Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Changes After Virus (bagle And Others)


  • This topic is locked This topic is locked
3 replies to this topic

#1 Greeneyedsphinx

Greeneyedsphinx

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 26 February 2008 - 09:23 AM

Hi There and thanks again for helping me along and guiding me through this.
What happened: After unzipping something I downloaded all of a sudden Internetpages opened themselves. It only stopped when I "pulled the plug" After that I was led to pages I didn`t specifically looked for. I ran an Antivirus program and after that Vundofix (Found a virus)
Internet worked fine after that but then another problem occured. My Security system (Zone Alarm) was shut down without me realizing that at first. Then I tried to deinstall and install it new after running it from the program folder (doubleclicking the exe file)
didn`t work.
Couldn`t install it though: At least one of the zone alarm files wasn`t removed properly and can`t be removed now
The message I get is: zlavscan.dll can`t be erased. access was denied. Now I am only protected by the window firewall.
Worst problem is: I can`t run any anti spyware programs anymore. Whenever I try to run: Spyware doctor, spybot, Zone Alarm Hijack this, avast Avg anti spyware etc. I get the same message:
.....exe is not an allowed win32 application (don`t know if the translation is right original sentence is: .....exe ist keine zulässige win32 Anwendung) which means I can`t run any of these programs. Programs like real player,winamp and games are still running just fine. The antivirus programs I used after reading your preparation guide worked fine (except spybot) cause they run without being installed and being started from the desktop. I ran: AdAware till nothing was left. Panda Antivirus and bit defender ( I still got some logs in case you need them.)
Worst worm was bagle.

After running all of them I had no more results running McAfee Stinger.
Now I`d like to know how to get rid of the win32 error message and how I can erase the remaining zone alarm file so I can reinstall it. Trying to install it now I get the message:
Setup is unable to log into the TrueVector service. Install cannot continue without logging into the TrueVector service. I googled it and read that this message comes up because part of zone alarm is still running...
I wasn`t able to run hijack this but I can run DSS which includes a hijack this clone. I`ll post this log now.
And again thanks for your help and I know (now) this was my own mistake but I am releatively new to this and have to admit I underestimated the damage a virus can cause. Sorry for your extra work.


--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-26 14:43:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Dokumente und Einstellungen\Lübbers\Eigene Dateien\software\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\GoogleToolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [H2O] C:\Programme\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Programme\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


