I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Solved I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 31st December 2008, 6:36 am

I tried erasing it with mcafee and it would make it so that mcafee wouldnt work so i erased it and switched back to norton AV and atleast that is running but it wont detect it, i went to xtube and said the folowing. please help!!!


Your computer (IP: XXXXXX) generates an attacking DOS requests at our servers caused by the spyware/virus named 'Troj/Rustok-N'

We cannot provide you with an access to our content for browsing purposes as it will lead to the inevitable crush of our website.

We strongly recommend you to run your antivirus edition and, if necessary, check it for the latest updates available.

You may also download recommended software, which has been approved by a number of our surfers who encountered the same problem and used this software to overcome it.

We apologize for the inconvenience, and hope we'll see you again on [You must be registered and logged in to see this link.]

Find more comments on the software at: aumhaphpbb.com


Last edited by AARG12 on 2nd January 2009, 3:48 am; edited 1 time in total

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 31st December 2008, 6:39 am

heres my log file from highjack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:18 PM, on 12/30/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Angel\Downloads\hijackgpthis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - [You must be registered and logged in to see this link.]
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7760 bytes

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 31st December 2008, 2:25 pm

Hello.


Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 2nd January 2009, 12:38 am

HERES the results from malware bytes it detected 4 trojans and supposed erased it but i still cant update?

Malwarebytes' Anti-Malware 1.31
Database version: 1580
Windows 6.0.6000

1/1/2009 4:19:17 PM
mbam-log-2009-01-01 (16-19-17).txt

Scan type: Quick Scan
Objects scanned: 48107
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 2nd January 2009, 12:41 am

Hello.
Lets see what's happening here.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Click No for Optional Scan.
  • Save the report to your Desktop.
  • Copy and paste the report back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 2nd January 2009, 3:09 am

ok two logs came out? heres the first one and ill post the second one on a different reply.


DDS (Version 1.1.0) - NTFSx86
Run by Angel at 19:07:22.77 on Thu 01/01/2009
Internet Explorer: 7.0.6000.16473 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1210 [GMT -8:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Angel\Downloads\dds(2).com

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
mCustomizeSearch = [You must be registered and logged in to see this link.]
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [VAIO Center Access Bar] "c:\program files\sony\vaio center access bar\VCAB.exe" 1
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\angel\appdata\roaming\mozilla\firefox\profiles\rafdrutm.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\symantec\defini~1\symcdata\idsdefs\20081214.001\IDSvix86.sys [2008-12-15 270384]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-12-15 99376]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-8-1 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-8-1 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-8-1 31104]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\SYMNDISV.SYS [2007-1-9 38200]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-8-1 812544]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe" [2007-8-1 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe" [2007-8-1 79736]

