Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hjt log


  • Please log in to reply
7 replies to this topic

#1 hothett

hothett

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 05 March 2005 - 10:46 PM

here is my hjt log but first let me give you alittle summary.

noticed the aboutblank hijacker month and a half ago. have tried the first several times to use in order, cwshredder, stinger, ad-aware(but possably not the right version untill now{originally it scanned @42,000 files and the SE i just put on searched over 100,000} when i read topict4222), and then spybot. i would also run hjt and windows washer right after. it would work for a few days then boom again got it back. after several tries like that i then tried adware away, spysubtract, spyware doctor, spysweeper- in many different orders. nothing seemed to work.

then yesterday i read topict4222 which says to (and this topic described my problem the best of everything i have read online.) run startdreck, identify the runserviesonce streamingdevicesetup dll. then run win98fix(which was hard to find- atleast last night since the site seemed not to work) . then delete the identified dll. then run cwshredder. when i did i had a good feeling because running cwshredder in the past has never prompted me to reboot. then do online virus scans at housecall.antivirus and pandasoft. next run ad-awareSE. then i ran hjt. just finished all this an hour ago and was wondering about some stuff the online scans found but couldnt or wouldnt delete. they are;
c:\\windows\explor.exe
c:\\load.exe
c:\\program files\Q330994.exe
c:\\windows\system\neglog.dll
c:\\windows\system\cnp.dll
c:\\windows\system\kcjocn.dll
c:\\windows\system\odaj.dll
c:\\windows\system\p2pnetworking v1242.cpl
c:\\windows\system\cdefama.dll
c:\\windows\system\efhlbia.dll
c:\\windows\system\nadnpn.dll

all but the first two where found with the pandasoft online scan and had the incident listed as Adware:Adware/CWS.aboutblank or Adware:Adware/p2pnetworking (1) or Adware:Adware/superspider(1 {the third exe}). i havent had an incedent again yet but like i said it has been and hour since i finished. maybe what i listed was results from previous scans.(?)

anyway here is my most recent log



Logfile of HijackThis v1.98.2
Scan saved at 10:13:43 PM, on 3/5/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\PROGRAMS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/mail?.intl=ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/mail?.intl=ca
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:14 AM

Posted 06 March 2005 - 05:49 PM

Hello hothett and welcome to the BC forums. I think I spoke to you in the chat room the other night (blues music). I am presently reviewing your log and will respond back to you as quickly as I can.

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 hothett

hothett
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 06 March 2005 - 08:23 PM

Hello OT, and yes I remember you from the other night in chat. I dont think my log says much but i really think I might have it taken care of this time. I really just had the questions about the dll and exe file the scans found but didnt do anything with. Thank you for letting me know that you are looking at it. Any thing else you would like to tell me would be great.

Keep Kool,
hothett

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:14 AM

Posted 06 March 2005 - 08:35 PM

Hello again hothett. After reviewing your log it appears that you have taken care of the problem. Your log looks clean at this time. There are a couple of things I would like you to do.

Since the scans found a number of files and it is unclear whether they have been removed let's verify that the files are gone. Please proceed with these steps in order:

Step #1

Follow these steps to reboot into Safe Mode and delete the offending files.

Start in Safe Mode Using the F8 method:* Reboot or turn the computer on.
* As the computer starts, press and hold down the Ctrl key until the Windows 98 Startup Menu appears. (This also works with the F8 key following the same steps).
* Choose Safe Mode from the Startup Menu.
* Press Enter.
We need to make sure all hidden files are showing so please:* Open My Computer.
* Select the View menu and click Folder Options.
* Select the View tab.
* In the Hidden files section select Show all files.
* Click OK.
Find the following files/folders and delete them (don't worry if they are already gone):c:\\windows\explor.exe (be careful not to delete the legitimate file explorer.exe)
c:\\load.exe
c:\\program files\Q330994.exe
c:\\windows\system\neglog.dll
c:\\windows\system\cnp.dll
c:\\windows\system\kcjocn.dll
c:\\windows\system\odaj.dll
c:\\windows\system\p2pnetworking v1242.cpl
c:\\windows\system\cdefama.dll
c:\\windows\system\efhlbia.dll
c:\\windows\system\nadnpn.dll

While still in Safe mode follow these steps to clean out your temporary folders:

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then Run, and type %temp% and press the OK button.

This should open up the temp folder that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Do this same process for %windir%\temp.

Step 2: Delete Temporary Internet Files
Now I want you to click Start then Settings then Control Panel. Double-click the Internet Options icon. At the General tab, which should be the first tab you are currently on. Click on the Delete Files button and put a checkmark in Delete offline content/b]. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Ok. Reboot your computer normally.

Step #2

You are currently running an older version of HijackThis. Please click on the link below and download the most current version:[b]HijackThis_sfx.exe

Delete your current HijackThis.exe file and double-click on the file you just downloaded to install the newer version.

Start HijackThis and perform a new scan. Post your new log file back here as a relpy to this topic and I will review it when it comes in.

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 hothett

hothett
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 07 March 2005 - 01:26 PM

OT,

First off I would like to commend you and this site for such wonderful help, wheither it is with the computer or with the blues in chat(just shows what good people can do). Thank you OT and BC. I also would like to say that your steps/explanations was very explicit. I think even the slowest of people couldnt get your instructions wrong( in most cases).

I did everything you told me in the order it was given. Thanks also for notifieing me of the need to update hjt. All files were easy to find and delete. My computer seems to be running fine. All files that were deleted are in my recycle bin fight now and I dont plan on emptying it until you say it is ok. I assume that it is fine to do so though. I usually keep it emptied at all times. I also try to keep as little running as possible that I dont need. As well as keep my interenet cache settings (history and files) low. anywho...

Here is my new hjt log. There still isnt much to it and I think as of now that is a good thing. I think BC has helped me to get rid of about:blank but as it has come back many times in the past I dont want to get to confident for a week or so. The site has also taught me alot. blah blah blah... anywho the log:

Logfile of HijackThis v1.99.1
Scan saved at 12:49:37 PM, on 3/7/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/mail?.intl=ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/mail?.intl=ca
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab




Thanks again abunch,
keep groovin
hothett

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:14 AM

Posted 07 March 2005 - 05:51 PM

Hey hothett. your log looks great. Congratulations! You actually had it all cleaned up for me. It's nice to have one once in a while where the user actually does all the work for me.

As for the Recycle Bin, yes, by all means empty away. Also, I do not see an anti-virus program running on your computer. Although you run on-line scans, an active anti-virus program is your first line of defense against viruses and trojans being installed on your system in the first place. Please review the information below and consider the applications and steps outlined to help protect you in the future.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster, SpywareGuard and IESpy-Ad. They will add 1000's of sites to your resticted zone and block some hijacks from happening.

You should also have a good firewall like ZoneAlarm or Kerio Personal Firewall (both are free) and a good anti-virus application like AVG Anti-Virus or Avast Home Edition (both are also free). It is critical to have both a firewall and anti virus to protect your system.

To keep your system up to date and clean visit Windows Update monthly, run AdAware SE and Spybot Search & Destroy weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day! Feel free to stop by in the chat again anytime and let us know how things are in Toronto.

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 hothett

hothett
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 08 March 2005 - 11:25 PM

OT,

Hows it going? I have finishedupdating my computer with the suggestted programs. I have desided to try out zonealarm and avgantivirus instead of keriopersonalfirewall or avasthomeedition. Not sure which ones are better but I figure I have to try one out regardless. I also did a windows update and adware se adn spybot scans. It seemed I had a different version of spybot that had more features, but even with updating it never found much. Now with this version I removed yet more dialers and trojans. The firewall is pretty cool. I am not to sure about the avgantivirus but I will give it a chance. I might try the other avasthomeedition but I think I have to uninstall the first one. But like I say I will try it out before deciding. Anyway here is a new (and larger log).



Logfile of HijackThis v1.99.1
Scan saved at 11:02:28 PM, on 3/8/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/mail?.intl=ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/mail?.intl=ca
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Thanks for the time and suggestions,
hothett.

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:14 AM

Posted 09 March 2005 - 09:48 AM

Hi hothett. Log looks great. Hope that things are running as well too. In regards to AVG or Avast, I use both on various computers here. They both do a good job and have caught everything that has come their way. The one thing that I do prefer Avast for is on my main machine because I use it in alot of chat rooms and Avast will protect an IRC client from viruses sent through an IRC channel. There is no information regarding whether AVG does this so I can't say for certain. Also, with Avast, you must re-register every year even though it is free. I don't recommend it to users that will forget that and then freak out when they have to register again. Other than that, both products have great track records and I like them both.

Take care in Toronto!

OT

Edited by OldTimer, 09 March 2005 - 09:50 AM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users