Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Gael And Generic


  • This topic is locked This topic is locked
16 replies to this topic

#1 chika

chika

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 08 October 2007 - 07:41 AM

Can anyone please help? I have what seems like a serious GAEL and Generic.Peed infection on my PC. BitDefender cleaned it for a while but they're both back with a vengence. Have run Hijack this and the log looks like this.. MAny thanks in advance


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:08, on 08/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\SatSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Semaview\Sherpa\Calendar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Softwin\BitDefender9\bdlite.exe
C:\Documents and Settings\Lady K\Desktop\Virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ignitecreative.tv
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AntiSpywareBot] C:\Program Files\AntiSpywareBot\AntiSpywareBot.exe -boot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigital.com/HMV.Digital.WebS....Downloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136129462625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Steganos AntiTheft - Unknown owner - C:\WINDOWS\system32\\SatSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9145 bytes

BC AdBot (Login to Remove)

 


#2 chika

chika
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 08 October 2007 - 09:48 AM

Having done a further scan I have also found 12 more viruses! Please help. Thanks

#3 chika

chika
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 10 October 2007 - 03:07 AM

Can anyone help please? :thumbsup:

#4 chika

chika
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 11 October 2007 - 07:37 AM

Anyone there? :thumbsup:

#5 chika

chika
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 15 October 2007 - 06:52 AM

Hi still need help please!!! Thanks, chika

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:23 PM

Posted 16 October 2007 - 09:40 AM

  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.

#7 chika

chika
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 16 October 2007 - 01:05 PM

Thank you Lawrence! Attached are the 2 files as requested. chika

ComboFix 07-10-16.1 - Lady K 2007-10-16 18:56:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.375 [GMT 1:00]
Running from: C:\Documents and Settings\Lady K\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Lady K\Application Data\AntiSpywareBot
C:\Documents and Settings\Lady K\Application Data\AntiSpywareBot\Log\log_2007_05_29_02_15_33.log
C:\Documents and Settings\Lady K\Application Data\AntiSpywareBot\Log\log_2007_05_29_02_15_35.log
C:\Documents and Settings\Lady K\Application Data\AntiSpywareBot\Log\log_2007_05_29_03_00_21.log
C:\Documents and Settings\Lady K\Application Data\AntiSpywareBot\Log\log_2007_05_29_03_00_24.log
C:\Documents and Settings\Lady K\Application Data\AntiSpywareBot\Settings\CustomScan.stg
C:\Documents and Settings\Lady K\Application Data\AntiSpywareBot\Settings\IgnoreList.stg
C:\Documents and Settings\Lady K\Application Data\AntiSpywareBot\Settings\ScanInfo.stg
C:\Documents and Settings\Lady K\Application Data\AntiSpywareBot\Settings\ScanResults.stg
C:\Documents and Settings\Lady K\Application Data\AntiSpywareBot\Settings\SelectedFolders.stg
C:\Documents and Settings\Lady K\Application Data\AntiSpywareBot\Settings\Settings.stg
C:\Documents and Settings\Lady K\Application Data\ASKS~1
C:\Documents and Settings\Lady K\Application Data\CROSOF~1.NET
C:\Documents and Settings\Lady K\Application Data\TSKS~1
C:\Documents and Settings\Lady K\Application Data\WNSXS~1
C:\Documents and Settings\Lady K\My Documents\STEM32~1
C:\Program Files\AntiSpywareBot
C:\Program Files\AntiSpywareBot\unins000.exe
C:\Program Files\dobe~1
C:\Program Files\pppatc~1
C:\WINDOWS\crosof~1.net
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\racle~1
C:\WINDOWS\sstem3~1
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\driver\bcm43xx.cat
C:\WINDOWS\system32\driver\RNDISMP.sys
C:\WINDOWS\system32\driver\RNDISMPK.sys
C:\WINDOWS\system32\driver\usb8023.sys
C:\WINDOWS\system32\driver\usb8023k.sys
C:\WINDOWS\system32\ystem3~1
C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job
C:\WINDOWS\ymbols~1

.
((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))))
.

2007-10-16 18:54 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 17:53 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 02:08 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-08 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-05 11:19 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-10-05 11:19 19,424 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2007-10-05 11:16 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-09-18 17:33 49,024 --a------ C:\WINDOWS\system32\drivers\mstape.sys
2007-09-18 17:33 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2007-09-18 17:33 13,696 --a------ C:\WINDOWS\system32\drivers\avcstrm.sys
2007-09-18 17:33 13,696 --a--c--- C:\WINDOWS\system32\dllcache\avcstrm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-16 17:56 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-10-16 17:56 --------- d-----w C:\Documents and Settings\Lady K\Application Data\Semaview
2007-10-13 22:29 --------- d-----w C:\Program Files\QuickTime
2007-10-11 16:11 --------- d-----w C:\Program Files\Dl_cats
2007-10-08 04:19 700,416 ----a-w C:\StubInstaller.exe
2007-10-08 04:02 --------- d-----w C:\Program Files\crack
2007-10-08 03:04 --------- d-----w C:\Program Files\TrojanHunter 4.5
2007-10-08 03:04 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-10-08 03:04 --------- d-----w C:\Program Files\Steganos Security Suite 2006
2007-10-08 03:02 --------- d-----w C:\Program Files\SmartFTP
2007-10-08 02:54 --------- d-----w C:\Program Files\MSN Messenger
2007-10-08 02:35 --------- d-----w C:\Program Files\FinePixViewer
2007-10-08 02:35 --------- d-----w C:\Program Files\Dell AIO 810
2007-10-08 02:00 --------- d-----w C:\Program Files\7-Zip
2007-10-08 00:06 --------- d-----w C:\Documents and Settings\Lady K\Application Data\uTorrent
2007-10-05 10:23 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-10-05 10:23 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-10-04 20:26 --------- d-----w C:\Documents and Settings\Lady K\Application Data\Skype
2007-09-26 01:22 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-23 15:15 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-09-11 11:12 --------- d-----w C:\Program Files\iTunes
2007-09-11 11:12 --------- d-----w C:\Program Files\iPod
2007-09-11 11:06 --------- d-----w C:\Program Files\Apple Software Update
2007-09-04 21:44 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-09-04 21:44 --------- d-----w C:\Program Files\BUFFALO
2007-09-03 22:14 --------- d-----w C:\Program Files\AIM6
2007-08-28 12:15 --------- d-----w C:\Program Files\Viewpoint
2007-08-28 12:15 --------- d-----w C:\Documents and Settings\Lady K\Application Data\acccore
2007-08-28 12:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-28 12:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-08-28 12:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-08-28 12:14 --------- d-----w C:\Program Files\Common Files\AOL
2007-08-28 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-08-21 14:24 31,136 ----a-w C:\Documents and Settings\Lady K\Application Data\GDIPFONTCACHEV1.DAT
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-20 09:13 --------- d-----w C:\Program Files\Java
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-21 13:45 6,144 --sha-w C:\Program Files\Common Files\Thumbs.db
2006-08-01 17:42 25,214 ----a-w C:\Program Files\Common Files\favicon.ico
2005-11-15 00:52 8,767,485 ----a-w C:\Program Files\eventSherpa_2_1_1397.exe
2005-04-25 14:15 331 ----a-w C:\Program Files\Nero_WHSmithPaperStockFile.dat
2004-11-16 00:35 37,376 --sha-w C:\Program Files\Thumbs.db
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-14 23:56]
"DLCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 19:56]
"dlcgmon.exe"="C:\Program Files\Dell AIO 810\dlcgmon.exe" [2005-10-21 16:42]
"BDMCon"="C:\Program Files\Softwin\BitDefender9\bdmcon.exe" [2007-02-24 20:28]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 19:53]
"BDNewsAgent"="C:\Program Files\Softwin\BitDefender9\bdnagent.exe" [2005-06-09 12:28]
"BDSwitchAgent"="C:\Program Files\Softwin\BitDefender9\bdswitch.exe" [2005-04-06 15:09]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-11-03 14:46]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"THGuard"="C:\Program Files\TrojanHunter 4.5\THGuard.exe" [2006-05-31 19:52]
"NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-07-07 15:29]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-05-09 17:54]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SSS2006"="C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ClientManager3.lnk - C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe [2007-09-04 22:44:43]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2005-12-30 17:14:03]
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 14:26:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"=0 (0x0)
"Mn@mlrf"=0 (0x0)
"MnOndNeg"=0 (0x0)
"MnQtm"=0 (0x0)
"NoLogOff"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

R1 BUFADPT;BUFADPT;\??\C:\WINDOWS\system32\BUFADPT.SYS
R1 SLEE_13_DRIVER;Steganos Live Encryption Engine 13 [Driver];\??\C:\WINDOWS\system32\drivers\SLEE13.sys
R2 Steganos AntiTheft;Steganos AntiTheft;C:\WINDOWS\system32\\SatSrv.exe
S3 AVCSTRM;AVC Streaming Filter Driver;C:\WINDOWS\system32\DRIVERS\avcstrm.sys
S3 MSTAPE;Microsoft AV/C Tape Subunit Device;C:\WINDOWS\system32\DRIVERS\mstape.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c648e69-1f77-11dc-8b64-000cf1e5830f}]
Auto\command - F:\fun.xls.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-16 18:00:00 C:\WINDOWS\Tasks\AC8F77959184EAA1.job"
- c:\docume~1\ladyk~1\applic~1\pollac~1\ELSEPLANCASH.exe
"2007-10-13 22:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-16 16:00:00 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 19:00:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-16 19:01:59
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:30, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\program files\softwin\bitdefender9\bdnagent.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\SatSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\explorer.exe
C:\ComboFix\nircmd.cfexe
C:\Documents and Settings\Lady K\Desktop\Virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ignitecreative.tv
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigital.com/HMV.Digital.WebS....Downloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136129462625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Steganos AntiTheft - Unknown owner - C:\WINDOWS\system32\\SatSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9114 bytes

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:23 PM

Posted 17 October 2007 - 11:11 AM

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\StubInstaller.exe
C:\Program Files\eventSherpa_2_1_1397.exe
C:\WINDOWS\Tasks\AC8F77959184EAA1.job
c:\docume~1\ladyk~1\applic~1\pollac~1\ELSEPLANCASH.exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"=-
"Mn@mlrf"=-
"MnOndNeg"=-
"MnQtm"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c648e69-1f77-11dc-8b64-000cf1e5830f}]


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#9 chika

chika
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 17 October 2007 - 12:55 PM

As requested!!! thanks :thumbsup:

Attached Files


Edited by chika, 17 October 2007 - 12:58 PM.


#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:23 PM

Posted 17 October 2007 - 04:04 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -

Reboot your computer and post a new log.

When posting the log, please do not attach it to the post. Instead post the log as a reply.

#11 chika

chika
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 17 October 2007 - 04:45 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44:30, on 17/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\SatSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Lady K\Desktop\Virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ignitecreative.tv
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigital.com/HMV.Digital.WebS....Downloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136129462625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Steganos AntiTheft - Unknown owner - C:\WINDOWS\system32\\SatSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 8711 bytes

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:23 PM

Posted 17 October 2007 - 04:52 PM

Looks good to me. How does it feel to you?

#13 chika

chika
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 18 October 2007 - 04:39 AM

I am doing a BitDefender scan right now and Gael.Peed is still around in my email data files. I also can't instal some programmes, which perhaps is due to Gael? Thanks for your help so far.. Is there anything else I can do?

#14 chika

chika
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 18 October 2007 - 09:40 AM

Further to my reply above.. I get an error "1935" to do with registry keys when I attempt to instal anything. eek.

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:23 PM

Posted 18 October 2007 - 09:43 AM

I need more detail than what you are providing. What do you mean it is is still around your email files? Where exactly is it found? It is possible that you have this file as an attachment in your email, which I can do nothing about. The only way to get rid of those is to delete the email message they are attached to.

As for the 1935 error, you will need to post that problem in the Windows XP forum as it is not malware related.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users