=============== Created Last 30 ================

2008-12-30 21:45 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-30 21:45 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 21:45 --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 15:31 --d----- C:\scscc20
2008-12-26 16:19 a-d----- c:\programdata\TEMP
2008-12-23 00:53 --d----- c:\programdata\Spybot - Search & Destroy
2008-12-23 00:53 --d----- c:\program files\Spybot - Search & Destroy
2008-12-23 00:53 --d----- c:\progra~2\Spybot - Search & Destroy
2008-12-22 23:40 --d----- c:\program files\CCleaner
2008-12-22 23:39 --d----- c:\users\angel\appdata\roaming\Malwarebytes
2008-12-22 23:38 --d----- c:\programdata\Malwarebytes
2008-12-22 23:38 --d----- c:\progra~2\Malwarebytes
2008-12-22 23:19 --d----- c:\windows\Intuit
2008-12-22 22:31 --d----- c:\program files\Trend Micro
2008-12-15 22:03 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-15 21:29 --d----- c:\users\angel\appdata\roaming\Symantec
2008-12-15 21:13 23,888 a------- c:\windows\system32\drivers\COH_Mon.sys
2008-12-15 21:13 10,537 a------- c:\windows\system32\drivers\COH_Mon.cat
2008-12-15 21:13 706 a------- c:\windows\system32\drivers\COH_Mon.inf
2008-12-15 20:45 186,256 a------- c:\windows\system32\SymNPPWA.dll
2008-12-15 20:44 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-15 20:44 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-15 20:44 --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-15 20:44 --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-15 20:28 16 a------- c:\windows\system32\coh.cache
2008-12-14 22:28 --d----- c:\users\Angel
2008-12-14 22:24 --dsh--- c:\programdata\Documents
2008-12-14 22:24 --dsh--- C:\Documents and Settings
2008-12-14 21:18 40 a---h--- c:\windows\system32\ivireg.ivr
2008-12-14 21:06 --d----- c:\program files\Norton 360
2008-12-14 21:06 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-14 21:06 10,671 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-14 21:06 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-14 21:05 --d----- c:\programdata\Symantec
2008-12-14 21:05 --d----- c:\program files\Symantec
2008-12-14 21:05 --d----- c:\progra~2\Symantec
2008-12-14 21:05 --d----- c:\program files\common files\Symantec Shared
2008-12-14 20:55 --d----- c:\program files\common files\InterVideo
2008-12-14 20:55 --d----- c:\program files\InterVideo
2008-12-14 20:50 132,608 a------- c:\windows\system32\drivers\usbvideo.sys
2008-12-14 20:47 0 a---hr-- c:\windows\system32\drivers\Sony_VGN-FZ240E.mrk
2008-12-14 20:46 --d----- c:\programdata\Corel
2008-12-14 20:46 --d----- c:\progra~2\Corel
2008-12-14 20:45 --d----- c:\program files\Corel
2008-12-14 20:45 --d----- c:\program files\common files\Corel
2008-12-14 20:45 1,132,112 a------- c:\programdata\pswi_preloaded.exe
2008-12-14 20:45 1,132,112 a------- c:\progra~2\pswi_preloaded.exe
2008-12-14 20:44 --d----- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-12-14 20:44 --d----- c:\progra~2\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-12-14 20:44 --d----- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2008-12-14 20:43 32,592 a------- c:\windows\system32\msonpmon.dll
2008-12-14 20:43 --d----- c:\windows\PCHEALTH
2008-12-14 20:41 --d----- c:\programdata\Microsoft Help
2008-12-14 20:37 17 a---h--- C:\initrd.pam
2008-12-14 20:37 --d-h--- C:\InstantON
2008-12-14 20:37 67 ----h--- C:\kernel.pam
2008-12-14 20:32 --d----- c:\program files\common files\supportsoft
2008-12-14 20:32 1,933,312 a------- c:\windows\system32\cdintf251.dll
2008-12-14 20:30 --d----- c:\programdata\Intuit
2008-12-14 20:30 --d----- c:\program files\Intuit
2008-12-14 20:30 --d----- c:\program files\common files\Intuit
2008-12-14 20:30 --d----- c:\progra~2\Intuit
2008-12-14 20:30 --d----- c:\programdata\COMMON FILES
2008-12-14 20:30 --d----- c:\progra~2\COMMON FILES
2008-12-14 20:29 --d----- c:\windows\system32\URTTEMP
2008-12-14 20:27 --d----- c:\program files\common files\AOL
2008-12-14 20:27 347 a---h--- C:\IPH.PH
2008-12-14 20:27 --d----- c:\program files\Online Services
2008-12-14 20:26 985,600 a------- c:\windows\system32\drivers\HSX_DPV.sys
2008-12-14 20:26 659,968 a------- c:\windows\system32\drivers\HSX_CNXT.sys
2008-12-14 20:26 386,560 a------- c:\windows\system32\drivers\XAudio.exe
2008-12-14 20:26 207,360 a------- c:\windows\system32\drivers\HSXHWAZL.sys
2008-12-14 20:26 140,914 a------- c:\windows\system32\drivers\SnyHDAN.cty
2008-12-14 20:26 94,208 a------- c:\windows\system32\mdmxsdk.dll
2008-12-14 20:26 12,672 a------- c:\windows\system32\drivers\mdmxsdk.sys
2008-12-14 20:26 8,192 a------- c:\windows\system32\drivers\XAudio.sys

