HJT1.99_XP and HJT2.0_XP installs to 'Program Files' folder which is a more conventional installation location for those who prefer it, other than that they are essentially the same as the previous versions.


http://img504.imageshack.us/img504/2498/hjtbe3.th.jpg (http://img504.imageshack.us/my.php?image=hjtbe3.jpg)

http://aycu02.webshots.com/image/11281/2002845820863096176_th.jpg (http://allyoucanupload.webshots.com/v/2002845820863096176)
A: shows the options I normally select/unselect during the installation of CCleaner. Adding the Open/Run CCleaner option to Recycle Bin’s right-click menu makes it easy to open and/or run the program from a single location while keeping the desktop cleaner by omitting the shortcut.

B: shows my choices under Options > Settings. I normally do not select the ‘Run CCleaner when computer starts’ option. I like to run the program manually. Selecting this option will place the entry under HKCU/Run key, so it is a user specific option. If there is a single user profile on the machine and multiple people are using it, then it would make sense to select this option.

C: shows my selections under the Options > Advanced section. I found it more convenient to have the program exit upon completing the process. For novice users, selecting ‘Hide warning messages’ would be a good idea as the program will pop a message giving detailed info when a critical checkbox is selected on main Cleaner list under Windows tab. The warnings would help a novice user decide which locations to have the program clean or not.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://aycu18.webshots.com/image/8177/2002889809651006089_th.jpg (http://allyoucanupload.webshots.com/v/2002889809651006089)
A: shows the options selected by default. This should be suitable for most but advanced users or those who are infected should re-configure by using one of the following as a guide.

B: shows all available options selected which I’d recommend if your system was infected with malware or if you want a thorough system cleaning. The options boxed in red are the selections that are most likely to free up significant amount of disk space. ‘Hotfix Uninstallers’ option, without a doubt, would free up lots of space since they delete Windows update uinstallers that are usually around 20 to 30 Megabytes.
But beware; if you need to uninstall an update file that could be causing problems, you would need the related uninstall file so do not select this option unless you are certain that all Windows security and system updates are working OK and that you will not need to uninstall any of them.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://aycu38.webshots.com/image/12157/2002896553435079105_th.jpg (http://allyoucanupload.webshots.com/v/2002896553435079105)
C: shows the options I have selected for every day use. For some users, the default options (all under Internet Explorer, Windows Explorer and System branches selected) could be suitable too but I found it a bit overkill for every day use.

D: shows the default application-type based list that CCleaner will use to scan and clean. Advanced users should also configure this to their needs but most others would be OK with the default settings.

Additional notes: The latest version is still a bit unreliable as far as the registry cleaner (Issues) functionality goes. I’d suggest you use one of the other 3rd party utilities mentioned on my list.

Also the “Uninstall’ and ‘Startup’ features under the Tools section are really nice. Especially the ‘Uninstall’ is a superior tool than Windows’ own Add-Remove Programs applet. Although ‘Startup’ function is nice too but there are better alternatives mentioned on my utility list.

~TL :cool:

These are 2 of my favorite utilities for monitoring startup entries to disable or delete the unwanted ones.

Autoruns scans other areas and provides logging function which StartupControlPanel lacks, however the strength of SCPL is its user friendly interface and also the fact that it moves all entries to 'Deleted' section providing an extra safety net. It is best not to delete the already deleted entries until you are absolutely certain the related entries are malware related or something you will never need.

Autoruns (http://www.microsoft.com/technet/sysinternals/Utilities/AutoRuns.mspx): http://aycu22.webshots.com/image/11301/2005822488124215640_th.jpg (http://allyoucanupload.webshots.com/v/2005822488124215640)
The first thing to do after launching Autoruns is to click Options then check the 'Hide Microsoft entries' option, then click on the Refresh button to have the program rescan and hide the MS related entries. Why should you do this?
2 reasons; by selecting this option you omit the safe and system critical entries that a user without a good reason and knowledge should not be messing with. Secondly, once the MS entries are excluded, the list becomes much shorter, making it easier to spot the legit 3rd party entries, missing or invalid entries and even -possibly- malware related ones.

Most users should only modify the top sections where the section path refers to either 'HKLM\..\...\Run' or 'HKCU\..\...\Run' the locations in the registry.
For the rest of the listing, please ask the advice of a knowledgeable person.

StartupControlPanel (http://www.mlin.net/StartupCPL.shtml) (SCPL): http://aycu05.webshots.com/image/8804/2005860003883721484_th.jpg (http://allyoucanupload.webshots.com/v/2005860003883721484)
There are 7 tabs of which 6 are functional and for the most part only 5 are normally used.

1) Startup (user) refers to the shortcuts placed in the C:\Documents and Settings\username\Start Menu\Programs\Startup path. Normally, startup entries appear here due to a program option that the user selected.

2) Startup (common) refers to the shortcuts placed in the C:\Documents and Settings\All Users\Start Menu\Programs\Startup path. The startup entries that appear here are commonly placed by the program in question during its installation.

3) HKLM / Run refers to the Local Machine run entries located at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run path. The startup entries that appear here are commonly placed by the program in question during its installation.

4) HKCU / Run refers to the Current User run entries located at HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run path. Normally, startup entries appear here due to a program option that the user selected.

5) Run Once refers to the Local Machine run entries located at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce path. Generally, an entry will appear here if a program needed an extra step to complete its uninstallation or another one-time process that couldn't be done without a system restart.
Examples of such entries:
Spybot failed to delete all selected infection related entries for whatever reasons, it might prompt the user to see if the process to be run on next bootup so it could be completed.
You connected remotely to another PC using Netmeeting, the program will place an entry to remove cached application files/settings on next boot up. You uninstalled a program (legit or malware) and it prompted that certain files would be removed on next startup. If the related program is an identified spyware type application be careful! Some of these pesky apps could place a startup entry here that could re-initiate the programs installation or launch some other apps, pop-ups, etc.

It could be best to delete these entries after writing down the path of the file, deleting the startup entry, then after rebooting, deleting the file and all matching registry entries. Of course, you should consult an expert before taking this type of an action to make sure you won't cause more harm.

Both programs will create a new registry key when the user disables (unchecking the box of) an entry, SCPL will create an other since it also allows deleted entries to be recovered from the Deleted section.

~ Autoruns will store the disabled entries at: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled

http://aycu18.webshots.com/image/11937/2005886121795210720_th.jpg (http://allyoucanupload.webshots.com/v/2005886121795210720)

~ SCPL will store the disabled/deleted entries at: HKEY_CURRENT_USER\Software\mlin\StartupCPL\Disabled and HKEY_CURRENT_USER\Software\mlin\StartupCPL\Deleted


Final Note: Use only one of these utilities to disable/delete startup entries to prevent confusion and mistakes. For everyday use SCPL is definitely an easier, more practical and safer tool to use. After installing a program, use SCPL to see if it created any related startup entries without informing you or not...;)


~TL :cool:

One of the most popular spyware scanners, also, imho, one of the decent ones. Spybot S&D has a lot of features that most people either do not know about or do not bother to use but I urge you to get to know the program a bit more because there are some really neat and useful functions hidden under its menus.

Here is the process that I'd suggest that you follow with each standard installation:

1. Download the program if it is not locally stored, then install it.
2. Launch the program, at the main menu, click 'Search for Updates' button to initiate the program's internal update process.
3. If any updates are available, right-click on any one of them and click 'Select All'.
4. Pick a download location that is close to You for faster download, then start the update process.

http://aycu24.webshots.com/image/11983/2001638224929731500_th.jpg (http://allyoucanupload.webshots.com/v/2001638224929731500)
*5. Once done, close out of the program and visit Spybot's home page (http://www.safer-networking.org/en/download/) and download the latest definition update file and install it. This allows the 'Ignored Products' to be listed under Advanced Mode > Settings screen which otherwise might not be visible by running the automated update process alone.

