Posts by jholland1964

Although I understand (I think) what you are trying to say, why remove the link when it offers a clean and quick solution. What I believe you to be saying is that more is to be learned by making the problem's solution as difficult and time consumming as possible. This may be true, but I do not believe it serves the poster's interest in this case.

I did NOT remove YOUR link from YOUR post for the Symantec tool which is a legitmate tool and appropriate for the thread, though at this time I believe the problem is corrected but I left the link for others to see who may be having the same difficulties.

I removed mr. ashraf_amad's post because it was a link to a university website period and it offers NO information about solutions to infection problems. If links given have absolutely nothing to do with the problems in the thread then they can be considered spam and be removed.

I understand. Thanks.

You understand what?

Avast is an excellent program, and as you say, it's free. I highly recommend it.

Hi, welcome to daniweb. First of all it appears you still have portions of AVG 7 on the machine. You must Uninstall this completely. Go first to Add/Remove and make sure everything listed there for AVG is uninstalled. Then run this Tool to be sure it is gone. Download and save the tool to the desktop for easy access and then run it. Follow any prompts given. This should remove it completely.
It is possible that the tool has been deleted by the malware you are trying to remove, OR it could be blocked by Zone Alarm.
Follow these instructions from MBA-M forums;
Download a randomized renamed mbam.exe version from here.
Place the renamed mbam.exe in the Program Files\Malwarebytes' Anti-Malware folder on the infected PC and launch the renamed file.
Then malwarebytes should run.

In some cases, it will be needed to rename the random named mbam.exe to explorer.exe (this for example when you are also dealing with "Security Tool" or another fake scanner - you can actually bypass whatever it blocks by renaming the program/ exe file you want to run, to explorer.exe).

Once the renamed mbam.exe runs,
First step is to click the update tab in order to download the latest updates. After that then run a Full Scan with it and Remove Everything found.
Reboot the computer.
Run a new HJT scan and post back here with the MBA-M log and …

Hi welcome to daniweb, First of all, you said you all ready had Trend Micro so installing another anti-virus program was a mistake. Rule #1. ONE anti-virus program should run on a machine. Uninstall Avast. It is a great program but you can't run two.
#2. Registry Easy is not really a recommended program, plus "playing with" the registry unless you know 100% exactly what you are doing is a big mistake. Hopefully you made back ups of the registry before using this program.

Now we need much more information:
You say you have...

more than enough ram.

Well exactly how much is that? How large is your hard drive and how full is it?
Please do this:
Download HiJackThis and run a System Scan with it and save the log. Post back here with that log.

Here is some info on how to test if there is a corrupt file or add-in with Word from the Troubleshoot Word website:

If Word is not launching for you at all or is crashing or freezing as soon as it comes on the screen, odds are your global template is corrupt or something is loading automatically in your Word Startup folder that is misconfigured or corrupt. To see if it's a corrupt global template or some add-in that is loading on startup, go to your Start button and click on Run. In the Run box, type "winword.exe /a" (without the quotes, but …

Post the most recent MBA-M log.

Hi Mike, welcome to daniweb, First of all your MBA-M was out of date during the scan. Even though it found a removed a lot can you please update and do another Full Scan just to be safe? Of course if it finds something be sure and remove it like you did on the earlier scan.

What AV program are you running? I see McAfee in both the log and in Add/Remove but I also see Network Associates\VirusScan in the log. Was this an online scan you were running at the same time?

I also would like to see now a HiJackThis System Scan log to go along with the other two.
By the way, your java is out of date but that can be taken care of later, just wanted to mention it now in case I forget later.
Judy

Try it once more, if it doesn't work you can delete it manually by right clicking the icon and choosing delete.

Hello, other than the large amount of running processes which could definitely show the computer the main thing is you are running parts of an old Norton program along with Avast. Two anti-virus programs running on one machine is a big no-no.

Having looked through a previous thread you had here this summer, Internet Mystery where you asked about connection difficulties and page display problems it, you also had a huge number of running processes. It was recommended that you change anti-virus programs. But you did not uninstall Norton correctly because portions remain and are still running on the system. When uninstalling a program, any program, it should never be just deleted, it must actually be Uninstalled using Add/Remove or the specific programs actual uninstall file. This is part of your problem now.

