[bloomcounty]

Hard to tell. If it connects automatically, it could be pre-fetching mail.
Or it could be rearranging files, because your drive is heavily fragmented.

It's not connecting automatically. My dial-up connection box to connect doesn't come up until I actually click "send/receive". I also did that netstat check and it shows that no ports are "listening" (as far as I can tell).

-- bloomcounty

[Advertisements]

Metallica,

I now have installed AVG and ZoneAlarm (as well as reinstalled SpyBot 1.4, and have Ad-Aware 6 SE too).

I did not run the AVG scan in safe mode (just did the initial scan, which was right after it installed). Here is the log:

Partition table (MBR) ok Quick checked
Boot sector of disk C: ok Quick checked
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load Scanned
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit Scanned
System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Scanned
System registry exefile\shell\open\command Scanned
System registry scrfile\shell\open\command Scanned
System registry scrfile\shell\config\command Scanned
System registry batfile\shell\open\command Scanned
System registry cmdfile\shell\open\command Scanned
System registry comfile\shell\open\command Scanned
System registry piffile\shell\open\command Scanned
System registry giffile\shell\open\command Scanned
System registry htmlfile\shell\open\command Scanned
System registry htafile\shell\open\command Scanned
System registry jpegfile\shell\open\command Scanned
System registry txtfile\shell\open\command Scanned
System registry regfile\shell\open\command Scanned
System registry cplfile\shell\cplopen\command Scanned
System registry Word.Document.8\shell\open\command Scanned
System registry WordPad.Document.1\shell\open\command Scanned
C:\PROGRA~1\ACCESS~1\WORDPAD.EXE ok Quick checked
C:\PROGRA~1\GRISOFT\AVGFRE~1\avgamsvr.exe ok Quick checked
C:\PROGRA~1\GRISOFT\AVGFRE~1\avgcc.exe ok Quick checked
C:\PROGRA~1\GRISOFT\AVGFRE~1\avgemc.exe ok Quick checked
C:\PROGRA~1\GRISOFT\AVGFRE~1\avgw.exe ok Quick checked
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE ok Quick checked
C:\Program Files\Microsoft Office\Office\WINWORD.EXE ok Quick checked
C:\WINDOWS\NOTEPAD.EXE ok Quick checked
C:\WINDOWS\REGEDIT.EXE ok Quick checked
C:\WINDOWS\RUNDLL32.EXE ok Quick checked
C:\WINDOWS\SCANREGW.EXE ok Quick checked
C:\WINDOWS\SYSTEM\MSHTA.EXE ok Quick checked
C:\WINDOWS\SYSTEM\SHELL32.DLL ok Quick checked
C:\WINDOWS\SYSTEM\SYSTRAY.EXE ok Quick checked
C:\WINDOWS\TASKMON.EXE ok Quick checked
C:\WINDOWS\SYSTEM\kernel32.dll ok Quick checked
C:\WINDOWS\SYSTEM\wsock32.dll ok Quick checked
C:\WINDOWS\SYSTEM\user32.dll ok Quick checked
C:\WINDOWS\SYSTEM\shell32.dll ok Quick checked

...looks like everything's clear, right? So do I need to rerun it in SAFE MODE? If so, how do I do that?

Also, what should all my settings be in AVG?

As for ZoneAlarm, for the general settings, I have it set to:
- Check for updates: automatically
- Load ZondAlarm at startup

...but do I check "protect ZoneAlarm client" -- what is that?

What should my settings be for the Contact with Zone Labs section?

In the Firewall Section, I have it set as:
Main - with both Internet zone security and trusted zone security set for HIGH
Zones - Trusted Zone has only one thing -- it lists a PPP Adapter. Originally, this was all zeros for the IP/Site Address column (0.0.0.0/0.0.0.0 or something like that). But *now* it actually has an IP Address / Site address listed. What is this? Should that be there?

I have the Program Control set to Medium (so it asks me each time), with the AVG Email scanner and update downloader, firefox and outlook express all set with a checkmark for trusted. Is that right?

Email protection is sest to off (since AVG is doing that).

I finally had it stop showing me the blocked intrustions since there's been 166 of them since yesterday (and I've only been on-line maybe a total of an hour at most!) -- there were like 10 in the first two minutes! And I only have dial-up! Is that normal or is it a sign that something weird's going on? (They were all listed as "medium" except for two listings that were "high".)

Any reason to post that log? If so, how can I?

And what should the rest of the setting, if any, be set to?

So should my computer be safe now? Can I be secure in knowing that there's nothing bad on there?

Thanks for the help!

-- bloomcounty

[bloomcounty]

Metallica,

I now have installed AVG and ZoneAlarm (as well as reinstalled SpyBot 1.4, and have Ad-Aware 6 SE too).

