MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: bagle.am & keenval-o
November 22, 2019, 06:57:22 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 22, 2019, 06:57:22 PM

Login with username, password and session length
 Featured Sites:
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: bagle.am & keenval-o  (Read 2259 times)
greensinnerz
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« on: March 21, 2005, 03:39:12 PM »

Logfile of HijackThis v1.98.2
Scan saved at 11:24:21 PM, on 3/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\AVPersonal\AVWUPSRV.EXE
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\System32\GSICON.EXE
E:\WINDOWS\System32\dslagent.exe
E:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\AVPersonal\AVSched32.EXE
E:\Program Files\AVPersonal\AVGNT.EXE
E:\WINDOWS\system32\taskmgr.exe
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\SpeedFan\speedfan.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Mpk\mpk.exe
E:\Program Files\Opera\opera.exe
E:\Program Files\AVPersonal\AVGUARD.EXE
E:\Program Files\AVPersonal\AVWIN.EXE
C:\Exe\Net\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fwalerts.zonelabs.com/fwalerts/fwanalyze.jsp?V103=Adpv3gXab977khEAAL0BAAABAAAAAQAAAAIAAAABAAAAooYBADAxMDIJBAIAAQANAQIdLgAAAAAAAAACQAAA//8Q+,,,,Windows+XP-5.1.2600-Service+Pack+1-SP,5.5.062.000,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,1,,&CL=en&LICFLAG=1&OEM=1013&SKU=0&Mode=1&Product=ZoneAlarm (obfuscated)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVSCHED32] E:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGCtrl] E:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - Startup: CPU Meter.lnk = E:\WINDOWS\system32\taskmgr.exe
O4 - Startup: SpeedFan.lnk = E:\Program Files\SpeedFan\speedfan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B2E7293-1D8B-43E9-AF5F-52E36B7656A4}: NameServer = 202.188.0.133 202.188.1.5

Note:
Was using V-buster evaluation copy for scanning, found win32: bagle.am & keenval-o infection.

Anti-Vir, Trend Micro Online Scan, Stinger, CWshredder, Spybot S&D, Lavasoft Adaware. Ran all those but still unable to even detect those  two infections. A false alarm maybe ?


Any advice please?
Thanks Smiley



Moved by redaxe
« Last Edit: March 21, 2005, 10:25:44 PM by redaxe » Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #1 on: March 21, 2005, 10:56:38 PM »

Your version of Hijack This is badly out of date.
Head over to http://www.tomcoyote.com/hjt/ to download the latest version of it.
Extract the application to a permanent folder on your hard drive, e.g. C:\HJT
Then do a new scan and post the logfile here.
Logged

greensinnerz
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #2 on: March 25, 2005, 01:33:19 PM »

here it is ...

Logfile of HijackThis v1.99.1
Scan saved at 9:23:49 PM, on 3/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\AVPersonal\AVGUARD.EXE
E:\Program Files\AVPersonal\AVWUPSRV.EXE
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\GSICON.EXE
E:\WINDOWS\System32\dslagent.exe
E:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\AVPersonal\AVSched32.EXE
E:\Program Files\AVPersonal\AVGNT.EXE
E:\WINDOWS\system32\taskmgr.exe
E:\Program Files\SpeedFan\speedfan.exe
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\WINDOWS\System32\wuauclt.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Mpk\mpk.exe
F:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fwalerts.zonelabs.com/fwalerts/fwanalyze.jsp?V103=Adpv3gXab977khEAAL0BAAABAAAAAQAAAAIAAAABAAAAooYBADAxMDIJBAIAAQANAQIdLgAAAAAAAAACQAAA//8Q+,,,,Windows+XP-5.1.2600-Service+Pack+1-SP,5.5.062.000,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,1,,&CL=en&LICFLAG=1&OEM=1013&SKU=0&Mode=1&Product=ZoneAlarm (obfuscated)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVSCHED32] E:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGCtrl] E:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: CPU Meter.lnk = E:\WINDOWS\system32\taskmgr.exe
O4 - Startup: SpeedFan.lnk = E:\Program Files\SpeedFan\speedfan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe


Thanks! Smiley

Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #3 on: March 25, 2005, 01:48:35 PM »

Start by disabling System Restore, which is something you can re-enable after the PC has been fixed.
Right click My Computer and select Properties.
Click the System Restore tab and in there disable it. Apply and OK out.

Furthermore, make sure that Windows Explorer is set to show hidden files and folders. Click Tools/Folder Options -> View and check Show hidden files and folders and uncheck Hide protected operating system files

Now restart Hijack This and let it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fwalerts.zonelabs.com/fwalerts/fwanalyze.jsp?V103=Adpv3gXab977khEAAL0BAAABAAAAAQAAAAIAAAABAAAAooYBADAxMDIJBAIAAQANAQIdLgAAAAAAAAACQAAA//8Q+,,,,Windows+XP-5.1.2600-Service+Pack+1-SP,5.5.062.000,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,1,,&CL=en&LICFLAG=1&OEM=1013&SKU=0&Mode=1&Product=ZoneAlarm (obfuscated)
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll

Now reboot and send in a new HJT log
Logged

greensinnerz
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #4 on: March 26, 2005, 06:12:56 PM »

Logfile of HijackThis v1.99.1
Scan saved at 2:04:56 AM, on 3/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\AVPersonal\AVGUARD.EXE
E:\Program Files\AVPersonal\AVWUPSRV.EXE
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\wuauclt.exe
E:\WINDOWS\System32\GSICON.EXE
E:\WINDOWS\System32\dslagent.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\AVPersonal\AVSched32.EXE
E:\Program Files\AVPersonal\AVGNT.EXE
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\WINDOWS\system32\taskmgr.exe
E:\Program Files\SpeedFan\speedfan.exe
E:\Program Files\Mpk\mpk.exe
E:\Program Files\Blender Foundation\Blender\blender.exe
E:\Program Files\Opera\opera.exe
E:\Program Files\Diet K\DietK.exe
E:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp
E:\WINDOWS\system32\ntvdm.exe
E:\WINDOWS\system32\notepad.exe
F:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVSCHED32] E:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGCtrl] E:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - Startup: CPU Meter.lnk = E:\WINDOWS\system32\taskmgr.exe
O4 - Startup: SpeedFan.lnk = E:\Program Files\SpeedFan\speedfan.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B2E7293-1D8B-43E9-AF5F-52E36B7656A4}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

note:

to be precise, V-buster detected:

E:\progra~1\blende~1\blender
uninst~1.exe is a trojan named win32:keenval-o

E:\progra~1\kazaal~1
kazaal~1.kpp is a worm named win32:bagle-am

should i attach those two files here for your checkin?


thanks for your time Smiley
Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #5 on: March 26, 2005, 06:31:22 PM »

No need to attach them, we'll take a different approach now Smiley

Start by disabling System Restore, which is something you can re-enable after the PC has been fixed.
Right click My Computer and select Properties.
Click the System Restore tab and in there disable it. Apply and OK out.

Furthermore, make sure that Windows Explorer is set to show hidden files and folders. Click Tools/Folder Options -> View and check Show hidden files and folders and uncheck Hide protected operating system files


Now download the following programs:

CWShredder
Spybot Search & Destroy
Ad-Aware
VX2 Cleaner
Stinger
About:Buster <-- you won't use this one until after we've made some amendments to your logfile.
Cleanup! <-- you won't use this one until after we've made some amendments to your logfile.

Now go to the following online AV scanners (using Internet Explorer):

Rav Antivirus
Trend Antivirus
Panda Activescan

Let all of them delete what they want. Write down what they fail in dealing with.

Then run and update CWShredder. Click the Fixbutton and click OK when the prompt CWShredder will shutdown any open Internet Explorer and Windows Media Player windows. Click OK to continue appears.
Wait for it to finish and then click Next and Finish.

Now install, run, update and scan your system with Spybot S&D.
When it's done scanning, check all entries that are marked RED and click Fix Selected.

Then install Ad-Aware and update it right away. Then scan and let it fix whatever it reports.
Then shut down Ad-Aware.
Then install the VX2 Cleaner and let it install into the Ad-Aware program folder.
Start Ad-Aware again and click the AddOns button. Double click the VX2 Cleaner in there and click OK at the prompt.

If your computer is infected

- Select
Logged

greensinnerz
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #6 on: March 27, 2005, 12:32:29 PM »

Logfile of HijackThis v1.99.1
Scan saved at 8:15:37 PM, on 3/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\GSICON.EXE
E:\WINDOWS\System32\dslagent.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\AVPersonal\AVGUARD.EXE
E:\Program Files\AVPersonal\AVSched32.EXE
E:\Program Files\AVPersonal\AVGNT.EXE
E:\WINDOWS\system32\taskmgr.exe
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\SpeedFan\speedfan.exe
E:\Program Files\AVPersonal\AVWUPSRV.EXE
E:\WINDOWS\System32\drivers\CDAC11BA.EXE
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Mpk\mpk.exe
E:\Program Files\Opera\opera.exe
F:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVSCHED32] E:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGCtrl] E:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - Startup: CPU Meter.lnk = E:\WINDOWS\system32\taskmgr.exe
O4 - Startup: SpeedFan.lnk = E:\Program Files\SpeedFan\speedfan.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B2E7293-1D8B-43E9-AF5F-52E36B7656A4}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - E:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe


Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #7 on: March 27, 2005, 03:09:20 PM »

Congratulations on a job well done Cool

Now for added protection, go to JavaCoolSoftware and get your hands on Spywareblaster and Spywareguard.

Install, run, update and enable all protection in Spywareblaster. Then make sure you check for updates every week.
Install, run, update and allow Spywareguard to start up with Windows. Then make sure you check for updates once a month.

Spywareblaster stops unauthorised installation of various malware into your browsers (IE, Mozilla and Firefox),
while Spywareguard stops Browser Helper Objects being installed in IE without your explicit say so.
Logged

greensinnerz
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #8 on: March 28, 2005, 04:41:25 PM »

thanks for everything ! Wink
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 24, 2018, 02:53:21 AM