==================== Find3M ====================

2008-12-14 21:16 86,016 a------- c:\windows\inf\infstrng.dat
2008-12-14 21:16 51,200 a------- c:\windows\inf\infpub.dat
2008-12-14 21:16 665,600 a------- c:\windows\inf\drvindex.dat
2008-12-14 21:16 86,016 a------- c:\windows\inf\infstor.dat
2006-11-02 04:50 174 a--sh--- c:\program files\desktop.ini
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-08-01 18:57 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 19:08:01.24 ===============

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 2nd January 2009, 3:11 am

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/14/2008 8:17:24 PM
System Uptime: 1/1/2009 7:03:50 PM (0 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | N/A | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 227 GiB total, 211.913 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.0
Alps Pointing-device for VAIO
AppCore
ArcSoft Magic-i Visual Effects Installer
AV
ccCommon
CCleaner (remove only)
Click to DVD 2.0.05 Menu Data
Click to DVD 2.6.00
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro Photo XI
Corel Snapfire
GearDrvs
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Instant Mode
Java(TM) 6 Update 11
Java(TM) SE Runtime Environment 6
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Napster
Napster Burn Engine
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00
QuickBooks Product Listing Service
Setting Utility Series
SigmaTel Audio
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Video Shared Library
SPBBC 32bit
SupportSoft Assisted Service
SuppSoft
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
VAIO Azure Float Wallpaper
VAIO Camera Capture Utility
VAIO Center Access Bar
VAIO Content Folder Setting
VAIO Content Importer VAIO Content Exporter
VAIO Content Importer / VAIO Content Exporter
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Entertainment Center
VAIO Entertainment Platform
VAIO Event Service
VAIO Floral Dusk Wallpaper
VAIO Help And Support
VAIO Launcher
VAIO OOBE
VAIO Original Function Setting
VAIO PC Wireless LAN Wizard
VAIO Power Management
VAIO Productivity Center
VAIO Security Center
VAIO Service Utility
VAIO Teal Whisper Wallpaper
VAIO Update 3
Windows Media Player Firefox Plugin
WinDVD for VAIO
Wireless Switch Setting Utility

==== Event Viewer Messages From Past Week ========

12/26/2008 6:29:48 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.0.0.2 for the Network Card with network address 0013E8ACCAC1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/27/2008 10:48:54 AM, Error: Tcpip [4198] - The system detected an address conflict for IP address 10.0.0.3 with the system having network hardware address 00-18-F3-9B-DA-6C. The local interface has been disabled.
12/27/2008 10:48:58 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.0.0.3 for the Network Card with network address 0013E8ACCAC1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/27/2008 11:16:43 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Symantec Core LC service.
12/28/2008 2:22:30 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
12/28/2008 6:58:06 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.0.0.5 for the Network Card with network address 0013E8ACCAC1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/30/2008 10:30:24 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013E8ACCAC1. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
12/30/2008 10:31:18 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 2nd January 2009, 2:20 pm

Hello.
Looks okay, what problems remain?

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 2nd January 2009, 11:35 pm

i still cant update windows firewall, or download anything from the microsoft site...i re ran the malware bytes and it still had the trojans on there it didnt erase it...im confused because when i ran it first it said in order to fix it i had to restart but i have done it a couple times now and it does the same thing and the problem persistss..

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 2nd January 2009, 11:39 pm

Okay, lets run a rootkit scan.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box blank.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 2nd January 2009, 11:52 pm

is this it?


Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 3rd January 2009, 12:10 am

Yep.
No rootkit here, so we need to find another reason for this.

1. Download this file - [You must be registered and logged in to see this link.]
2. Double click combofix.exe & follow the prompts, but select NO when asked to install the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 4th January 2009, 3:59 am

sorry it took so long to reply!!! but heres is the log:

ComboFix 09-01-02.01 - Angel 2009-01-03 19:49:22.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1081 [GMT -8:00]
Running from: c:\users\Angel\Downloads\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: Norton 360 *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-02 16:30 . 2009-01-02 16:31 269,830,432 --a------ c:\windows\MEMORY.DMP
2009-01-01 21:15 . 2009-01-01 21:16 d-------- c:\program files\KeyScrambler
2009-01-01 21:15 . 2008-03-22 13:37 113,896 --a------ c:\windows\System32\drivers\keyscrambler.sys
2009-01-01 19:56 . 2009-01-01 19:56 d-------- c:\users\Angel\AppData\Roaming\InstallShield
2009-01-01 19:50 . 2009-01-01 20:04 d-------- C:\Update
2008-12-30 21:45 . 2008-12-30 21:45 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 21:45 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-30 21:45 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-28 15:31 . 2008-12-28 15:31 d-------- C:\scscc20
2008-12-26 16:19 . 2008-12-26 16:22 d-a------ c:\users\All Users\TEMP
2008-12-26 16:19 . 2008-12-26 16:22 d-a------ c:\programdata\TEMP
2008-12-23 00:53 . 2009-01-02 15:58 d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-23 00:53 . 2009-01-02 15:58 d-------- c:\programdata\Spybot - Search & Destroy
2008-12-23 00:53 . 2009-01-01 21:26 d-------- c:\program files\Spybot - Search & Destroy
2008-12-22 23:40 . 2008-12-22 23:40 d-------- c:\program files\CCleaner
2008-12-22 23:39 . 2008-12-22 23:39 d-------- c:\users\Angel\AppData\Roaming\Malwarebytes
2008-12-22 23:38 . 2008-12-22 23:38 d-------- c:\users\All Users\Malwarebytes
2008-12-22 23:38 . 2008-12-22 23:38 d-------- c:\programdata\Malwarebytes
2008-12-22 23:19 . 2008-12-22 23:19 d-------- c:\windows\Intuit
2008-12-22 22:31 . 2008-12-22 22:31 d-------- c:\program files\Trend Micro
2008-12-15 22:03 . 2008-12-15 22:03 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-15 21:29 . 2008-12-15 21:29 d-------- c:\users\Angel\AppData\Roaming\Symantec
2008-12-15 21:13 . 2008-07-30 17:42 23,888 --a------ c:\windows\System32\drivers\COH_Mon.sys
2008-12-15 21:13 . 2008-07-30 17:28 10,537 --a------ c:\windows\System32\drivers\COH_Mon.cat
2008-12-15 21:13 . 2008-07-30 17:28 706 --a------ c:\windows\System32\drivers\COH_Mon.inf
2008-12-15 21:11 . 2008-12-15 21:19 d-------- c:\users\Angel\AppData\Roaming\Corel
2008-12-15 20:45 . 2007-07-17 12:21 186,256 --a------ c:\windows\System32\SymNPPWA.dll
2008-12-15 20:44 . 2008-12-15 20:44 d----c--- c:\windows\System32\DRVSTORE
2008-12-15 20:44 . 2008-12-15 20:44 d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-15 20:44 . 2008-12-15 20:44 d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-15 20:44 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-12-15 20:44 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-12-15 20:28 . 2008-12-15 20:28 16 --a------ c:\windows\System32\coh.cache
2008-12-14 22:31 . 2008-12-14 22:31 dr------- c:\users\Angel\Searches
2008-12-14 22:31 . 2008-12-14 22:31 dr------- c:\users\Angel\Contacts
2008-12-14 22:28 . 2008-12-14 22:31 dr------- c:\users\Angel\Videos
2008-12-14 22:28 . 2008-12-14 22:31 dr------- c:\users\Angel\Saved Games
2008-12-14 22:28 . 2008-12-14 22:31 dr------- c:\users\Angel\Pictures
2008-12-14 22:28 . 2008-12-14 22:31 dr------- c:\users\Angel\Music
2008-12-14 22:28 . 2008-12-14 22:31 dr------- c:\users\Angel\Links
2008-12-14 22:28 . 2009-01-03 19:47 dr------- c:\users\Angel\Downloads
2008-12-14 22:28 . 2009-01-01 16:19 dr------- c:\users\Angel\Documents
2008-12-14 22:28 . 2008-12-15 20:38 d-------- c:\users\Angel\AppData\Roaming\Sony Corporation
2008-12-14 22:28 . 2006-11-02 04:37 d-------- c:\users\Angel\AppData\Roaming\Media Center Programs
2008-12-14 22:28 . 2008-12-14 22:31 d--h----- c:\users\Angel\AppData
2008-12-14 22:28 . 2008-12-14 22:31 d-------- c:\users\Angel
2008-12-14 22:24 . 2008-12-14 22:24 dr------- c:\windows\System32\config\systemprofile\Contacts
2008-12-14 21:18 . 2008-12-14 21:18 40 --ah----- c:\windows\System32\ivireg.ivr
2008-12-14 21:06 . 2008-12-23 13:58 d-------- c:\program files\Norton 360
