[bilnrobn]

From time to time my system just locks up for no obvious reason... When this happens there is no error message, it just stops working. The mouse will still move the cursor but that is all. Mouse buttons, scroll wheel and all keyboard keys do nothing and Ctrl/Alt/Delete doesn't do anything either. I run Norton AV, AdAware and Spybot regularly and do a monthly full ScanDisk followed by Disk Defrag. It seems to happen more when I am online and running OE, but that may not be significant.
Here is a Hijack This I just ran:

Logfile of HijackThis v1.97.7
Scan saved at 7:59:39 PM, on 5/04/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL\PERSFW.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\GENIUS NETSCROLL + SERIES MOUSE\MOUSEELF.EXE
C:\WINDOWS\SYSTEM\SKDAEMON.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\REGPROT\REGPROT.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\SKSMAILD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNDAL.EXE
C:\WINDOWS\RSRCMTR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myplace.westnet.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [mouseElf] C:\Program Files\Genius NetScroll + Series Mouse\mouseElf.exe
O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [RegProt] c:\regprot\regprot.exe /start
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [PersFw] "C:\Program Files\Kerio\Personal Firewall\persfw.exe" /hide
O4 - Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
O4 - Startup: ResourceMeter.lnk = C:\WINDOWS\RSRCMTR.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: http://www.ozpwc.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37887.8282175926
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = wn.com.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 203.194.27.57,203.194.56.150

Any suggestions would be much appreciated.

 

[sir_comp]

windows ME likes to freeze. What can I say except Micrsoft's worst OS try upgrading to 2000 or XP.

 

[starwaves77]

Bilrobn,
Your free and clear, that is a good log, your defense system is excellent~! Glad to see you have RegProt running, since you like having your system so well defended consider adding this tiny freeware script protection, Script Sentry

Script Sentry allows safe scripts to run on your system while alerting you if a script might harm your system. In addition, Script Sentry prevents against malicious scripts hidden in ShellScrap (hidden SHS and SHB extensions) files, Word/Excel macro viruses, malicious HTA files, and accidentally run REG files.

There are a couple things in the log that come down to 'your choice',

I would remove this, run Hijack again, check these two and click 'fix'

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNDAL.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

They're connected to Real One Player, and are using 'your system' for update fuel, I'd nix it, but it's your choice, your better off using a player like WINAMP,

When they connect to the internet for updates it's possible your system hangs, removing Real One would confirm that,

 

[flavallee]

Bilnrobn:

About a week ago, I spent 7 hours working on a Windows ME computer that was freezing up frequently and had the owner to the point of heaving it out the front door. By the time I was done, it was running fine and she was happy as a lark. The problems that I found:

Numerous Windows critical updates that needed to be installed.

1,500+ temporary files that needed to be deleted.

200+ spyware/malware files that needed to be deleted.

A bloated startup load that needed to be trimmed down.

Some setting changes that needed to be made to reduce the load on the display adapter.

A hard drive that hadn't been defragged in over a year.

Several programs and hardware drivers that needed to be updated.

 

[bilnrobn]

Thanks guys!

Starwaves77, I have downloaded Script Sentry. It looks to be a good addition to my protection... thanks for that.
I ran HT again and told it to fix evntsvc.exe. rndal.exe wasn't on the list this time for some reason I don't understand.
After fixing I found evntsvc.exe was still there and I also found rndal.exe. I made backups of both and then attempted to delete them. Should I have? It wouldn't let me delete evntsvc as it was being used by Windows, but it did delete rndal.
Regarding your suggestion to delete RealOne Player. I would prefer not to as, over a period, I have got quite a lot of music saved on it. I assume it would be a fairly big job to transfer it all across to an alternative.

Frank, thanks for your comments. I think I have most of those areas covered.

Sir Comp, all I can say is "tell me about it". I realise ME is a pain in the butt, but I find that generally I can live with it. The lock ups are perhaps a necessary evil if I stay with ME; I am just trying to minimise their occurance.