Check Add/Remove and Uninstall ALL listings for Norton and Symantec.
Reboot your computer.

Then run the proper Norton Uninstall file for your particular version to be sure all is removed.

Another problem I note from your thread last summer, which remains to this day, is the fact that your Java program was way out of date then and is STILL way out of date.
Please go HERE and download the Offline Install to your desktop for easy access. Don't use it yet.

Next go to Add/Remove and Uninstall All previous versions of Java that you find there. Once all are uninstalled then go …

Did the program actually run a full scan when this happened?

Do you mean there were no instructions to follow?

Very often old drivers have to be uninstalled before new drivers can be installed.
Generally what is recommended is that old drivers be uninstalled, reboot. Tell Windows to "cancel" when it wants to reinstall the video card and then install the new drivers.
I believe this graphics card requires everything new when you do this, directx, everything.
I also found several notes on this Smart Doctor causing graphics problems, though this doesn't help of course with this issue now.

If you would prefer not to do this then allow Windows to go ahead and install the video card.

Hi welcome to daniweb, there is a good chance that this is malware of some kind. Please do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post …

=ep2002;1062260]1. Ok, I unchecked it.
2. The list of drivers, & when I went to go do a search, they don't have ASUS Extreme (only Innovations) & their year goes upto 2008, not 2009, so can you just shoot me the URL of where that new driver is so I can DL it. Thank you

http://support.asus.com/download/download.aspx
When you get to that page do the following:
First Click Graphic Card
Then click ATi Series.
Then scroll all the way down through the list and choose the model which is EAX300 Series.
When the page opens you will see
134 files found
+VGA (5)<<<<-----This is what you want
+Utilities (85)***No
+Manual (44)***No

Click the + next to VGA and choose the very TOP driver, that is the most recent one.

As far as those CIS Benchmark Score listings, ignore them. I have no idea what they are or what they mean. I don't get those on my computer because I am not running XP Pro. So ignore them.

Try this:
Could be a corrupted DNS cache in your Windows Vista.

Click on Microsoft Vista Start on the bottom left corner
Click All Programs
Click Accessories
Right click on Command Prompt
A black window will appear with a prompt.
At the prompt type: ipconfig/flushdns
You should get a message that says:
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

New to this so please bear with me. Working all day trying to get rid of this problem. It has improved but I still have a blue screen on startup.
Started out I had more than one virus. Many scans later I have eliminated some of the warning screens about numerous viruses but still have the win.32netsky problem.
After running the Malware bytes program and creating a log seemed better. I still have a problem though with ccSvcHost on shutdown.
Any help would be apprecieated.

Ritar, I have all ready told you that you must begin your own new thread. You will not receive answers in this thread. This is not your thread. We do not work with two posters on the same thread. Please Start a New Thread.

Looks good Lisa, now just these last steps.

You should remove HiJackThis, you don't need it any more.
You also should uninstall combofix. It basically is a "one time" fix. If a person is told to use it again some other time then a new copy would be needed.

* Click START then RUN
* Now type Combofix /u in the runbox and click OK. The space between the combofix and the /u, it must be there.
When shown the disclaimer, Select "2"

You also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.
If you believe all is ok then this one is solved.
Judy

New to forums...all day trying to get rid of this same virus..How do I know what to do with the HiJack This file?
Thanks..

You need to begin your own thread, stating the steps you have taken and posting the HJT log in YOUR own thread.
Judy

Yes, try that.

PhilliePhan to the rescue!!!!

Note at the bottom of the browser it says, Protected Mode On...

Have you tried to see if you can update and run MBA-M since the running of GMER? If not, try again.
Judy

Yes, that's the log.
One thing you should do is go to
Click on the Start button.
Now go to Control Panel, Programs there. Please click on that.
Now click on Program and Features
Click on Uninstall/Change button.

Uninstall AskBar. Reboot and run a new HJT scan and post the log back here. And also please give more specific information on the problems you are having.
Judy

Looking pretty good, just a few more fixes needed.
First of all go to Start, Control Panel, Admininstrative Tools, Services.
When that opens the list is in alphabetical order so scroll through until you find these:
FsUsbExService
PLFlash DeviceIoControl Service

Double click one at a time on each one. This will open the properties box of that service. First click the Stop button if it shows, this will stop the service. Once the service is stopped then click the Start Up type and change it to Disabled.

Do that for both services, they are definitely unneeded.
Reboot.
Run HiJackThis once more and put check marks next to the following entries if they remain:

O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Do...ridge-c139.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - http://www.btsecurity.bt.com/bt/bin/wizard.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

Once you have placed those check marks then click the Fix Checked button. Exit HJT.

Then download this program, Mike Lin's Startup Control Panel …

Looks much better, just a few more steps. Your Java is way out of date and needs to be updated.
Please go HERE and download the Offline Install. Save it to your desk top for easy access but DON'T run it yet.
Once it is downloaded then close all browsers. Go to Add/Remove and Uninstall ALL older versions of Java you find there. Once all are uninstalled then double click that Java install file on the desk top and install the new version, be sure to watch the install boxes, occasionally they will give you something else along with it, like a yahoo toolbar or something like that. If you see anything extra with a check mark in a box next to it, take that check mark out and then continue. When the install is complete then go back to the download page and on the right side you will see Verify Now. Click that to go to the verification page to see for sure if the installation was completed.
Once that happens then run a new HJT and post back with the log and we should have only a couple more steps.
Judy

Did combofix ever show you a log when it was complete?
Did you see the screens shown in my two attachments?

Give us another HJT scan and log.

I have a question, you said:

I thought maybe it was the way I downloaded the ComboFix

Did you download differently than the instructions stated?

Ok, I'm confused as to what I should DL from this list. Can you tell?

What list are you talking about?

So I should post there & tell them that I have 2 instances of the card on my computer & I'm getting that error message?

You don't have two cards on the system, only one:
ASUS Extreme AX300 Series Secondary [Display adapter]
What I first thought were two cards actually are the Display adapter from ASUS and then the NVIDIA nForce Networking Controller so that was my mistake. You should check to see if there is an updated driver available

System Security Status
CIS Benchmark Score
Score
3.13 of 10 (details...)

What ARE the details given in that CIS Benchmark Score? That will tell you why it is 3.13 out of 10

Forgot about addressing the Smart Doctor.
If you think I don't need it b/c of the graphic card issues, I can uncheck it, I just thought b/c I'm having problems, it would help.

It isn't a required program. Honestly it might be the cause of your problems. If you uncheck it and stop it from running it isn't going to hurt anything. Try it for awhile and see if that makes a difference. You can always go back in and put the check mark back it, reboot and it will restart. This doesn't remove anything, it just stops it from auto starting.

Please download GMER Rootkit Scanner:
http://www.gmer.net/download.php

-- DoubleClick the .exe file and, if asked, allow the gmer.sys driver to load.
-- If you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click NO

-- Make sure the Rootkit/Malware Tab is selected (Top Left of GMER GUI)
Along the Right Side of the GMER GUI there will be a number of checked boxes. Please Uncheck the following:
- Sections
- Drives or Partitions other than your Systemdrive (usually C:\)
- Show All (be sure this one remains Unchecked)

-- Then, click the Scan Button
Allow the scan as long as it needs and then save the log to where you can easily find it and post it for us.

***Disconnect from the internet and do not run any other programs while GMER is scanning. Temporarily disable any real-time anti-spyware or anti-virus protection so they do not interfere with the running of GMER.
Post back with the log.

Not so fast!!! There is NO guarantee the infection is gone yet. Even though things seem to be working well at the moment. We need to see the log from MBA-M.
Plus you need to now Update MBA-M and run a Full Scan in NORMAL mode.
Have it Remove Everything it finds.
Reboot.
Then download and run HiJackThis. Save the log.
Post back here with the MBA-M log done in Safe Mode, the MBA-M log done in Normal mode and the HJT log.
Judy

Can you please post the MBA-M log?

No the actual file, not the name has to be uploaded to their scanners. This IS a legitimate file but GMER has flagged it because it has been altered, probably by the rootkit.
I would like you to try now to run combofix again. Delete the one on the desktop and install a new one using your flash drive. I will keep my fingers crossed that it will run this time. If it will it may also fix that flagged file.
The log should be located at C:\Combofix.txt when it is complete. Post the log back here.
Judy

Qoobox is combofix Quarantine file we don't want that right now. Don't worry about uninstalling combofix, that has to be done a specific way and I will give instructions for that later.
Forget about looking for the log for now.
Update MBA-M and do another Full Scan with it. Have it REMOVE all found.
Reboot. Come back and post that new MBA-M log.

sorry i didn't know wont happen again, but i reran gmer and i had no red entries but one entries was marked as suspicious do i delete it

I don't know what was the suspicious entry? Was it this same one showing from your previous logs?

C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

You might upload it to http://virusscan.jotti.org/en and see what all those scanners say about it.
When you go to the jotti page put the full listing into the window like this C:\WINDOWS\system32\drivers\atapi.sys
and then have the scans run. This should show a report on what all those different scanners say it is.
Report back on what they say then we can go from there.

i installed spyware terminater a few days ago and i'm going uninstall it. thats the most useless program i've used since i've installed ashampoo firewall, oh and i just deleted those entries and i'm run gmer again and report back here but i hope it's not like mba-m and say infections are deleted but when you rerun the program the infections are right back there

Ok, two things I want to say #1.if you want us to help you clean your machine then you have to follow the steps we give, installing SpywareTerminator would never have been one of them and a "go ahead" to install programs without checking here first also would not be something we would say to do. This can really cause major problems when working on a fix, some programs interfere with others and if we happen to give you a program to run, without you saying you installed something else then major damage can be done.
#2. The reason the infection keeps coming back has absolutely NOTHING to do with MBA-M. If IS removing it BUT what this is is a Rootkit, a very difficult infection to remove because part of what it does is not allow programs like MBA-M and others to complete their job or do it completely. This is why special tools must be used to try to remove it. SpywareTerminator isn't one of them.

two entries marked red i didnt delete them thay were Service C:\WINDOWS\system32\drivers\nmxco.sys (*** hidden *** ) and
File C:\WINDOWS\system32\drivers\nmxco.sys

Did you notice that GMER said 79744 bytes executable <-- ROOTKIT !!![/B] next to the entry...you need to run GMER again and no matter the name of the file if it is noted as ROOTKIT then DELETE it. This is why you cannot get the computer clean, there is a rootkit on there, it is renaming itself to avoid being caught.
By the way, I see SpywareTerminator listed in this log, when did you install that?

Hi, welcome to daniweb,
See if you can boot to Safe Mode with networking, this might be a way to keep this from loading itself at start up. If you can then try to do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop but when it asks where to save it, it should say "Save As..." give it a new name, like wife.exe. Be sure that .exe is there and save it to the desktop.

For this FIRST run, go ahead and run it in Safe Mode if you can get it downloaded. This is not the recommended way to run because Safe Mode doesn't allow this tool to load all of it's drivers, but since you can run no tools in Normal Mode this would be better than no run at all. If you can get it to run and remove some infection then I will have you try normal mode later.

* DoubleClick mbam-setup.exe (remember you should have renamed this so it won't have that legal name but whatever new name you gave it) and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then …

Warlock, this thread is six months old and the original poster never returned so we DO NOT know for sure what happened to him and the second poster actually hijacked the thread and posted logs without stating his problems.

You need to begin your own thread. It is possible you do not really have the same infection as the original poster. Begin your own thread, with its own title and state all the problems you have been having. Also list all steps you have taken and post any logs you have from tools you have run.

Did you put combofix on your desktop as originally noted? I have not seen it in a folder before as your attachment shows.
Did you open that combofix folder and see what is in it?

Have not seen this before but suppose it possible this Combofix file is hidden.
Do the following:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Now look for that combofix txt. file.

I dont think i should be getting malwear and stuff. Any thoughts?

A MUST have is SpywareBlaster.

SpywareBlaster doesn't scan for and clean spyware--it prevents it from being installed in the first place. SpywareBlaster prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites.

I wouldn't run a computer without it. Download, install, update, Enable ALL protection, including Restricted Sites. Close the program, that's it. It doesn't run in the background but protects your computer from all the nasties.
You need to check for updates on a regular basis. It doesn't update often but check every week or so to be sure. When there is a new one, download, install, enable and close.
The last thing you need to do is set a new, clean Restore Point. To do this do the following:
. Do this by right Clicking My Computer and choose Properties. Go to the System Restore Tab and place a checkmark in Turn off System Restore. You will receive a warning that you are about to turn off System Restore and ask if you are sure, click yes.
System Restore will shut down. Wait a minute or two and then do the reverse and turn it back on. This way if you do need System Restore you will be certain that the restore points …

Just double click My Computer. When that opens Double Click "C" drive. When that opens scroll through all you see there. It should be there. Remember, after all the Folder icons, the last one you see will likely be Windows, then you will probably see .DLL icons, then someplace near the top of the list you will see a TEXT Icon named ComboFix. Take a look at my attachments to see what they look like.
When you find that combofix double click to open it up. It will be in Notepad very likely. Go to Edit, Select All, Copy.
Then come back here and paste.
Take a look at my attachments.

Try running GMER again and when it shows these files:

C:\WINDOWS\system32\drivers\qkmazwv.sys
C:\WINDOWS\system32\drivers\str.sys

right click on them one at a time and select delete. If it will not delete, use the kill option first.

If successful, run Gmer again and post the log.

Don't give up yet. Let's see what we can find out.

Geeze, I am so sorry. I have been consulting on Crunchie about this so I am going to have him take a look here and see what he suggests, ok?

RichardV, this thread is nearly 5 years old any suggestions on this one would likely no longer apply today.

You need to begin your own thread, state your problems, what steps you have taken thus far and somebody will help you.
Judy

As kaninelupus and I have discussed this at length via PM's and I believe have settled this question privately, I would like to say again to
childsplay1991 I am sorry for the minor thread hijacking that has occurred here and hopefully you will come back and let us know how things are working. If you are still having problems please list them and I will be most happy to continue to help you resolve the difficulties you have been having.
Judy

I'm still confused about that graphics card issue.

I guess you weren't able to figure that out?

I am sorry, had all this saved to post to you and forgot. It appears that you have the correct driver but maybe you need a newer edition. Don't know when you installed it but the latest edition came out in April of this year so you might check the page and see if the newer driver is the same one that you have.
You noted this earlier:

When I went to look for the name of the graphics card (see below), first it only had 2 names there, not 3 & second, it looks slightly different than what I pulled from the word doc. I thought maybe it was a typo, but even the URL has the letter "E" in it.

I may be wrong but I believe the "E" applies to the actual name of the card with is ASUS Extreme AX300 Series Secondary, which is where the "E" would come in.

Is there a reason you feel you need the Smart Doctor running all the time? Do you overclock your card? Do you change graphic settings all the time?

You might want to begin a thread in our Monitors, Displays and Video Card forums, there would be more people there who know about correct settings, video cards, etc., than I certainly do.
Judy

here we go ..Hope this is done right

You are doing a great job and have done everything right. Now since many more infections were found and removed with the ESET Scanner I think it is time to "bring out a big gun"

You may want to print these steps out just to be certain you know what to expect and also you won't be able to have internet access during part of the running of this next tool.
You can find these instructions with pictures at http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Here are the instructions simplified.
Download Combofix

You will get a prompt asking if you want to run or save the file. Choose SAVE and save it to the desk top. DO NOT RUN it YET
You must take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as …

Oops! Marked this as solved before you said it was all ok. If it is then let me know.
Judy

Here is the list, not a lot but these certainly don't need to be auto starting, if nothing else they slow the start up:
QuickTime Task-System Tray access to Apple's "Quick Time" viewer from version 5 onwards
msnmsgr-Available via Start -> Programs. Go to MS Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
MySpaceIM-again not required to auto start and can use valuable resources.
I recommend using Mike Lin's Startup Control Panel to stop these. Free program, very easy to use. Just download and run the program, remove check marks from the auto starts you want to control, close the program and reboot.

I see she is using AVG 9 for her av program and firewall, depending on how much space is remaining and how much RAM is installed, this could also be consuming a lot of resources. Now if she has the paid version then the program should stay, if she is using the free version she might consider using a different free av program and firewall which do not consume so many resources.
Avira and Avast are two excellent free programs. Avast is a bit "bigger" than Avira but either one is very good.
If you choose to change av programs then download one of those first to the desktop. Then Uninstall the AVG and then install, update and enable the new one.

There are also several good, free firewalls available;

Hi Jarredf, This log looks much better. Is your Mom the only user on the computer? I am putting together a list of auto starts that are unneeded and will be back in a few minutes.
How large is the hard drive and how much free space is remaining? How much RAM is installed on the computer?
Judy