*"Because if it was not on, 99.9% of the users would be calling/writing to find out how to turn it on because they do not like to read nor try to find out for themselves. It is a no-win situation."*Major security hole vs. tech support handling basic inquiries? That's hardly a contest between the two. That's like leaving your home's doors unlocked all the time so you have the convenience of not having to reach for your keys all the time. :-)

Lazy users is precisely a reason why this sort of option should be turned off by default. If users are inclined to not delve deeply into anything, including Internet security, then make sure their systems are fairly secure upon default.

(BTW, M$ charges for tech support calls after the third incident. If anyone wants more tech support calls, it'd be M$. ;-)

The user I mentioned used Ad-aware and it failed to find the hijacker. He then used "HijackThis" which is a "brute force" scanner. Instead of trying to uniquely identify the hijacker, it simply lists all pertinent files and registry entries and leaves it up to the user to decide what to delete.

HijackThis is fairly popular and there are plenty of tech forums on which you can copy and paste your scanning results. The knowledgeable people there can tell a user what should and should not be deleted.

There is also a HijackThis log tutorial which can help users figure out what you should delete.

We're rapidly flying off topic here so I'll leave this alone. Hopefully those links will help some people.