 

[bilnrobn]

Re Script Sentry, since my last post and the installation of Script Sentry my computer has slowed down alarmingly. Sites, including this one, have been taking for ever to come up. I finally closed all open windows and uninstalled it, (kept the zipped download), and since then speed is back to normal. It seems Script Sentry was the culprit, but I am not certain. Any comments?

 

[flavallee]

I'm guessing that your computer has 128 MB of RAM and has 8 MB of it reserved and used by an "on-board" display adapter. You should seriously consider adding another 128 MB. Windows ME will run better with 256 MB instead of 128 MB.

If you're using 56K dial-up, you should seriously consider switching to high-speed DSL or cable - if it's available in your area. It'll speed up your browsing experience tremendously.

 

[starwaves77]

Hi BilRobn,

Let me vouch for Script Sentry since I use it. You know your computer better than anyone else, so you have the feel of things and how to operate it, your judgement comes first. There is always room for an anomaly reaction with any computer, hence, your slowdown,

With that said, Script Sentry is not a ' huge running process' and has no size value, it simply sits and waits for something to pass by, expending no energy until then. If you were to ctrl alt del, it will not show up with the other programs. In other words it's not this giant energized process consuming resources and downloading updates from the mother ship on the internet. . and that's one of the reasons I really like it.

Script Sentry is a "set it and forget it" application so it takes up exactly 0MB of memory unless it's needed

You could try it again and see if you detect the same performance problem. Here is another script detective you could also try instead: Script Defender

"Script Defender will intercept any request to execute the most common scripting types used in virus attacks, such as Visual Basic Scripting (.VBS), Java Script (.JS), etc and can even be configured to intercept new script extensions as needed! ."

Another to try:
Script Trap

I understand your connection with Real One, if you ever wanted to try something else, all you have to do is search in find for your Mp3 files, then look at the folder they are in, right click on it, select 'copy', create a new folder (My Mp3), then right click and select 'paste', you now have a backup of your mp3's that will be located when you install a new player, and your windows folder will not be changed or removed since any new player will use a 'shared folder'

One more thought on Real One, you wouldn't have to remove or uninstall it, you could just choose to remove it's 'updating' entries in the Hijack log, they are the source of Real One's performance drawback,

 

[bilnrobn]

Thanks Starwaves77. Are they the two files you mentioned earlier? If so, as I said, I have deleted rndal.exe, but when I try to delete evntsvc.exe I get a "Can't delete, the specified file is being used by Windows" message. Maybe I should try deleting it from Safe Mode? (I have backed up both of these files in case I need to re-instal them). Thanks also for your comments on Script Sentry and Real One.
Frank, I have broadband, as of a couple of weeks ago, and download speed is usually good. My resource meter usually shows system and user resources about 65% free and GDI about 75%. I guess you are quite right, though, in suggesting some more RAM would be a good idea.

 

[starwaves77]

Hi BilnRobn,

I focused on that script sentry issue but did want to support Flavalee's thought on your RAM, , the cost would only be about $30 for a 128mb module, even better you could get a 256mb module in the range of $50 on sale, and install it yourself, totally worth it. But your system resources are good, 65%, mine can plunge to 18% or average 45%, with 256mb Ram, I do however have tons of programs running and I like it that way, I don't notice any serious performance drop off, but occasionally I get into a tangle, , another member WhitPhil gave an excellent discussion on system resources with an excellent link, I'll see if I can find that for you, found it System Resources FAQ & this one System Resources II

How to fix those Real One entries:

Everytime you start Real One it rebuilds that key and starts the eventsc.exe all over again,

So remove the key,
From Start / Run / Regedit

Navigate to this key by clicking on the +sign for each successive folder till you come to 'Run' , highlight it, look in the right pane for TkBellExe
Delete it,

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Re-boot.
Run HIjack again, check for this entry, and click 'fix' to remove,.

