|
Yet another hijackthis log...
If any of you with the knowledge and time would care to offer suggested remedies for any nasties found here it would be appreciated.
The PC it is from boots very slowly and gets page redirects and context related pop ups when browsing. Logfile of HijackThis v1.98.2 Scan saved at 14:31:33, on 10/11/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe C:\WINDOWS\Dit.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\htpatch.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\DitExp.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Palm\HOTSYNC.EXE C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Microsoft Works\MSWorks.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\NaviSearch\bin\nls.exe C:\Program Files\BullsEye Network\bin\bargains.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\Program Files\Microsoft Office\Office10\EXCEL.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Ken\Desktop\Downloads\hijackthis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com R3 - URLSearchHook: (no name) - {D273C035-12EB-D6AB-3B62-3244E4BEFAE4} - C:\WINDOWS\Ewdmcwkm.dll O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-AB2D-8D32436313D9} - C:\WINDOWS\bsx5.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {689B1528-F725-4AA8-F5DA-91711D3A7353} - C:\WINDOWS\Ewdmcwkm.dll O2 - BHO: CExtension Object - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\bs3.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Search - {7806034E-68D6-FFDE-318F-789556D24A27} - C:\WINDOWS\Ewdmcwkm.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [bxsx5] RunDLL32.EXE C:\WINDOWS\bsx5.dll,DllRun O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINDOWS\bs3.dll,DllRun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17744da1...p/RdxIE601.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab |
Hi Memetic,
First glance, you have a few nasties there.. :) I'm off out in about 2 minutes, but I'll go through it when I get back.. 11.30pm ish UK time. Cheers Liam |
Thanks Liam - I saw BargainBuddy and NaviSearch which I think might be the guilty parties but have not had a go at them yet.
I'll be gathering all the info then paying a visit or making a long phone call to do a clean up. Memetic |
Hi Memetic,
I'm back.. give me 20 minutes or so, and I'll let you know what to do next. Cheers Liam |
Memetic,
Next time, when you run HJT, please shut down all the programs before running it, so we do not have to search though so many programs. My guess is you were hit by: BookedSpace I took a quick look and these looked suspect: C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\NaviSearch\bin\nls.exe C:\Program Files\BullsEye Network\bin\bargains.exe Then these are ones you will want HJT to fix: R3 - URLSearchHook: (no name) - {D273C035-12EB-D6AB-3B62-3244E4BEFAE4} - C:\WINDOWS\Ewdmcwkm.dll O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-AB2D-8D32436313D9} - C:\WINDOWS\bsx5.dll O2 - BHO: (no name) - {689B1528-F725-4AA8-F5DA-91711D3A7353} - C:\WINDOWS\Ewdmcwkm.dll O2 - BHO: CExtension Object - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\bs3.dll O2 - BHO: (no name) - {689B1528-F725-4AA8-F5DA-91711D3A7353} - C:\WINDOWS\Ewdmcwkm.dll O2 - BHO: CExtension Object - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\bs3.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Search - {7806034E-68D6-FFDE-318F-789556D24A27} - C:\WINDOWS\Ewdmcwkm.dll O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) There could be more, I did not get to go though everything. Take Care, Richard P.S. If you like, you could also remove fastfind.exe from your Startup Directory. It has never worked right for M$. |
Hi,
The first thing you need to do, is to place Hijack This in it’s own folder (e.g. C:\HJT\….) so it can generate backup files to the same folder; needed should an entry be accidentally deleted. Then please run a new HJT! Scan, and check to fix the following entries, being sure to double check that you haven't missed any. Next, close all browser windows and click the Fix checked button… R3 - URLSearchHook: (no name) - {D273C035-12EB-D6AB-3B62-3244E4BEFAE4} - C:\WINDOWS\Ewdmcwkm.dll O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-AB2D-8D32436313D9} - C:\WINDOWS\bsx5.dll O2 - BHO: (no name) - {689B1528-F725-4AA8-F5DA-91711D3A7353} - C:\WINDOWS\Ewdmcwkm.dll O2 - BHO: CExtension Object - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\bs3.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Search - {7806034E-68D6-FFDE-318F-789556D24A27} - C:\WINDOWS\Ewdmcwkm.dll O4 - HKLM\..\Run: [bxsx5] RunDLL32.EXE C:\WINDOWS\bsx5.dll,DllRun O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINDOWS\bs3.dll,DllRun O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) Next, please double click on the My Computer icon on the desktop. Go to Tools | Folder Options, click on the View tab and make sure that Show hidden files and folders is checked. Also uncheck Hide protected operating system files. Now click Apply to all folders, then click Apply then OK. Then boot into safe mode, (see here for info if needed) and delete the entire contents of the C:\Windows\Temp folder, but not the folder itself. Next please find and delete the following bolded files... C:\WINDOWS\Ewdmcwkm.dll C:\WINDOWS\bsx5.dll C:\WINDOWS\bs3.dll C:\WINDOWS\System32\nvms.dll C:\WINDOWS\System32\mscb.dll C:\WINDOWS\System32\msbe.dll Then please boot back into normal mode and download AdAware SE from here. First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Next, we need to configure Ad-aware for a full scan. Click on the Gear icon (second from the left) to access the preferences/settings window 1. In the General window make sure the following are selected: · Automatically save log-file · Automatically quarantine objects prior to removal · Safe Mode (always request confirmation) 2. Click on the Scanning button on the left and select : · Scan Within Archives · Scan Active Processes · Scan Registry · Deep Scan Registry · Scan my IE favorites for banned URL’s · Scan my Hosts file · Under Click here to select drives + folders, choose: · All of your hard drives | Proceed 3. Click on the Advanced button on the left and select: · Include additional process information · Include additional file information · Include environment information 4. Click the Tweak button and select: · Under the Scanning Engine: · Unload recognized processes & modules during scan · Include additional Ad-aware settings in logfile · Under the Cleaning Engine: · Let Windows remove files in use at next reboot 5. Click on Proceed to save the settings. 