--
End of file - 11439 bytes

-- Files created between 2008-01-26 and 2008-02-26 -----------------------------

2008-02-26 00:57:42 0 d-------- C:\WINDOWS\BDOSCAN8
2008-02-25 22:56:27 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-02-25 22:53:30 8576 --a------ C:\WINDOWS\system32\drivers\jqydsllxhovh.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-02-25 22:37:21 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-25 21:14:04 0 d-------- C:\Programme\Lavasoft
2008-02-25 21:13:17 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-02-25 17:50:25 0 d-------- C:\Programme\EsetOnlineScanner
2008-02-25 16:45:55 0 d-------- C:\_backupD
2008-02-25 16:45:46 16384 --a------ C:\WINDOWS\system32\restart.exe <Not Verified; WareSoft Software; restart>
2008-02-25 16:45:46 0 d-------- C:\WINDOWS\system32\regdacl
2008-02-25 16:45:46 90112 --a------ C:\WINDOWS\system32\regdacl.exe <Not Verified; Frank Heyne Software; RegTools>
2008-02-25 16:45:46 4096 --a------ C:\WINDOWS\system32\reboot.exe
2008-02-25 16:45:46 53248 --a------ C:\WINDOWS\system32\process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-02-25 16:45:46 280286 --a------ C:\win32delfkil.exe <WIN32D~1.EXE> <Not Verified; Marckie; >
2008-02-25 16:13:53 0 d-------- C:\Dokumente und Einstellungen\Lübbers\.housecall6.6
2008-02-25 15:06:34 0 d-------- C:\$regrest
2008-02-25 14:46:17 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-02-25 14:46:17 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-02-25 14:46:17 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-02-25 14:46:17 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-02-25 14:46:17 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-02-25 14:46:16 0 d-------- C:\Programme\Trojan Remover
2008-02-25 14:30:08 0 d-------- C:\Programme\Alwil Software
2008-02-25 13:17:20 0 d-------- C:\Programme\Spyware Doctor
2008-02-25 13:10:55 0 d-------- C:\Programme\McAfee
2008-02-25 12:23:21 0 d-------- C:\Programme\UltraDVD Standard
2008-02-25 09:51:51 0 d-------- C:\Programme\ratDVD
2008-02-25 09:28:01 7872288 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-25 09:16:14 0 d-------- C:\Programme\Windows Live Safety Center
2008-02-25 08:16:18 0 d-------- C:\Programme\Trend Micro
2008-02-25 06:10:45 0 d-------- C:\VundoFix Backups
2008-02-24 20:58:14 0 d-------- C:\Programme\ClamWin
2008-02-24 20:58:14 0 d-------- C:\Dokumente und Einstellungen\All Users\.clamwin
2008-02-23 19:52:05 0 d-------- C:\Programme\SiteAdvisor
2008-02-23 19:49:57 0 d-------- C:\Programme\Gemeinsame Dateien\McAfee
2008-02-23 14:54:12 0 d-------- C:\Dokumente und Einstellungen\All Users\Application Data
2008-02-23 14:54:12 0 d-------- C:\Dokumente und Einstellungen\All Users\Application Data\PC Tools
2008-02-19 16:18:05 0 d-------- C:\CTDemo
2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-10 20:34:07 0 d-------- C:\Programme\MySpace
2008-02-09 13:02:07 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
2008-02-09 12:19:44 33 --a------ C:\WINDOWS\Ya.com
2008-02-08 22:17:24 0 d-------- C:\Programme\Chord Pro Manager
2008-02-08 22:17:11 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-06 18:38:31 0 d-------- C:\Programme\Musicnotes
2008-02-05 16:21:10 0 d-------- C:\Programme\Winamp
2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
2008-02-01 19:24:02 0 d--h----- C:\WINDOWS\PIF
2008-02-01 18:53:36 0 d-------- C:\WINDOWS\system32\drivers\down
2008-02-01 18:48:15 216064 --a------ C:\WINDOWS\iun3405.exe <Not Verified; Indigo Rose Corporation; Indigo Rose Corporation unin32>
2008-01-30 08:14:39 4608 --a------ C:\WINDOWS\system32\imslevel.dll
2008-01-30 08:14:39 102912 --a------ C:\WINDOWS\system32\imsispd.exe
2008-01-30 08:14:39 11776 --a------ C:\WINDOWS\system32\imsispd.dll
2008-01-29 10:35:52 0 d-------- C:\Program Files
2008-01-29 05:38:36 0 d-------- C:\Programme\Chord Pickout
2008-01-29 03:54:18 0 d-------- C:\Programme\EA GAMES
2008-01-29 03:43:54 0 d-------- C:\Programme\DFX
2008-01-29 02:40:58 0 d-------- C:\Programme\Sienzo
2008-01-29 01:04:25 0 d-------- C:\Programme\Gemeinsame Dateien\xing shared


-- Find3M Report ---------------------------------------------------------------

2008-02-26 14:40:43 411766 --a------ C:\WINDOWS\system32\perfh007.dat
2008-02-26 14:40:43 72846 --a------ C:\WINDOWS\system32\perfc007.dat
2008-02-26 00:03:41 0 d-------- C:\Programme\Messenger
2008-02-25 23:56:22 0 d-------- C:\Programme\Google
2008-02-25 21:13:17 0 d-------- C:\Programme\Gemeinsame Dateien
2008-02-25 14:46:16 0 d-------- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\Simply Super Software
2008-02-25 14:45:29 0 d-------- C:\Programme\Registry Clean Expert <REGIST~1>
2008-02-25 14:31:19 0 d-------- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\UseNeXT
2008-02-25 14:01:21 64 --a------ C:\WINDOWS\popcinfo.dat
2008-02-25 13:17:20 0 d-------- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\PC Tools
2008-02-25 09:28:15 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-25 08:58:52 0 d-------- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\McAfee
2008-02-24 20:58:37 0 d-------- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\.clamwin
2008-02-23 20:49:13 0 d-------- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\SiteAdvisor
2008-02-15 03:30:19 0 d-------- C:\Programme\ErrorSmart
2008-02-15 03:30:19 0 d-------- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\ErrorSmart
2008-02-10 20:34:13 0 d-------- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\MySpace
2008-02-08 22:21:14 0 d-------- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\Help
2008-01-29 08:35:52 0 d-------- C:\Programme\XMedia Recode
2008-01-29 01:03:57 0 d-------- C:\Programme\Gemeinsame Dateien\Real
2008-01-28 20:10:27 0 d-------- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\Real
2008-01-25 01:49:50 0 d-------- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\Steinberg
2008-01-25 01:44:39 0 d-------- C:\Programme\Syncrosoft
2008-01-25 01:32:12 0 d-------- C:\Programme\Pinnacle
2008-01-25 01:32:11 0 d-------- C:\Programme\Steinberg
2008-01-23 10:12:43 0 d-------- C:\Programme\PopCap Games
2008-01-23 09:32:35 0 d-------- C:\Programme\Zylom Games
2008-01-23 09:22:05 0 d-------- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\Zylom
2008-01-23 09:22:05 0 d-------- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\Identities
2008-01-21 23:20:36 0 d-------- C:\Programme\AC3Filter
2008-01-20 23:19:59 0 d-------- C:\Programme\John Deere American Farmer Deluxe
2008-01-20 18:18:38 0 d--h----- C:\Programme\InstallShield Installation Information
2008-01-18 03:49:45 0 d-------- C:\Programme\DivX
2008-01-16 02:43:30 0 d-------- C:\Programme\UseNeXT
2008-01-13 12:35:22 0 d-------- C:\Programme\Alcohol Soft
2008-01-13 04:30:46 0 d-------- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\Microsoft Games
2008-01-13 04:29:36 0 d-------- C:\Programme\Microsoft Games
2008-01-13 03:43:56 0 d-------- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\Shedko Badges
2008-01-13 03:05:12 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-12 23:24:53 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-10 19:00:35 0 d-------- C:\Programme\QuickTime
2008-01-10 01:52:53 0 d-------- C:\Programme\Ashampoo
2008-01-10 01:18:00 0 d-------- C:\Programme\Gemeinsame Dateien\Nero
2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
2008-01-09 12:18:12 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-09 12:16:10 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-09 12:16:10 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-09 12:16:02 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-09 12:16:02 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-09 12:16:02 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-09 12:16:02 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-07 03:27:19 73728 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-01-06 23:02:12 0 d-------- C:\Programme\Baby Luv
2008-01-06 22:57:27 0 d-------- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\SpinTop
2008-01-06 17:37:45 0 d-------- C:\Programme\Insaniquarium Deluxe
2008-01-06 17:37:03 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-01-04 14:24:15 0 d-------- C:\Programme\Bubble Shooter Premium Edition
2008-01-03 22:38:55 0 d-------- C:\Programme\Gemeinsame Dateien\DirectX
2007-12-30 08:28:47 0 d-------- C:\Programme\Alice Greenfingers
2007-12-29 17:29:01 0 d-------- C:\Programme\bfgclient
2007-12-29 15:41:27 0 d-------- C:\Programme\Quiz_2
2007-12-28 13:49:04 0 d-------- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\Schoolhouse Technologies
2007-12-28 13:47:10 0 d-------- C:\Programme\Reference Assemblies
2007-12-28 13:39:26 0 d-------- C:\Programme\Gamenext
2007-12-26 14:40:35 0 d-------- C:\Programme\ReflexiveArcade
2007-12-26 03:10:18 0 d-------- C:\Programme\AviSynth 2.5
2007-12-26 03:09:22 0 d-------- C:\Programme\Gabest
2007-12-26 03:07:06 587 --a------ C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\AutoGK.ini
2007-12-26 02:57:02 43698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2007-12-20 07:27:52 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2007-12-12 02:05:31 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-12 02:04:04 56 -r-hs---- C:\WINDOWS\system32\D3BA40ABAF.sys
2007-12-11 20:43:44 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-10 19:31:38 459 -rah----- C:\WINDOWS\system32\xdsaxdotty.dll
2007-12-10 19:31:38 459 -rah----- C:\WINDOWS\system32\ttys2saxdo.dll
2007-12-10 19:31:38 459 -rah----- C:\2syttodxas.sys
2007-12-06 02:15:11 792298 --a------ C:\WINDOWS\system32\catsplay.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2007-12-03 17:30:32 0 -rahs---- C:\MSDOS.SYS
2007-12-03 17:30:32 0 -rahs---- C:\IO.SYS
2007-12-03 17:30:32 0 --a------ C:\CONFIG.SYS
2007-12-03 17:30:32 0 --a------ C:\AUTOEXEC.BAT
2007-12-03 17:27:49 21740 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-03 17:16:25 62 --ahs---- C:\Dokumente und Einstellungen\Lübbers\Anwendungsdaten\desktop.ini
2007-12-03 15:45:49 1548288 --a------ C:\WINDOWS\system32\sfcfiles.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-03 15:45:32 998912 --a------ C:\WINDOWS\system32\syssetup.dll <Not Verified; Microsoft Corporation; Betriebssystem Microsoft® Windows®>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="sm56hlpr.exe" [26.05.2005 18:12 C:\WINDOWS\sm56hlpr.exe]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [07.01.2005 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [23.03.2005 00:00 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [23.03.2005 00:00 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [23.03.2005 00:00 C:\WINDOWS\ALCMTR.EXE]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [26.02.2008 04:55]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11]
"nwiz"="nwiz.exe" [11.11.2007 18:51 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11.11.2007 18:51]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [01.03.2007 15:57]
"NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08.08.2007 09:25]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [11.12.2007 10:56]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11.11.2007 18:51]
"H2O"="C:\Programme\SyncroSoft\Pos\H2O\cledx.exe" [11.05.2005 02:46]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [29.01.2008 01:03]
"ZoneAlarm Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" []
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [28.02.2006 12:00]
"MsnMsgr"="C:\Programme\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 11:34]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [13.10.2004 17:24]
"AlcoholAutomount"="C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" [20.01.2008 02:26]
"MySpaceIM"="C:\Programme\MySpace\IM\MySpaceIM.exe" [01.02.2008 21:32]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [26.02.2008 00:15]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Programme\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Programme\PixiePack Codec Pack\InstallerHelper.exe



-- End of Deckard's System Scanner: finished at 2008-02-26 14:43:36 ------------

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 15 March 2008 - 02:55 PM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:
Preparation Guide For Use Before Posting A HijackThis Log
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 Greeneyedsphinx

Greeneyedsphinx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 15 March 2008 - 04:34 PM

Thanks for answering but I already got rid of the virus myself and think I might have been pretty lucky cause I read that other users rarely got rid of Bagle without having to set up the whole system new. Your start page helped me a lot. after running some of the online anti virus software I was finally able to fix all of my anti virus software , run spyware doctor again and have now installed Kaspersky which seems to have found the rest of the spyware and viruses. Internet works fine, so do all the programs that used to give me win32 error replys. Your first page helped a lot , so thanks even though your answering took some time... have a nice weekend :thumbsup:

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 15 March 2008 - 05:16 PM

Good job! :thumbsup:
This thread will now be closed.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users