2008-12-14 21:06 . 2008-12-15 20:44 123,952 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2008-12-14 21:06 . 2008-12-15 20:44 10,671 --a------ c:\windows\System32\drivers\SYMEVENT.CAT
2008-12-14 21:06 . 2008-12-15 20:44 805 --a------ c:\windows\System32\drivers\SYMEVENT.INF
2008-12-14 21:05 . 2009-01-01 20:27 d-------- c:\users\All Users\Symantec
2008-12-14 21:05 . 2009-01-01 20:27 d-------- c:\programdata\Symantec
2008-12-14 21:05 . 2008-12-15 20:44 d-------- c:\program files\Symantec
2008-12-14 21:05 . 2008-12-15 20:43 d-------- c:\program files\Common Files\Symantec Shared
2008-12-14 20:55 . 2008-12-14 20:55 d-------- c:\program files\InterVideo
2008-12-14 20:55 . 2008-12-14 20:55 d-------- c:\program files\Common Files\InterVideo
2008-12-14 20:50 . 2008-12-14 20:50 132,608 --a------ c:\windows\System32\drivers\usbvideo.sys
2008-12-14 20:47 . 2008-12-14 21:19 0 -rah----- c:\windows\System32\drivers\Sony_VGN-FZ240E.mrk
2008-12-14 20:46 . 2008-12-14 20:46 d-------- c:\users\All Users\Corel
2008-12-14 20:46 . 2008-12-14 20:46 d-------- c:\programdata\Corel
2008-12-14 20:45 . 2008-12-14 20:46 d-------- c:\program files\Corel
2008-12-14 20:45 . 2008-12-14 20:45 d-------- c:\program files\Common Files\Corel
2008-12-14 20:45 . 2008-12-14 20:46 1,132,112 --a------ c:\users\All Users\pswi_preloaded.exe
2008-12-14 20:45 . 2008-12-14 20:46 1,132,112 --a------ c:\programdata\pswi_preloaded.exe
2008-12-14 20:44 . 2008-12-14 20:44 d-------- c:\users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-12-14 20:44 . 2008-12-14 20:44 d-------- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-12-14 20:44 . 2008-12-14 20:44 d-------- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2008-12-14 20:43 . 2008-12-14 20:43 d-------- c:\windows\PCHEALTH
2008-12-14 20:43 . 2008-12-14 20:43 d-------- c:\program files\Microsoft.NET
2008-12-14 20:43 . 2006-10-26 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll
2008-12-14 20:41 . 2008-12-14 20:44 d-------- c:\users\All Users\Microsoft Help
2008-12-14 20:41 . 2008-12-14 20:44 d-------- c:\programdata\Microsoft Help
2008-12-14 20:41 . 2008-12-14 20:41 dr-h----- C:\MSOCache
2008-12-14 20:38 . 2008-12-14 20:38 d-------- c:\program files\ArcSoft
2008-12-14 20:37 . 2008-12-14 20:37 d--h----- C:\InstantON
2008-12-14 20:37 . 2006-12-08 11:35 67 ---h----- C:\kernel.pam
2008-12-14 20:37 . 2005-01-03 06:37 17 --ah----- C:\initrd.pam
2008-12-14 20:32 . 2008-12-14 20:32 d-------- c:\program files\Common Files\supportsoft
2008-12-14 20:32 . 2006-04-12 10:11 1,933,312 --a------ c:\windows\System32\cdintf251.dll
2008-12-14 20:30 . 2008-12-22 23:18 d-------- c:\users\All Users\Intuit
2008-12-14 20:30 . 2008-12-14 20:30 d-------- c:\users\All Users\COMMON FILES
2008-12-14 20:30 . 2008-12-22 23:18 d-------- c:\programdata\Intuit
2008-12-14 20:30 . 2008-12-14 20:30 d-------- c:\programdata\COMMON FILES
2008-12-14 20:30 . 2008-12-14 20:32 d-------- c:\program files\Intuit
2008-12-14 20:30 . 2008-12-22 23:18 d-------- c:\program files\Common Files\Intuit
2008-12-14 20:29 . 2008-12-14 20:29 d-------- c:\windows\System32\URTTEMP
2008-12-14 20:27 . 2008-12-30 22:49 d-------- c:\program files\Common Files\AOL
2008-12-14 20:27 . 2008-12-14 20:27 347 --ah----- C:\IPH.PH
2008-12-14 20:26 . 2007-08-01 09:54 985,600 --a------ c:\windows\System32\drivers\HSX_DPV.sys
2008-12-14 20:26 . 2007-08-01 09:54 659,968 --a------ c:\windows\System32\drivers\HSX_CNXT.sys
2008-12-14 20:26 . 2007-08-01 09:54 386,560 --a------ c:\windows\System32\drivers\XAudio.exe
2008-12-14 20:26 . 2007-08-01 09:54 207,360 --a------ c:\windows\System32\drivers\HSXHWAZL.sys
2008-12-14 20:26 . 2007-08-01 09:54 140,914 --a------ c:\windows\System32\drivers\SnyHDAN.cty
2008-12-14 20:26 . 2007-08-01 09:54 94,208 --a------ c:\windows\System32\mdmxsdk.dll
2008-12-14 20:26 . 2007-08-01 09:54 12,672 --a------ c:\windows\System32\drivers\mdmxsdk.sys
2008-12-14 20:26 . 2007-08-01 09:54 8,192 --a------ c:\windows\System32\drivers\XAudio.sys
2008-12-14 20:22 . 2008-12-14 20:24 d-------- c:\program files\Microsoft Works

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 03:58 --------- d-----w c:\program files\Common Files\Sony Shared
2009-01-02 03:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 03:57 --------- d-----w c:\program files\Sony
2009-01-02 03:56 --------- d-----w c:\programdata\Sony Corporation
2008-12-23 06:53 --------- d-----w c:\program files\Apoint
2008-12-16 06:03 --------- d-----w c:\program files\Java
2008-12-15 06:24 --------- d-sh--w c:\programdata\Templates
2008-12-15 06:24 --------- d-sh--w c:\programdata\Start Menu
2008-12-15 06:24 --------- d-sh--w c:\programdata\Favorites
2008-12-15 06:24 --------- d-sh--w c:\programdata\Documents
2008-12-15 06:24 --------- d-sh--w c:\programdata\Desktop
2008-12-15 06:24 --------- d-sh--w c:\programdata\Application Data
2008-12-15 04:38 --------- d-----w c:\program files\Common Files\InstallShield
2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 53248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 4th January 2009, 3:59 am

heres the second part:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 18:26 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1980A3A3-72DB-4E3F-9F05-2191AA5DB79A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0816D0DF-B54B-4F22-AD54-EF92FB51704A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20081214.001\IDSvix86.sys [2008-12-15 270384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-15 99376]
R3 KeyScrambler;KeyScrambler;c:\windows\System32\drivers\keyscrambler.sys [2009-01-01 113896]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2007-08-01 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2007-08-01 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [2007-08-01 31104]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2007-01-09 38200]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-08-01 812544]
R4 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-01 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-08-01 79736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - COMHOST
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
[You must be registered and logged in to see this link.]
c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
FF - ProfilePath - c:\users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\rafdrutm.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\rafdrutm.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-01-03 19:53:25
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-03 19:55:09
ComboFix-quarantined-files.txt 2009-01-04 03:55:05

Pre-Run: 223,640,723,456 bytes free
Post-Run: 223,618,834,432 bytes free

214

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 4th January 2009, 2:20 pm

I see Spybots TeaTimer, did you try disabling that then try it?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 5th January 2009, 2:05 am

how do i disable tea timer? and thanks so much for the help so far

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 5th January 2009, 2:10 am

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 5th January 2009, 2:34 am

TT DISABLED log #2:


ComboFix 09-01-02.01 - Angel 2009-01-04 18:13:55.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1275 [GMT -8:00]
Running from: c:\users\Angel\Downloads\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: Norton 360 *enabled*
.

((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.

2009-01-02 16:30 . 2009-01-02 16:31 269,830,432 --a------ c:\windows\MEMORY.DMP
2009-01-01 21:15 . 2009-01-01 21:16 d-------- c:\program files\KeyScrambler
2009-01-01 21:15 . 2008-03-22 13:37 113,896 --a------ c:\windows\System32\drivers\keyscrambler.sys
2009-01-01 19:56 . 2009-01-01 19:56 d-------- c:\users\Angel\AppData\Roaming\InstallShield
2009-01-01 19:50 . 2009-01-01 20:04 d-------- C:\Update
2008-12-30 21:45 . 2008-12-30 21:45 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 21:45 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-30 21:45 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-28 15:31 . 2008-12-28 15:31 d-------- C:\scscc20
2008-12-26 16:19 . 2008-12-26 16:22 d-a------ c:\users\All Users\TEMP
2008-12-26 16:19 . 2008-12-26 16:22 d-a------ c:\programdata\TEMP
2008-12-23 00:53 . 2009-01-04 14:30 d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-23 00:53 . 2009-01-04 14:30 d-------- c:\programdata\Spybot - Search & Destroy
2008-12-23 00:53 . 2009-01-01 21:26 d-------- c:\program files\Spybot - Search & Destroy
2008-12-22 23:40 . 2008-12-22 23:40 d-------- c:\program files\CCleaner
2008-12-22 23:39 . 2008-12-22 23:39 d-------- c:\users\Angel\AppData\Roaming\Malwarebytes
2008-12-22 23:38 . 2008-12-22 23:38 d-------- c:\users\All Users\Malwarebytes
2008-12-22 23:38 . 2008-12-22 23:38 d-------- c:\programdata\Malwarebytes
2008-12-22 23:19 . 2008-12-22 23:19 d-------- c:\windows\Intuit
2008-12-22 22:31 . 2008-12-22 22:31 d-------- c:\program files\Trend Micro
2008-12-15 22:03 . 2008-12-15 22:03 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-15 21:29 . 2008-12-15 21:29 d-------- c:\users\Angel\AppData\Roaming\Symantec
2008-12-15 21:13 . 2008-07-30 17:42 23,888 --a------ c:\windows\System32\drivers\COH_Mon.sys
2008-12-15 21:13 . 2008-07-30 17:28 10,537 --a------ c:\windows\System32\drivers\COH_Mon.cat
2008-12-15 21:13 . 2008-07-30 17:28 706 --a------ c:\windows\System32\drivers\COH_Mon.inf
2008-12-15 21:11 . 2008-12-15 21:19 d-------- c:\users\Angel\AppData\Roaming\Corel
2008-12-15 20:45 . 2007-07-17 12:21 186,256 --a------ c:\windows\System32\SymNPPWA.dll
2008-12-15 20:44 . 2008-12-15 20:44 d----c--- c:\windows\System32\DRVSTORE
2008-12-15 20:44 . 2008-12-15 20:44 d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-15 20:44 . 2008-12-15 20:44 d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-15 20:44 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-12-15 20:44 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-12-15 20:28 . 2008-12-15 20:28 16 --a------ c:\windows\System32\coh.cache
2008-12-14 22:31 . 2008-12-14 22:31 dr------- c:\users\Angel\Searches
2008-12-14 22:31 . 2008-12-14 22:31 dr------- c:\users\Angel\Contacts
2008-12-14 22:28 . 2008-12-14 22:31 dr------- c:\users\Angel\Videos
2008-12-14 22:28 . 2008-12-14 22:31 dr------- c:\users\Angel\Saved Games
2008-12-14 22:28 . 2008-12-14 22:31 dr------- c:\users\Angel\Pictures
2008-12-14 22:28 . 2008-12-14 22:31 dr------- c:\users\Angel\Music
2008-12-14 22:28 . 2008-12-14 22:31 dr------- c:\users\Angel\Links
2008-12-14 22:28 . 2009-01-04 18:11 dr------- c:\users\Angel\Downloads
2008-12-14 22:28 . 2009-01-01 16:19 dr------- c:\users\Angel\Documents