6. Click Start and on the next screen choose: · Use Custom Scanning Options 7. Click Next and Ad-aware will scan your hard drive(s) with the options you have selected. When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next). Next, please reboot again and download Spybot - Search & Destroy 1.3 from here: if you haven't already got the program. Click on Updates | Download Updates, and follow the prompts. Next, close all Internet Explorer windows, and click Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED. Next reboot and go here, and run the online virus scan; choosing the Autoclean option just before clicking the Scan button. Then please post a new log for a final once over. Cheers Liam |
Liam,
Looks like we hit just about the same files. :ok: Richard P.S. But you always give better advice on removal and repair. ;) |
Thanks
Thanks for the detailed answers Richard & Liam. :ok:
I'll forward the info then get on the phone tomorrow. (Hmm make that today :zzz: ) |
Memetic,
Let us know how it turns out, and post a new Log after you apply the fixes. Take Care, Richard |
Results...
Here are the post clean up results.
DvzIncMsgr.exe is not a pest, it's an application used by the PalmPilot (http://www.dataviz.com/) This machine still needs SP2 put on it but we were reluctant to do that before killing off the bugs and sloviing the very slow start up. Any thing else here anyone sees as being suspicious? VBR Memetic. --- Logfile of HijackThis v1.98.2 Scan saved at 17:52:04, on 23/11/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\WINDOWS\Dit.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\htpatch.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\DitExp.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Common Files\Real\Update_OB\realevent.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =3D = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =3D = http://www.medion.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - = C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - = C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common = Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home = CinemaXL\PowerCinema\PCMService.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe = -CheckReg O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control = Panel\atiptaxx.exe O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone = Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" = /background O4 - Startup: HotSync Manager.lnk =3D C:\Palm\HOTSYNC.EXE O4 - Global Startup: DataViz Inc Messenger.lnk =3D C:\Program = Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: Microsoft Find Fast.lnk =3D C:\Program = Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Microsoft Office.lnk =3D C:\Program Files\Microsoft = Office\Office10\OSA.EXE O4 - Global Startup: Office Startup.lnk =3D C:\Program Files\Microsoft = Office\Office\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - = res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} = - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Yahoo! Messenger - = {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - = C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - = {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - = C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O12 - Plugin for .spop: C:\Program Files\Internet = Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=3Dhttp://www.medion.com O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus = scanner) - = http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} = (PPSDKActiveXScanner.MainScreen) - = http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - = http://software-dl.real.com/17744da1...p/RdxIE601.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - = http://a840.g.akamai.net/7/840/537/2...dmicro.com/ho= usecall/xscan53.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI = Registry Information Class) - = http://security.symantec.com/sscv6/S.../bin/cabsa.cab |
Hi Memetic,
You're good to go.. :ok: :) Off you go now to get SP2. :) Just remember that SP2 includes a firewall that runs (IIRC) at startup, by default. I haven't seen how effective it is for myself, but it can't be any worse than the standard one. You may wish to disable it in preference to ZA, and that would be my choice from what I've seen. Perhaps those that have gotten a feel for it can offer more advice. Cheers Liam |
Memetic,
Glad to see you are all set now. :ok: Take Care, Richard |
Thanks
Thanks for the advice gents.
He's got SP2 on CD ready to go on. I expect it'll be ZoneAlarm as opposed to the Microsoft firewall. I have seen conflicting info on whether the firewall in XP SP2 does outbound protection and as there is more than one machine on the network there having outbound protection too seems sensible. Regards Memetic |
| All times are GMT. The time now is 13:30. |
Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.