http://aycu04.webshots.com/image/11403/2001627375305212013_th.jpg (http://allyoucanupload.webshots.com/v/2001627375305212013)
6. After the manually update, Click on Mode and select Advanced Mode. Click Yes at the confirmation screen.

http://aycu17.webshots.com/image/12696/2001615078185033902_th.jpg (http://allyoucanupload.webshots.com/v/2001615078185033902)
7. Click Settings, then Ignored Products option and scan through the 'All Products' list to make sure there are no boxes (products) are selected, uncheck the ones found. As of this writing a total of 3 entries (2 C-Dilla and 1 SideStep) should be checked on the list. Uncheck if you find any others as well.

http://aycu31.webshots.com/image/11590/2001623442271912129_th.jpg (http://allyoucanupload.webshots.com/v/2001623442271912129)
8. Under Tools section, click Resident option and make sure to activate (check) the 'Resident SD Helper' option which is very similar to SpywareBlaster's malicious ActiveX blocking feature.

http://aycu34.webshots.com/image/10753/2001624689022740009_th.jpg (http://allyoucanupload.webshots.com/v/2001624689022740009)
9. Under the Spybot-S&D section on the side bar, click on Immunize button to create a preventative layer against spyware.

Also view the ActiveX, BHOs, Hosts File and Winsock LSPs sections as these location could display malware related entries when a system gets infected.
Identified malware related entries will normally be marked with a Red X and known or presumably legit entries would have a green checkmark. Since unknown entries could be tagged with a green checkmark, I suggest you examine each entry very careful in the event of an infection.

Default Hosts File would only have 'locahost' entry with an IP of 127.0.0.1 which is a software based IP address that is used to dignose the installed TCP/IP protocol(s) to see if they are functioning properly.

Winsock LSPs, if damaged by an infection could break network connection altogether.


Final Note: It'd be worth creating a report file by using the Tools > View Report feature.
If an infection takes place, comparing the report logs of the before infection and after infection could help you spot malware entries that spyware scanners might have missed.

~TL :cool:

When it is time to get a 2nd opinion on a file that might be infected, visit www.virustotal.com (http://www.virustotal.com) (imo, it's worth adding it to your favorites)

This awesome site uses over 30 different well-known scanners to analyze the submitted file.

Step 1: Submit the file in question by clicking on Browse button to locate the file and select it.

Step 2: Click Send button to have the file uploaded and queued for processing.

Step 3: Wait for scanning to complete; STATUS should read COMPLETED


http://img87.imageshack.us/img87/599/virustotalcv4.th.jpg (http://img87.imageshack.us/my.php?image=virustotalcv4.jpg)

This page covers pretty much all launch aka startup points in all versions of Windows Operating System:

http://www.silentrunners.org/sr_launchpoints.html (http://www.silentrunners.org/sr_launchpoints.html)

Important: This info is more for advanced users so if you are not sure, please get an expert's help before modifying these settings in the registry!
Also, it is always wise to make a backup of the registry before you make any kind of changes to the registry.

List of Internet Parental Control Utilities (free to my best knowledge):

Naomi:
http://www.radiance.m6.net/oldindex.html (http://www.radiance.m6.net/oldindex.html)

OpenDNS Parental Controls:
http://www.opendns.com/homenetwork/solutions/parental/ (http://www.opendns.com/homenetwork/solutions/parental/)

File Sharing Sentinel:
http://www.akidthaine.com/ (http://www.akidthaine.com/)

Safe Families Parental Control:
http://www.safefamilies.org/download.php (http://www.safefamilies.org/download.php)

K9 Web Protection:
http://www1.k9webprotection.com/ (http://www1.k9webprotection.com/)

B Gone Parental Control:
http://support.it-mate.co.uk/?mode=Products&p=bgone (http://support.it-mate.co.uk/?mode=Products&p=bgone)


Enjoy! :baby: