re: PeopleOnPage, WildTangent and a couple other lil buggers... Wednesday, February 4, 2004 at 8:54 pm Windows XP Annoyances Discussion Forum Posted by Ms. Eagle (33507 messages posted) Oh boy, there's not one spyware app or any other baddie showing up in your log, with the exception of Earthlink's Popup blocker. It's ironic that they include Spysweeper, but install a trojan. ISP's can't be trusted anymore either. They're not the only one. I'll address these other things one at a time. You said, "when I run the online checkers The POP, WT, and a couple of cookie catchers show up. Atdmt, bluestreak, double click (cookies)" I don't know about Earthlink's online checker, but Spywareinfo has an online spyware scanner. I'd rather go by them. That website is the best resouce on the net for info. on spyware. Is that the ONLY reason you assume you have that problem with POP and WT? If so, I'd forget it, if you not having problems. Note: I suggest, if after doing these things, you still have problems, run HijackThis and hit the Config tab - Misc. Tools - choose generate a StartupList. It'll automatically save the log and open in Notepad. You can post it here if you want to. It sounds like you're familiar with using the Registry editor, and that log will show you what's located where in every startup location on your system. Off the subject: There's an application called "IESpyads", which is a registry file with a long list of URL's to add into the Restricted Zone. It's a reg file to merge, a host file. There's a download link on "Spywareinfo.com" site under spyware prevention software. You can read about it. I also use Jason Levine's Cookie Jar to manage cookies and easily clear them out (See URL below). A couple online Browser Security Checks: http://www.cyscape.com/showbrow.asp?all=1&bhcp=1 http://www.jasons-toolbox.com/BrowserSecurity/ActiveX.asp You said, "I also did the EIFIX.reg to hopefully restore a few things to default". You mean IEFix.reg, I assume? Anyhow, you missed a couple VERY important things in your log. Browser restrictions!! I'm surprised you didn't notice it in the HijackThis tutorial. Have these two entries fixed: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Fix this entry only, if you DO NOT use a Proxy Server: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080 You can read the descriptions for these on Sysinfo site. You can search by pasting in the filename with the .exe extension. You may, or may not, want to restore the backups for these five 04 entries in Hijack This: O4 - HKLM\..\Run: [PS2] C:\hp\drivers\keyboard\PS2.EXE O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\LogiTray.exe Sysinfo.org - startuplist You may want to remove this from startup, after checking the description>>> nopdb.exe (Symantec) http://www.answersthatwork.com/Tasklist_pages/tasklist.htm FYI, In Spyware Weekly, March 19, 2003, they had an article entitled "Earthlink's Pop-up Blocker A Trojan?" (Their newsletters are archived, in case you're interested) Quote: Worth looking into: "Earthlink program's Popup stopper is a Trojan and is very bad news. That's if you've installed one, that they may have advised you to do. Why Earthlink's Pop-Up Blocker is Very, Very Bad...." Earthlink Wants Total Access (to Your PC) http://www.pbs.org/cringely/pulpit/pulpit20030206.html {Snip} You don't have to install Earthlink's software CD, in order to have internet access through them. They don't tell people, unless you ask. AOL is the only IP that's an exception to the rule. Don't even get me started on AOL. LOL....All you need is a Dial-Up (or another type) connection set up and a browser. Btw, security experts are recommending (actually pleading with people) using Mozilla, Mozilla Firebird or Opera anything but Internet Explorer. Written in response to: PeopleOnPage, WildTangent and a couple other lil buggers... (US_Blue: Tuesday, February 3, 2004 at 12:35 pm) There are presently no replies to this message. All messages in this thread [show all] PeopleOnPage, WildTangent and a couple other lil buggers... (US_Blue: Tue, Feb 3, 2004, 12:35 pm) re: PeopleOnPage, WildTangent and a couple other lil buggers... (mojo7819: Tue, Feb 3, 2004, 1:30 pm) re: PeopleOnPage, WildTangent and a couple other lil buggers... (Ms. Eagle: Tue, Feb 3, 2004, 6:34 pm) re: PeopleOnPage, WildTangent and a couple other lil buggers... (US_Blue: Wed, Feb 4, 2004, 4:51 am) re: PeopleOnPage, WildTangent and a couple other lil buggers... (Ms. Eagle: Fri, Feb 6, 2004, 2:10 am) re: PeopleOnPage, WildTangent and a couple other lil buggers... (Marcos: Mon, Oct 10, 2005, 11:19 am) re: PeopleOnPage, WildTangent and a couple other lil buggers... (werner: Tue, Feb 3, 2004, 6:42 pm) re: PeopleOnPage, WildTangent and a couple other lil buggers... (werner: Tue, Feb 3, 2004, 7:04 pm) PCHELL.com (US_Blue: Wed, Feb 4, 2004, 4:46 am) re: PeopleOnPage, WildTangent and a couple other lil buggers... (Ms. Eagle: Wed, Feb 4, 2004, 8:54 pm) Reply or follow-up to this message Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows XP Discussion Forum