Another AxFreePorn/InstantAccses Dialer - need help please

Hello,

This is my first post here, very nice site, I'll be returning even when im not looking for virus help

Ok, I thought I had finally got rid of it last night, but after some time connected it did reappear again.

My windows updates are current now, I've run AVG, Spybot S&D, Ad-aware, and Housecall from Trendmicro.

I'm able to stop it with ASquared Anti Dialer, but that isnt getting rid of it.

After searching the site, I noticed theres no quick fix for this, and that your helping people on an individual basis.

Here's my HiJackThis log:
---------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:00:59 AM, on 3/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\j2re1.4.2_06\bin\bak\jusched.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\internet explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105083902427
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

---------------------------

Thanks in advance!

 

welcome to WindowsBBS Thazul

Your log shows evidence of an AWF infection, which has thus far been present with the several other AxFree infections we've seen, sugesting it is the source. Please update AVG Antispyware and run a scan as outlined below.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

• Click on Scanner on the toolbar.
• Click on the Settings tab.
  • Under How to act?
    • Click on Recommended Action and choose Quarantine from the popup menu.
  • Under How to scan?
    • All checkboxes should be ticked.
  • Under Possibly unwanted software:
    • All checkboxes should be ticked.
  • Under Reports:
    • Select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan?
    • Select Scan every file.
• Click on the Scan tab.
• Click on Complete System Scan to start the scan process.
• Let the program scan the machine.
• When the scan has finished, follow the instructions below.
  IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)
• When done, click the Save Scan Report button. (4)
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot. Post the contents of that report.

Download FindAWF from the link below, saving to the desktop.

http://noahdfear.geekstogo.com/FindAWF.exe

Double click it to run and follow the prompts. Please post the contents of the AWF.txt log it creates.

 

noahdfear, thank you so much for assisting me! I really appreciate it.


Here is the AVG Anti-Spyware log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:25:23 PM 3/18/2007

+ Scan result:



C:\Documents and Settings\Le Mons\Local Settings\Temp\178Psiea.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).


::Report end




Here is the awf.txt:


Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\EARTHL~2\BAK

08/04/2004 06:12 PM 921,600 TaskPanl.exe
1 File(s) 921,600 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

01/07/2005 01:44 PM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK

09/28/2004 08:26 PM 32,881 jusched.exe
1 File(s) 32,881 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

24588 Jan 29 2007 "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe "
921600 Aug 4 2004 "C:\Program Files\EarthLink TotalAccess\bak\TaskPanl.exe "
24588 Jan 29 2007 "C:\Program Files\QuickTime\qttask.exe "
98304 Jan 7 2005 "C:\Program Files\QuickTime\bak\qttask.exe "
24588 Jan 29 2007 "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe "
32881 Feb 25 2005 "C:\Documents and Settings\Le Mons\Desktop\jre\bin\jusched.exe "
32881 Sep 28 2004 "C:\Program Files\Java\j2re1.4.2_06\bin\bak\jusched.exe "


end of report


Thanks again!

 

Please add the following files to a zipped file and submit them at the link below.

C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

http://www.bleepingcomputer.com/submit-malware.php?channel=22

They are rogue files that replaced the originals and moved the originals into a bak folder within the same directory.

Next, open Task manager to the Processes tab and if any of those three exes has a running process, end process on them. Then, delete those three files, open the bak folder within each file's location, then copy the original and paste it back into the directory you deleted the rogue from.

If there is an InstantAccess icon on the desktop, delete it.
If there is an AxFreePorn dialup connection present, delete it.

Download ATF Cleaner by Atribune and save it to your Desktop.

http://www.atribune.org/ccount/click.php?id=1

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin


The rest are optional - if you want it to remove everything it can, check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program to clean out their temporary files as well.

When you have finished, click on the Exit button in the Main menu.

Reboot, then run FindAWF again and post the log.

 

Files have been submitted in a zip called Thazul.zip

Here is my latest awf.txt


Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\EARTHL~2\BAK

08/04/2004 06:12 PM 921,600 TaskPanl.exe
1 File(s) 921,600 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

01/07/2005 01:44 PM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK

09/28/2004 08:26 PM 32,881 jusched.exe
1 File(s) 32,881 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

921600 Aug 4 2004 "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe "
921600 Aug 4 2004 "C:\Program Files\EarthLink TotalAccess\bak\TaskPanl.exe "
98304 Jan 7 2005 "C:\Program Files\QuickTime\qttask.exe "
98304 Jan 7 2005 "C:\Program Files\QuickTime\bak\qttask.exe "
32881 Sep 28 2004 "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe "
32881 Feb 25 2005 "C:\Documents and Settings\Le Mons\Desktop\jre\bin\jusched.exe "
32881 Sep 28 2004 "C:\Program Files\Java\j2re1.4.2_06\bin\bak\jusched.exe "


end of report


Thanks Dave, you're a life saver!

 

Thanks for the files. Delete the following bak folders.

C:\Program Files\EarthLink TotalAccess\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Java\j2re1.4.2_06\bin\bak

Scan again with HijackThis and place a check next to the following entry, close all other open windows and then click Fixed Checked.

R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

Exit HijackThis.

If you have used msconfig to disable items from startup, please re-enable them and reboot, then post a fresh HijackThis log, unless you know the disabled items are to valid programs that you opted to disable, in which case, I'd just like to see a fresh HijackThis log.

 

Ok, folders deleted, r3 in HijackThis Fixed.
There was 1 thing I had unchecked in msconfig startup, and that was because it's Startup Item name is blank. its command is blank as well, but it's location is HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Here is my new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:31:00 PM, on 3/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105083902427
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Thanks again!

 

Are you comfortable using regedit?

 

Yes, very much so.

 

Great! Navigate to and select the following key.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks

In the right pane, you should see a Default entry and an entry like the next.

~CFBFAE00-17A6-11D0-99CB-00C04FD64497}

Right click that entry and delete. Then right click a blank area and select New>String Value. Name it

{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

and leave the data field blank. (note, you can copy and paste the name)
If you'd like to remove that empty run entry, you can re-enable it in msconfig, exit without restart, log off and back on, then navigate to the key and delete the blank entry.

Close regedit. Post a new HijackThis log.

I also recommend you install a good antivirus program and a firewall. There are several free versions of each available if you don't want to purchase something.

 

Ok,

I got rid of that blank run entry.
Then I went and deleted the entry you said, but the one you wanted me to create was already there so I just left it alone.

Which Free Anti-Virus/Firewall do you recommend?

Here is my new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:40:44 PM, on 3/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105083902427
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Thank you so much

 

Logs look good.

Many folks are using AVG Free or Antivir, and either Zone Alarm Free or Kerio Personal Firewall. All are good and preferable to none at all. Personally, I prefer to use eTrust, and feel it well worth the $40 for the security suite.
http://home3.ca.com/Microsoft/Default.aspx?sc_lang=en-US
Note that I'm pretty sure that Vista 1yr free will still work on XP machines , but only the antivirus part of the suite applies. The other option there would be the 90 day trial on the entire suite for XP users. I believe aquiring a license after the trial period is cheaper too, but don't hold me to that. LOL

So has your problem with AxFree been resolved? Anything else that may need addressed?

 

I think AxFreePorn is gone, I haven't been disconnecetd yet.

Now to get the firewall/anti virus on here.

Should I leave AVG Anti-spyware Guard feature on, and in the startup?

Thank you very much, I really appreciate it.

 

The guard feature will only work during the 30 day trial period, as with some of the other features, and should be disabled at that time.

http://free.grisoft.com/doc/20/lng/us/tpl/v5


Happy to help!