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

----------
Now you can delete, or rename EVNTSVC.EXE to EVNTSVC.EXE.OLD whatever you feel comfortable with, the player does not need them, only the 'mothership' does,

 

[bilnrobn]

Thanks Starwaves77. I have followed your instructions and deleted TkBell. I then rebooted and ran HT and could not find evntsvc listed anymore. Here is my latest HT list...
Logfile of HijackThis v1.97.7
Scan saved at 8:12:06 AM, on 9/04/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL\PERSFW.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\GENIUS NETSCROLL + SERIES MOUSE\MOUSEELF.EXE
C:\WINDOWS\SYSTEM\SKDAEMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SKSMAILD.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\REGPROT\REGPROT.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\RSRCMTR.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myplace.westnet.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [mouseElf] C:\Program Files\Genius NetScroll + Series Mouse\mouseElf.exe
O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [RegProt] c:\regprot\regprot.exe /start
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [ScriptSentry] C:\PROGRAM FILES\SCRIPT SENTRY\SCRIPTSENTRY.exe /check
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [PersFw] "C:\Program Files\Kerio\Personal Firewall\persfw.exe" /hide
O4 - Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
O4 - Startup: ResourceMeter.lnk = C:\WINDOWS\RSRCMTR.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: http://www.ozpwc.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37887.8282175926
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = wn.com.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 203.194.27.57,203.194.56.150

(Incidentally, the computer locked up half way through the reboot. It was ok on the second try.)

 

[starwaves77]

BilnRobn,

Looks great,

Still thinking about 'resources' here's something I missed from before, your running a program called PC Health, check to see how often it's running,

To do that, go to Control Panel / 'Scheduled Tasks'

double-click 'PCHealth Scheduler for Data Collection', click on the 'Settings' tab and set the task to stop if it runs for more than 5 or 10 minutes ,

Then click the 'Schedule' tab, click 'Advanced' ,
change the 'Repeat Task Schedule' from 'Every 10 minutes' to 'every 4, 5, hours' etc, whatever you like,

Now test your system,

 

[bilnrobn]

I have PCHealth set up to run at 1615 hours daily and to run for no longer than 5 minutes. As I am not on the computer at that time every day, in practice it probably only runs a couple of times a week.

 

[bilnrobn]

I just noticed TKBell was back on the startup list. I went to regedit and removed it again.
I have RegistryProt active; maybe I should be more careful about what I allow to be set up in my registry.

 

[starwaves77]

I forgot you were using RegProt, if you removed TK from the registry and then it reinstalled again, RegProt will pop up and ask if you want to add this key to the registry "a change is being made at this key, etc, do you want to keep it?"

Click No,

The thing about RegProt is when you set it up initially it will pop up for your startup entries, agree to all, but after that agree to none unless your in the process of actually installing a 'new' program or some kind of program update, one your aware of.

The rule of thumb is:
reject all attempts to add a key to the registry. The exception is your in the process of installing a new program or update

Remember if you end up saying no to a 'key' being added your always erring on the side of safety and security, the worst that can happen is some program doesn't work the way it should, that can be reinstalled, but if one says 'yes, add the key' then the gateway for a trojan, virus, keylogger may have opened, that is a whole lot harder to deal with at that point, especially if your unaware,

Second Rule of Thumb:
RegProt will never randomly, or in a scheduled way present you with the choice to 'add a key', it only happens under two conditions:

a) your computer is being maliciously compromised at that moment
b) your in the process of installing a program you know about which happens 99% of the time.

There is a final concern:

You knowingly download and install a program that you want and that program itself is actually infected with a trojan program, it will install a key in the midst of all the legitimate keys. You won't be able to recognize it, so you have to have a backup program that will, that's where your antivirus, script defender, trojan detector program kicks in, it must recognize the threat or it will get installed, so definition updates are critical.

I have never been infected by any of the serious crippling virus's or trojans. Early on I had all the spyware/adware infections, all the classics, although I have received virus/attachment emails I never activated any. I've had several 'false positives' for trojans appearing in programs I downloaded and maybe 2 or 3 legitimate discovery's, and some windows vulnerabilities that were never exploited.

Speaking of trojans, I just received this email:Fraud Report , an extremely rare occurrance.

But of course, the most important defense of all is TECH GUY ~!

 

[bilnrobn]

Thanks for that very complete answer Starwaves. I appreciate your attentive replies. As to whether we have stopped the lockups, only time will tell as their occurance has always been spasmodic. Being an ME user I guess I can expect occasional lockups anyway.... it comes with the package!