I did not run the AVG scan in safe mode (just did the initial scan, which was right after it installed). Here is the log:

Partition table (MBR) ok Quick checked
Boot sector of disk C: ok Quick checked
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load Scanned
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit Scanned
System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Scanned
System registry exefile\shell\open\command Scanned
System registry scrfile\shell\open\command Scanned
System registry scrfile\shell\config\command Scanned
System registry batfile\shell\open\command Scanned
System registry cmdfile\shell\open\command Scanned
System registry comfile\shell\open\command Scanned
System registry piffile\shell\open\command Scanned
System registry giffile\shell\open\command Scanned
System registry htmlfile\shell\open\command Scanned
System registry htafile\shell\open\command Scanned
System registry jpegfile\shell\open\command Scanned
System registry txtfile\shell\open\command Scanned
System registry regfile\shell\open\command Scanned
System registry cplfile\shell\cplopen\command Scanned
System registry Word.Document.8\shell\open\command Scanned
System registry WordPad.Document.1\shell\open\command Scanned
C:\PROGRA~1\ACCESS~1\WORDPAD.EXE ok Quick checked
C:\PROGRA~1\GRISOFT\AVGFRE~1\avgamsvr.exe ok Quick checked
C:\PROGRA~1\GRISOFT\AVGFRE~1\avgcc.exe ok Quick checked
C:\PROGRA~1\GRISOFT\AVGFRE~1\avgemc.exe ok Quick checked
C:\PROGRA~1\GRISOFT\AVGFRE~1\avgw.exe ok Quick checked
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE ok Quick checked
C:\Program Files\Microsoft Office\Office\WINWORD.EXE ok Quick checked
C:\WINDOWS\NOTEPAD.EXE ok Quick checked
C:\WINDOWS\REGEDIT.EXE ok Quick checked
C:\WINDOWS\RUNDLL32.EXE ok Quick checked
C:\WINDOWS\SCANREGW.EXE ok Quick checked
C:\WINDOWS\SYSTEM\MSHTA.EXE ok Quick checked
C:\WINDOWS\SYSTEM\SHELL32.DLL ok Quick checked
C:\WINDOWS\SYSTEM\SYSTRAY.EXE ok Quick checked
C:\WINDOWS\TASKMON.EXE ok Quick checked
C:\WINDOWS\SYSTEM\kernel32.dll ok Quick checked
C:\WINDOWS\SYSTEM\wsock32.dll ok Quick checked
C:\WINDOWS\SYSTEM\user32.dll ok Quick checked
C:\WINDOWS\SYSTEM\shell32.dll ok Quick checked

...looks like everything's clear, right? So do I need to rerun it in SAFE MODE? If so, how do I do that?

Also, what should all my settings be in AVG?

As for ZoneAlarm, for the general settings, I have it set to:
- Check for updates: automatically
- Load ZondAlarm at startup

...but do I check "protect ZoneAlarm client" -- what is that?

What should my settings be for the Contact with Zone Labs section?

In the Firewall Section, I have it set as:
Main - with both Internet zone security and trusted zone security set for HIGH
Zones - Trusted Zone has only one thing -- it lists a PPP Adapter. Originally, this was all zeros for the IP/Site Address column (0.0.0.0/0.0.0.0 or something like that). But *now* it actually has an IP Address / Site address listed. What is this? Should that be there?

I have the Program Control set to Medium (so it asks me each time), with the AVG Email scanner and update downloader, firefox and outlook express all set with a checkmark for trusted. Is that right?

Email protection is sest to off (since AVG is doing that).

I finally had it stop showing me the blocked intrustions since there's been 166 of them since yesterday (and I've only been on-line maybe a total of an hour at most!) -- there were like 10 in the first two minutes! And I only have dial-up! Is that normal or is it a sign that something weird's going on? (They were all listed as "medium" except for two listings that were "high".)

Any reason to post that log? If so, how can I?

And what should the rest of the setting, if any, be set to?

So should my computer be safe now? Can I be secure in knowing that there's nothing bad on there?

Thanks for the help!

-- bloomcounty

[Bazzrr]

Not sure if you have taken this further, but have just seen the same thing
Here is a link to Microsoft:
http://support.micro...om/?kbid=902956

I found the Microsoft link at this site:
http://malektips.com...stroy_0041.html

It would appear that Spybot is attempting to block 139mm.com by adding to the restricted sites zone.
But Microsoft Anti-Spyware has a problem with Spybot doing this, (and possibly for other sites)

To quote the Microsoft site:
"The real-time monitoring does not distinguish between additions to the restricted sites zone and additions to the trusted sites zone."

So you should click "allow" when Microsoft prompts you, and Spybot is then able to do the block.

Hope this makes it clear.

[bloomcounty]

Not sure if you have taken this further, but have just seen the same thing
Here is a link to Microsoft:
http://support.micro...om/?kbid=902956

I found the Microsoft link at this site:
http://malektips.com...stroy_0041.html

It would appear that Spybot is attempting to block 139mm.com by adding to the restricted sites zone.
But Microsoft Anti-Spyware has a problem with Spybot doing this, (and possibly for other sites)

To quote the Microsoft site:
"The real-time monitoring does not distinguish between additions to the restricted sites zone and additions to the trusted sites zone."

So you should click "allow" when Microsoft prompts you, and Spybot is then able to do the block.

Hope this makes it clear.

Yeah, that makes sense -- thanks! I actually decided not to use SpyBot on the machine at work (we've got Ad-Aware and eTrust and our computer-guys said that should be enough). And at home I've got Windows 98, so I can't use MS Anti-spyware, so I use Ad-Aware and Spybot (and AVG and that free firewall program whose name escapes me at the moment).

-- bloomcounty