User User name Password  
   
Wednesday 4.12.2024 / 14:05
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > possible infection?
Show topics
 
Forums
Forums
Possible Infection?
  Jump to:
 
Posted Message
Xplorer4
Senior Member

4 product reviews
_
31. August 2011 @ 03:32 _ Link to this message    Send private message to this user   
When windows boots up I get an error about gclgaf40.dll module not found. I also can not seem to open my context menu on my desktop with out windows complaining. For example I tried to rename a folder. If I try to rename it it says it does not exist. If I try to choose rename, but not actually change the folder name, then it says it already exists. A quick google search about this error turned up lots of virus reports so I am a bit paranoid. I am baffled how anything would have managed to infect my computer. None the less, here is the hijack this log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:19:50 AM, on 8/31/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
C:\Program Files (x86)\Vuze\Azureus.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Users\Xplorer4x4\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
C:\Users\Xplorer4x4\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUMonitor-1.gadget\GPUMonitor.exe
C:\Program Files (x86)\Razer\Copperhead\razertra.exe
C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
C:\Program Files (x86)\mIRC\mirc.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Deluge\deluge-gtk.exe
C:\Program Files (x86)\AIMP3\AIMP3.exe
C:\Program Files (x86)\Bitvise Tunnelier\Tunnelier.exe
C:\Program Files (x86)\Bitvise Tunnelier\totermc.exe
C:\Users\Xplorer4x4\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [Copperhead] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\RunServices: [BulletProof FTP Server 2011 Startup] C:\Program Files (x86)\BulletProof FTP Server 2011\bpftpserver-2011.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [7 Taskbar Tweaker] "C:\Users\Xplorer4x4\AppData\Roaming\7 Taskbar Tweaker\7 Taskbar Tweaker.exe" -hidewnd
O4 - HKCU\..\Run: [Azureus] C:\Program Files (x86)\Vuze\Azureus.exe
O4 - HKCU\..\Run: [MysticThumbs] C:\Program Files\MysticCoder\MysticThumbs\MysticThumbsTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Xplorer4x4\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Update ESET's license.lnk = C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C735C13-E7DB-436A-95EE-C3981B2B01D6}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C735C13-E7DB-436A-95EE-C3981B2B01D6}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: PhoneMyPC_Helper - SoftwareForMe Inc - C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8562 bytes

OS: Kubuntu 12.10/Windows 8 -- CPU: Intel Core i7 2600K -- Motherboard: MSI P67A-G45 -- Memory: 2x4GB Corsair Dominator -- Graphics Card: Sapphire 4890 Vapor-X -- Monitor: Dell 2208WFP -- Mouse: Mionix NAOS 5000 -- PSU: Corsair 520HX -- Case: Thermaltake Mozart TX -- Cooling: Thermalright TRUE Black Ultra-120 eXtreme CPU Heatsink Rev C -- Hard Drives: 1x180 GB Intel 330 SSD/1xWD 1 TB Caviar Black/1xWD 2 TB Caviar Green/2xWD 3 TB Caviar Green
AfterDawn Addict
_
7. September 2011 @ 16:59 _ Link to this message    Send private message to this user   
Hi Xplorer4,
I see you are a Senior Member so I?ll try not to patronize you. Lol

Move your HJT:
C:\Users\Xplorer4x4\Desktop\HijackThis.exe Hijackthis must be run in an own folder. Only if Hijackthis is run in it?s own folder will it create backups! E. g. C:\Program Files\HijackThis\HijackThis.exe

Deluge is a nasty?..
If you can find it in add/remove programs then un-install it. If not, use HJT to fix this line:
C:\Program Files (x86)\Deluge\deluge-gtk.exe

Download and run SuperAntiSpyware Free ? That should take care of it. If not, give me a shout..

You really need an Anti Virus. You have remnants of ESET NOD32 but it is not running.
If it?s out of date and you don?t want to pay for it, just uninstall and install a free one that is better?. MS essentials AV or Avira Antivir Free. Both are Free and both work better that NOD32.


2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Xplorer4
Senior Member

4 product reviews
_
7. September 2011 @ 17:39 _ Link to this message    Send private message to this user   
Hey 2oG, thanks for the answer. I have already did a format and clean install to solve the problem, but I just did a another HJT log and see similar results.
http://pastebin.com/4UssykMD

If memory serves me right I did try SuperAntiSpywareFree but it found no real infections. It found a false positive or two, maybe a tracking cookie or two but nothing of any real significance Will give it another try.

As for as security goes, I had Nod32 installed and running. I assure you it was running. I had Malwarebytes installed, but I always have it set up for a daily scheduled scan rather then real time protection. I tried Microsoft Standalone System Sweeper and that did find something if memory serves me right, but it was unable to clean it and I was to impatient to wait on a scan of F-Secure Rescue CD to run and clean it out.

If you have any more ideas let me know. In the mean time I will run a scan or two and get back with the results.

Going to run another scan of Super. I assume the portable version will do the trick?

Also, what are you talking about in regard to deluge? Since when did Deluge become a problem? :s

OS: Kubuntu 12.10/Windows 8 -- CPU: Intel Core i7 2600K -- Motherboard: MSI P67A-G45 -- Memory: 2x4GB Corsair Dominator -- Graphics Card: Sapphire 4890 Vapor-X -- Monitor: Dell 2208WFP -- Mouse: Mionix NAOS 5000 -- PSU: Corsair 520HX -- Case: Thermaltake Mozart TX -- Cooling: Thermalright TRUE Black Ultra-120 eXtreme CPU Heatsink Rev C -- Hard Drives: 1x180 GB Intel 330 SSD/1xWD 1 TB Caviar Black/1xWD 2 TB Caviar Green/2xWD 3 TB Caviar Green

This message has been edited since posting. Last time this message was edited on 7. September 2011 @ 17:43

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > possible infection?
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork