Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Need help with virii/malware on my PC
New Posts  All Forums:Forum Nav:

Need help with virii/malware on my PC - Page 2

post #11 of 23
Thread Starter 
Quote:
Originally Posted by deskjockey View Post
I have done that too, didnt have a problem with the virus "jumping" to my thumb drive


you are in safe mode right?
Actually my computer for the moment is switched off, but I'll go boot it into safemode now.

I think this whole thing is actually going to be quite good for me. I've never really learnt how to get rid of a virus the manual way, and it should be a good experience/lesson to learn how to do so.

Back in a bit.
post #12 of 23
Thread Starter 
Ok update on the malware problem. I ran all the programs, which themselves got rid of a LOT of crap, so thanks to you all for that. However, the trojan itself was a slippery little bugger and couldn't actually be cleaned by any program unfortunately. However, there was this one .dll file kept cropping up when i was running the programs so i decided to investigate.

The file was called "nnnoPFuu.dll", i quickly ran a google search on this which turned up nothing, which confirmed my suspicions even more about this mysterious file. Looking at the file name itself i thought that it looked as if it had no real meaning or intelligence behind it, so i figured it must have been randomly generated. The google search confirmed it since, if it was a well-known windows file, it probably would have turned up with some website giving an explanation as to what it does.

So then i went into Recovery Console, found where the file was, System32 (where i suspected it might be hiding), then I "DEL C:\\WINDOWS\\SYSTEM32\\NNNOPFUU.DLL"-'d it's butt! (I deleted it)

Now I'm gonna go run another virus check to make sure its gone but so far so good, cheers guys!
Edited by voice - 6/21/08 at 5:43am
post #13 of 23
Some odd Trojans and Worms require a utility to remove them. Just deleting them may not work.
Do search on them and many times you'll end up at a forum on "HiJackThis" on how to properly deal with it.
HiJackThis is a great utility for investigating, but don't use it to fix anything!!!
    
CPUMotherboardGraphicsRAM
X4 965 ASUS M4A79 Deluxe 9800GTx2 2x2G OCZ Reapers 
Hard DriveOptical DriveOSMonitor
500G WD Black LiteOn CD/DVD R/W Win7 64 22'' ws Acer AL2223W 
KeyboardPowerMouse
MS KU462 Natural SS DA750 MS 5 button 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
X4 965 ASUS M4A79 Deluxe 9800GTx2 2x2G OCZ Reapers 
Hard DriveOptical DriveOSMonitor
500G WD Black LiteOn CD/DVD R/W Win7 64 22'' ws Acer AL2223W 
KeyboardPowerMouse
MS KU462 Natural SS DA750 MS 5 button 
  hide details  
Reply
post #14 of 23
Thread Starter 
Quote:
Originally Posted by The Duke View Post
Some odd Trojans and Worms require a utility to remove them. Just deleting them may not work.
Do search on them and many times you'll end up at a forum on "HiJackThis" on how to properly deal with it.
HiJackThis is a great utility for investigating, but don't use it to fix anything!!!
Thanks for letting me know, I'm still not using my PC I'm running it through another scan of kaspersky to see if it picks anything up. Should i run HijackThis and post the log here?
post #15 of 23
That works. Sounds alittle like what I had.

Though, I am now using Acronis True Image, and just backed up my OS to a stable image with only motherboard and graphics drivers on it. That way, if something like this happens, I just have to update windows with hotfixes again, and install the remaining useless drivers I have.

Yeah, post your HiJack This Log, and a CC Cleaner log. That way, we can make sure you got rid of everything.
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
post #16 of 23
Thread Starter 
I ran HijackThis last night, and checked it on HijackThis.de . I found two entries on it that linked to two spyware files that Combofix had deleted (meaning the entries were no longer working), so i went ahead and deleted them, i couldn't see anything else there that was cause for alarm, however, I'll still post it and a CCleaner log just so you im definately sure (you guys know a lot more than me about this).

Also, my kaspersky scan shows two generic trojans (probably the same ones), embedded within something called "IEShow.exe". It's detecting them using heuristics. One is inside a system restore file, another within a BitDefender Security beta. However, when it goes to clean them it can't find them. So I'm not sure whats going on there. Should i just go ahead and manually delete them files? I'm going to run a google search on "IEShow.exe" to see if it's dodgy or not.

Back in a bit.

EDIT: Just ran the google search, IEShow.exe is part of the Bitdefender package. So it's obviously Kaspersky being extra suspicious, but it's a perfectly harmless object.
Edited by voice - 6/21/08 at 5:41am
post #17 of 23
Thread Starter 
Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:58, on 21/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe
C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanlu.exe
C:\\WINDOWS\\system32\\CTXFIHLP.EXE
C:\\WINDOWS\\CTHELPER.EXE
C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe
C:\\WINDOWS\\SYSTEM32\\CTXFISPI.EXE
C:\\WINDOWS\\system32\\RUNDLL32.EXE
C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Kontiki\\KHost.exe
C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe
C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe
C:\\Program Files\\Kontiki\\KService.exe
C:\\Program Files\\NVIDIA Corporation\
Tune\
TuneService.exe
C:\\WINDOWS\\system32\
vsvc32.exe
C:\\WINDOWS\\system32\\PnkBstrA.exe
C:\\Program Files\\Alcohol Soft\\Alcohol 120\\StarWind\\StarWindServiceAE.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\TOMBRAID\\TRAISVCS.EXE
C:\\WINDOWS\\system32\askmgr.exe
C:\\WINDOWS\\system32\\wscntfy.exe
C:\\WINDOWS\\system32\
undll32.exe
C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\\Program Files\\Veoh Networks\\Veoh\\Plugins\
eg\\VeohToolbar.dll
O3 - Toolbar: (no name) - {B4B8E731-19DA-43DF-9E91-4B33E8478EF3} - (no file)
O4 - HKLM\\..\\Run: [AudioDrvEmulator] "C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe" -1 AudioDrvEmulator "C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll"
O4 - HKLM\\..\\Run: [VolPanel] "C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanlu.exe" /r
O4 - HKLM\\..\\Run: [PHIME2002ASync] "C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EX E" /SYNC
O4 - HKLM\\..\\Run: [PHIME2002A] "C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EX E" /IMEName
O4 - HKLM\\..\\Run: [LogonStudio] "C:\\Program Files\\WinCustomize\\LogonStudio\\logonstudio.exe" /RANDOM
O4 - HKLM\\..\\Run: [JMB36X IDE Setup] C:\\WINDOWS\\RaidTool\\xInsIDE.exe
O4 - HKLM\\..\\Run: [IMJPMIG8.1] "C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\\..\\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\\..\\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\\..\\Run: [BootSkin Startup Jobs] "C:\\Program Files\\Stardock\\WinCustomize\\BootSkin\\BootSkin. exe" /StartupJobs
O4 - HKLM\\..\\Run: [36X Raid Configurer] "C:\\WINDOWS\\system32\\xRaidSetup.exe" boot
O4 - HKLM\\..\\Run: [GrooveMonitor] "C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [AVP] "C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"
O4 - HKCU\\..\\Run: [NVIDIA nTune] "C:\\Program Files\\NVIDIA Corporation\
Tune\
TuneCmd.exe" clear
O4 - HKCU\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [kdx] C:\\Program Files\\Kontiki\\KHost.exe -all
O4 - HKCU\\..\\Run: [SpybotSD TeaTimer] C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe
O4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-20\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\\Program Files\\FlashGet\\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\\Program Files\\FlashGet\\jc_link.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\\Program Files\\FlashGet\\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\\Program Files\\FlashGet\\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1197079129062
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5033/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\PROGRA~1\\MICROS~2\\Office12\\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL
O20 - AppInit_DLLs: wbsys.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adia lhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\\Program Files\\Kontiki\\KService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\\Program Files\\NVIDIA Corporation\
Tune\
TuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\\WINDOWS\\system32\\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\\Program Files\\Alcohol Soft\\Alcohol 120\\StarWind\\StarWindServiceAE.exe
O23 - Service: Tomb Raider Advanced Installer Multiprocessor Helper (TraiHelper) - RatkovicDesign - C:\\TOMBRAID\\TRAISVCS.EXE

--
End of file - 7828 bytes



UPDATE: I have found an issue with my computer. When i go to turn Automatic Updates on, it reports it as off. I am guessing this was left over by the malware, does anyone have any ideas on how to fix this?
Edited by voice - 6/21/08 at 8:23am
post #18 of 23
Quote:
Originally Posted by voice View Post
Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:58, on 21/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
Crogram FilesCreativeShared FilesModule LoaderDLLML.exe
Crogram FilesCreativeSound Blaster X-FiVolume PanelVolPanlu.exe
C:WINDOWSsystem32CTXFIHLP.EXE
C:WINDOWSCTHELPER.EXE
Crogram FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSSYSTEM32CTXFISPI.EXE
C:WINDOWSsystem32RUNDLL32.EXE
Crogram FilesKaspersky LabKaspersky Internet Security 7.0avp.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesKontikiKHost.exe
Crogram FilesSpybot - Search & DestroyTeaTimer.exe
Crogram FilesKaspersky LabKaspersky Internet Security 7.0avp.exe
Crogram FilesKontikiKService.exe
Crogram FilesNVIDIA CorporationnTunenTuneService.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
Crogram FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32svchost.exe
C:TOMBRAIDTRAISVCS.EXE
C:WINDOWSsystem32taskmgr.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32rundll32.exe
Crogram FilesTrend MicroHijackThisHijackThis.exe

[B][R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - Crogram FilesVeoh NetworksVeohPluginsregVeohToolbar.dll
O3 - Toolbar: (no name) - {B4B8E731-19DA-43DF-9E91-4B33E8478EF3} - (no file)
O4 - HKLM..Run: [AudioDrvEmulator] "Crogram FilesCreativeShared FilesModule LoaderDLLML.exe" -1 AudioDrvEmulator "Crogram FilesCreativeShared FilesModule LoaderAudio EmulatorAudDrvEm.dll"
O4 - HKLM..Run: [VolPanel] "Crogram FilesCreativeSound Blaster X-FiVolume PanelVolPanlu.exe" /r
O4 - HKLM..Run: [PHIME2002ASync] "C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE" /SYNC
O4 - HKLM..Run: [PHIME2002A] "C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE" /IMEName
O4 - HKLM..Run: [LogonStudio] "Crogram FilesWinCustomizeLogonStudiologonstudio.exe" /RANDOM

O4 - HKLM..Run: [JMB36X IDE Setup] C:WINDOWSRaidToolxInsIDE.exe
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM..Run: [CTHelper] CTHELPER.EXE
O4 - HKLM..Run: [BootSkin Startup Jobs] "Crogram FilesStardockWinCustomizeBootSkinBootSkin.exe" /StartupJobs
O4 - HKLM..Run: [36X Raid Configurer] "C:WINDOWSsystem32xRaidSetup.exe" boot
O4 - HKLM..Run: [GrooveMonitor] "Crogram FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [AVP] "Crogram FilesKaspersky LabKaspersky Internet Security 7.0avp.exe"
O4 - HKCU..Run: [NVIDIA nTune] "Crogram FilesNVIDIA CorporationnTunenTuneCmd.exe" clear
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [kdx] Crogram FilesKontikiKHost.exe -all
O4 - HKCU..Run: [SpybotSD TeaTimer] Crogram FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All with FlashGet - Crogram FilesFlashGetjc_all.htm
O8 - Extra context menu item: &Download with FlashGet - Crogram FilesFlashGetjc_link.htm

O8 - Extra context menu item: Add to Anti-Banner - Crogram FilesKaspersky LabKaspersky Internet Security 7.0ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://CROGRA~1MICROS~2Office12EXCEL.EXE/3000

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - Crogram FilesKaspersky LabKaspersky Internet Security 7.0SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - CROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - CROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - Crogram FilesFlashGetFlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - Crogram FilesFlashGetFlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CROGRA~1SPYBOT~1SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CROGRA~1SPYBOT~1SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1197079129062
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5033/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - CROGRA~1MICROS~2Office12GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O20 - AppInit_DLLs: wbsys.dll,CROGRA~1KASPER~1KASPER~1.0adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - Crogram FilesKaspersky LabKaspersky Internet Security 7.0avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - Crogram FilesiPodbiniPodService.exe
O23 - Service: KService - Kontiki Inc. - Crogram FilesKontikiKService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - Crogram FilesNVIDIA CorporationnTunenTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - Crogram FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 - Service: Tomb Raider Advanced Installer Multiprocessor Helper (TraiHelper) - RatkovicDesign - C:TOMBRAIDTRAISVCS.EXE

--
End of file - 7828 bytes



UPDATE: I have found an issue with my computer. When i go to turn Automatic Updates on, it reports it as off. I am guessing this was left over by the malware, does anyone have any ideas on how to fix this?


Anything in bold, I personally, would delete. I like to keep it nice and tidy.
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
post #19 of 23
Thread Starter 
Quote:
Originally Posted by GH0 View Post
Anything in bold, I personally, would delete. I like to keep it nice and tidy.
Thanks for the input. I'll get right on it.

I don't suppose you can explain my automatic updates problem too could you?
post #20 of 23
A real man would use my guide. For both your problems, I also have an automatic updates fix.
Calypso
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Q6600 @ 3.6 Ghz Gigabyte EP45-UD3P XFX 9600 GT 6 Gigabytes Mixed Ballstix,Tracers 1:1 400MHZ 
Hard DriveOSMonitorKeyboard
2x Seagate 320, 1x 400 WD in Raid 0 Windows Vista Ultimate x86 ASUS MK241h 24" Microsoft Multimeda 
PowerCaseMouseMouse Pad
Rosewill 600W Xclio Windtunnel Microsoft Multimedia OSCS 
  hide details  
Reply
Calypso
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Q6600 @ 3.6 Ghz Gigabyte EP45-UD3P XFX 9600 GT 6 Gigabytes Mixed Ballstix,Tracers 1:1 400MHZ 
Hard DriveOSMonitorKeyboard
2x Seagate 320, 1x 400 WD in Raid 0 Windows Vista Ultimate x86 ASUS MK241h 24" Microsoft Multimeda 
PowerCaseMouseMouse Pad
Rosewill 600W Xclio Windtunnel Microsoft Multimedia OSCS 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Need help with virii/malware on my PC