6.0_10 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\S&S
----------------------------------------------------
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
l:   dump classloader list
m:   print memory usage
o:   trigger logging
q:   hide console
r:   reload policy configuration
s:   dump system and deployment properties
t:   dump thread list
v:   dump thread stack
x:   clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------


TestVM 8.18 sc
Copyright (c) 2008 Sun Microsystems, Inc.
All Rights Reserved.
Current JRE version set in file: 
java.lang.NumberFormatException: For input string: " "
   at java.lang.NumberFormatException.forInpu tString(Unknown Source)
   at java.lang.Integer.parseInt(Unknown Source)
   at java.lang.Integer.<init>(Unknown Source)
   at testvmDynamicJavaComPopUp819.init(testvmDynamicJavaComPopUp819.java:269)
   at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
   at java.lang.Thread.run(Unknown Source)
Exception: java.lang.NumberFormatException: For input string: " "
Exception in thread "Thread-13" java.lang.NullPointerException
   at testvmDynamicJavaComPopUp819.run(testvmDynamicJavaComPopUp819.java:440)
   at java.lang.Thread.run(Unknown Source)

~~~~~~~~~~

Computer seems to be operating okay right now, not too slow, but I still want to know what is going on when it is booting up.

Thanks for any consideration.

P.S.: I forgot to mention that I ran an AVG full system scan last night as I went to bed, got up in the morning, woke it up out of 'sleep' and AVG said it didn't find anything.


8:03pm Update: Just restarted the computer and noticed that it says Microsoft Windows Recovery Console, in case that makes a difference, and now AVG says the E-mail scanner is inactive again.

~~~~~~~~~~

Monday 10/27 1:24pm update: Tried a system restore(check point 10/24) and now the boot directories are switched back to normal, with Windows XP Home first and Win Recovery Console second, boots like normal, but when I entered my user account the first time it said System Restore renamed files to preserve integrity:

Cache -----> Cache(2)
location: C:\Documents and Settings\S&S\Local Settings\Application Data\Mozilla\Firefox\Profiles\57nrewse.default

winspamcatcher.dll -----> winspamcatcher(2).dll
location: C:\Program Files\AVG\AVG8

netapi32.dll -----> netapi(3).dll
location: C:\WINDOWS\system32

AVG had 4 components off again(Firewall, Email scanner, Web Shield and Update manager). It was at the restore point where I had to do the Windows security update installation(regarding 'remote access' threat), so reinstalled and restarted. It booted okay still and the AVG Update manager was on, other 3 still off.

Did restore again(10/21), booted okay and system restore says: Restoration Incomplete. Tried this for 3 more dates back, no more before the 17th due to low disk space I believe. So at this point it is booting okay, but AVG is still messed up and it is back to loading real slowly.

I tried to do a System Restore Undo, but wouldn't do that either.

As it stands: boots okay for now....AVG8 Firewall, Email scanner, Web Shield are inactive and cannot activate. HD space real low again(was at around 600MB, but now almost 200), otherwise navigation is okay, slow but not too slow.

Thanks!   

[Skeye]

AVG8 just did an automatic update, I had attempted updates earlier today, but said none available....all still the same though.   

[Skeye]

Okay, I got started on the Malware Removal, but I am to step 4 and am down to 218 MB.

Here is my first log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/27/2008 at 05:59 PM

Application Version : 4.21.1004

Core Rules Database Version : 3610
Trace Rules Database Version: 1596

Scan type       : Complete Scan
Total Scan Time : 01:39:07

Memory items scanned      : 302
Memory threats detected   : 0
Registry items scanned    : 4416
Registry threats detected : 0
File items scanned        : 64137
File threats detected     : 2

Adware.Tracking Cookie
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt


I could download the other programs required to finish this, but it is getting dangerously low. What should I do?   

[Skeye]

Well after AVG did another auto update, I now have around 300 MB so I am proceeding with the program downloads and here is my second log:

Malwarebytes' Anti-Malware 1.30
Database version: 1329
Windows 5.1.2600 Service Pack 3

10/27/2008 9:06:19 PM
mbam-log-2008-10-27 (21-06-19).txt

Scan type: Quick Scan
Objects scanned: 51501
Time elapsed: 11 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cryptographic Service (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System Update (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\results.txt (Malware.Trace) -> Quarantined and deleted successfully.

[Skeye]

Had to remove old Java and during the time before I downloaded new version the computer seemed to run better. Forgot to check if AVG was better then, but it still has the 3 functions 'stopped/inactive'. Here is my last log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:37 PM, on 10/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=22028
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgfws8.exe (file missing)
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4480 bytes

[Skeye]

I just saw this thread this morning that addresses somewhat of what I have mentioned, which is the fluctuating usage of free space on HD:

"Memory space keeps decreasing".... Is this a virus?
http://www.computerhope.com/forum/index.php/topic,69137.0.html

This is why I mentioned the possibility of a 'zombie' attack. To me it would make sense that if the computer was being used by another party there would be fluctuations like this. Also, like I mentioned, after Windows updated with the security patch for 'remote access' the MBs went up big time.

Windows firewall is operable, but at this time AVG is still down, I am considering removing AVG and trying another security program, but hope I can get a reply soon. 

I know you guys are busy and I am grateful for all you have helped with before. 

[evilfantasy]

You keep bumping your post to the top of the forum which actually moves you farther down the waiting list. We start with oldest posts first. Chill out, this is a busy forum and only 2 of us helping here.

[evilfantasy]

After all of that waiting I don't think this is a malware problem. There are a few things to do though.

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"AlcxMonitor"=-
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

----------

I'm not sure what it is. Please continue in the Windows forum.

Sorry for the wait

[Skeye]

SUCCESS! Thank You evilfantasy!

Not sure what this was for, but let's hope it helps.   

There was a long list of stuff in there. Was that just a generated list of files or potential things that needed to be fixed or deleted?

This hard drive hasn't been defragged and it is mostly red. I was advised by a 'geek' buddy of mine not to worry about that, because it would take way too long and potentially do more harm than good at this point. Which seemed odd to me.

I'm still concerned about the fluctuating disk space usage, but I will check that other thread for more info.

Now my main problem is still AVG8. I noticed something while exploring it:

I went into Firewall and Tools-->Firewall Settings

And on the left menu noticed Standalone Computer (which I have this designated as, because it is not networked) and opened it and clicked on Applications. It showed a list in the main window and these three things are designated to be blocked:

- Local Security Authentication Server
- Remote Desktop Help Session Manager (which I see as probably appropriate)
- RunDLL32

I'll look to see what other forum I should post this in for AVG help, but just thought I would mention in case you know anything on this.

Thanks again for your time and efforts!

BIG Cyber Hug and/or Hi-five! 

[patio]

I was advised by a 'geek' buddy of mine not to worry about that, because it would take way too long and potentially do more harm than good at this point.

Stop taking this geek buddies advice right away...

[Skeye]

Well. I got the AVG fixed after attempting a few things on the AVG support site: I downloaded a new installer file and told it to 'repair'. Not only did it reapir, but I went from being almost down to 100 MB because of having to download all these fix programs, to 1.1 G! So I don't know, just hope it stays cool for awhile.

I opted for the AVG toolbar, let's see if that helps.

Thanks again to the CH gurus! 

And yes patio , my 'geek buddy' is a computer engineer, but I believe he thinks he knows more than he really does at times. I know where to come to when I need help now.   

Really though, he means well and has been fairly helpful before, I am just getting an idea of his limitations. lol!

Peace y'all!

[evilfantasy]

I would try a good defrag. Sometimes it works wonders...

First give the disk a good cleaning of junk files to help the defrag work faster.

Download and install CleanUp!.exe

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

• Click Options...
  
• Move the arrow to Standard CleanUp!
  
• Uncheck the following: (if checked)
  • Delete Newsgroup cache
    
  • Delete Newsgroup Subscriptions
• Click OK

Click the CleanUp! button to start the program. Reboot/logoff when prompted.

----------

Defragment your hard drive

I suggest installing a good FREE third party defrag utility. It works much faster then the built in Windows defrag. Defraggler - http://filehippo.com/download_defraggler/

You don't have to but to help it work better you can run it in Safe Mode.

A tutorial for disc defragmentation is available at BleepingComputer.com

[Skeye]

Wow, awesome EF!   

I just had a feeling to come back here and see if there was anything else posted and boy am I glad I did.

Overall the hard drive space is fluctuating between lower 900s to just over a gig, but the CCleaner really seems to help clear out the most. It finds things that Windows and Firefox don't. It drags sometimes depending on the graphic intensity(videos and such), even after I have stopped being on those pages. Like just now, I minimized this window(no other tabs or anything else running, although I do have that AVG second icon with the triangle that says its scanning but its not as far as I can tell) and it slowly 'melted' down(like a transition in a video where the page disappears from top to bottom).

Anyway, glad to hear about CleanUp...I'll go download it now and follow these instructions and let you know how it goes. Thanks again EF, this has been a great relief.   

[evilfantasy]

Note that CCleaner only cleans the account that you are signed on to. If you have multiple users it needs to be run on each account. CleanUp works on ALL accounts.

[Skeye]

Note that CCleaner only cleans the account that you are signed on to. If you have multiple users it needs to be run on each account. CleanUp works on ALL accounts.

That's definitely good to know...should I uninstall CCleaner after I have CleanUp?

I went to the site to download CleanUp and it was down for maintenance.   

I'll check back...

I read the tutorial and noticed this:

"A partition must have 15 percent free space on the drive for the Disk Defragmenter to work properly."

D'oh! 

I only have a gig on this 32.2 G HD.    

Oh well...I'll still get CleanUp, sounds like a better program.

Oh, EF...I forgot to ask what that file you had me integrate(?) was for, what did that do?   

[evilfantasy]

"A partition must have 15 percent free space on the drive for the Disk Defragmenter to work properly."

You shouldn't have anything to worry about. If there is not enough space you will get an error saying it can't run. If so just boot into Safe Mode to run the defragmenter.

The reg fix was just a low level piece of spyware/resource hog. Not really dangerous just overly useless! See HERE for more information.

Get CleanUp from HERE

I use CCleaner almost every day, sometimes twice if I am doing a lot of downloading/uninstalling. CleanUp is much more powerful and I will run it less often. So it's safe to say that CCleaner is safer to use. I don't think CleanUp will do any harm but I still just use it before I defrag.

[Skeye]

You shouldn't have anything to worry about. If there is not enough space you will get an error saying it can't run. If so just boot into Safe Mode to run the defragmenter.

Will do...

The reg fix was just a low level piece of spyware/resource hog. Not really dangerous just overly useless! See HERE for more information.

Thanks...and I got CleanUp! now and went to run it, it recommended running it in demo mode for the first time and when I did it found over 200 files and about half of them were 'prefetch'. I didn't know what that meant so I googled and came across this article: http://www.edbott.com/weblog/archives/000743.html

I haven't read it all, but there is some seemingly informative discussion in the comments. If you have the chance to read some of it, what's your take on the whole prefetch thing? Someone did mention that after using CCleaner that their comp ran slower and mine has been as well, just not sure what to attribute it to yet.

I'll keep both cleaning programs, but am interested to hear your feedback.   

[evilfantasy]

I'm very familiar with that article. When I said CleanUp is more powerful that's what I was talking about. Cleaning the Prefetch too often can actually decrease performance. CCleaner will only clean the Prefetch if you manually activate the Advanced options which are not checked by default. Once you do the defrag it should help with performance. Doing a disk cleanup adds more fragmented files to the disk.

[Skeye]

So I checked out the link and noticed that this is a file I see in the CleanUp! scan:
C:\WINDOWS\Prefetch\ALCXMNTR.EXE-30324980.pf

Do you recommend the download they are offering on there? Is it any different than the two other cleaning programs?

I think I am going to go ahead with the cleanup and defrag tonight and will let you know how it all comes out.    

I was trying to post and it said to check the posts and I see what you are here.

CCleaner will only clean the Prefetch if you manually activate the Advanced options

But I followed your instructions and it showed that prefetch would have been deleted if I had actually run it. I'll check the settings?

[evilfantasy]

I won't vouch for any software offered on another site, only for what I know is safe

CCleaner cleans old Prefetch files by default, not the whole folder.

You've just got to trust when I say nothing will be harmed. It's all normal maintenance.

[Skeye]

CCleaner cleans old Prefetch files by default, not the whole folder.

Did you mean CleanUp!?   

Yea, I'm trusting you, just being as cautious as I can be since it's not my computer.   

[Skeye]

I'm outta her for tonight...and as usual: THANKS!   

[evilfantasy]

Did you mean CleanUp!?   

Nope. I said it right.

[Skeye]

Yea, I just got confused on what program we were talking about.   

So, I ran defrag and this is how fragged it was:

I started last night at about 10:30 and it just stopped(saying it was finished, maybe it got tired? lol!) at 12:40 pm...and it is still about half red, like my computer would be when I initially go to defrag. I don't think my friend ever defragged this computer.   

I'll finish it later, but for now this should do. So far computer seems about the same.
Anyway, just good to have these resources and to be learning some more about how a computer works.

AVG is behaving for now. It seems like it was scanning yesterday, even though when I opened it up it said it wasn't and I don't have it on automatic scan. In fact I scheduled it for Sunday at 9am. So I don't know what's going on there.

Any thoughts on the AVG8 toolbar, does it help any to have it visible like that or does it drag on the computer? It seems to load longer consistently now.

Once again...Muchas Gracias Amigo(s)!   

Peace!

[Skeye]

Oh! And my hard drive free space is up to almost 2gigs!  woohoo!   

Now we'll see what happens as far as the 'eating away' or oscillating of it.

[evilfantasy]

Turn off Link Scanner. You and your PC will appreciate it.

[Skeye]

Ahhh...OK. I've only seen two red Xs before and that was on a couple side ads for AVG downloads, their addresses looked suspicious too.

[Skeye]

I'm not finding it so easy to to do. 

I go into the AVG console, click on Link scanner, but it does not have an easy 'enable/disable' option. What it does have is:

Enable AVG Search-Shield(need web browser restart)
Enable AVG Active Surf Shield
Enabled reporting of exploited websites to AVG

And all three are checked.

Now I also right click on the Link Scanner Icon in the main console and it gave me these options:

Open

Ignore component state

And when I click on the second option it turns the white check mark in a green box to a white  ! in a green box. Does that essentially turn it off? It says it is still active though.

[evilfantasy]

I don't use AVG but I would imagine that by unchecking everything it would be turned off.

Install Site Advisor. It does the same job essentially without using the resources that Link Scanner does. http://www.siteadvisor.com/

[Skeye]

Okay...I'll uninstall AVG toolbar and download siteadvisor. Love those small programs! 

[Skeye]

Got siteadvisor and can't uninstall AVG toolbar. Have been to the AVG site, have searched on how to, the only option it allows in the add-ons management is 'disable'. This is one reason I don't like AVG or any program/company that doesn't provide for an easy uninstall. WHat security do you use EF?

[evilfantasy]

Personally I prefer using Avast.