2008-12-14 22:28 . 2008-12-15 20:38 d-------- c:\users\Angel\AppData\Roaming\Sony Corporation
2008-12-14 22:28 . 2006-11-02 04:37 d-------- c:\users\Angel\AppData\Roaming\Media Center Programs
2008-12-14 22:28 . 2008-12-14 22:31 d--h----- c:\users\Angel\AppData
2008-12-14 22:28 . 2008-12-14 22:31 d-------- c:\users\Angel
2008-12-14 22:24 . 2008-12-14 22:24 dr------- c:\windows\System32\config\systemprofile\Contacts
2008-12-14 21:18 . 2008-12-14 21:18 40 --ah----- c:\windows\System32\ivireg.ivr
2008-12-14 21:06 . 2008-12-23 13:58 d-------- c:\program files\Norton 360
2008-12-14 21:06 . 2008-12-15 20:44 123,952 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2008-12-14 21:06 . 2008-12-15 20:44 10,671 --a------ c:\windows\System32\drivers\SYMEVENT.CAT
2008-12-14 21:06 . 2008-12-15 20:44 805 --a------ c:\windows\System32\drivers\SYMEVENT.INF
2008-12-14 21:05 . 2009-01-01 20:27 d-------- c:\users\All Users\Symantec
2008-12-14 21:05 . 2009-01-01 20:27 d-------- c:\programdata\Symantec
2008-12-14 21:05 . 2008-12-15 20:44 d-------- c:\program files\Symantec
2008-12-14 21:05 . 2008-12-15 20:43 d-------- c:\program files\Common Files\Symantec Shared
2008-12-14 20:55 . 2008-12-14 20:55 d-------- c:\program files\InterVideo
2008-12-14 20:55 . 2008-12-14 20:55 d-------- c:\program files\Common Files\InterVideo
2008-12-14 20:50 . 2008-12-14 20:50 132,608 --a------ c:\windows\System32\drivers\usbvideo.sys
2008-12-14 20:47 . 2008-12-14 21:19 0 -rah----- c:\windows\System32\drivers\Sony_VGN-FZ240E.mrk
2008-12-14 20:46 . 2008-12-14 20:46 d-------- c:\users\All Users\Corel
2008-12-14 20:46 . 2008-12-14 20:46 d-------- c:\programdata\Corel
2008-12-14 20:45 . 2008-12-14 20:46 d-------- c:\program files\Corel
2008-12-14 20:45 . 2008-12-14 20:45 d-------- c:\program files\Common Files\Corel
2008-12-14 20:45 . 2008-12-14 20:46 1,132,112 --a------ c:\users\All Users\pswi_preloaded.exe
2008-12-14 20:45 . 2008-12-14 20:46 1,132,112 --a------ c:\programdata\pswi_preloaded.exe
2008-12-14 20:44 . 2008-12-14 20:44 d-------- c:\users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-12-14 20:44 . 2008-12-14 20:44 d-------- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-12-14 20:44 . 2008-12-14 20:44 d-------- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2008-12-14 20:43 . 2008-12-14 20:43 d-------- c:\windows\PCHEALTH
2008-12-14 20:43 . 2008-12-14 20:43 d-------- c:\program files\Microsoft.NET
2008-12-14 20:43 . 2006-10-26 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll
2008-12-14 20:41 . 2008-12-14 20:44 d-------- c:\users\All Users\Microsoft Help
2008-12-14 20:41 . 2008-12-14 20:44 d-------- c:\programdata\Microsoft Help
2008-12-14 20:41 . 2008-12-14 20:41 dr-h----- C:\MSOCache
2008-12-14 20:38 . 2008-12-14 20:38 d-------- c:\program files\ArcSoft
2008-12-14 20:37 . 2008-12-14 20:37 d--h----- C:\InstantON
2008-12-14 20:37 . 2006-12-08 11:35 67 ---h----- C:\kernel.pam
2008-12-14 20:37 . 2005-01-03 06:37 17 --ah----- C:\initrd.pam
2008-12-14 20:32 . 2008-12-14 20:32 d-------- c:\program files\Common Files\supportsoft
2008-12-14 20:32 . 2006-04-12 10:11 1,933,312 --a------ c:\windows\System32\cdintf251.dll
2008-12-14 20:30 . 2008-12-22 23:18 d-------- c:\users\All Users\Intuit
2008-12-14 20:30 . 2008-12-14 20:30 d-------- c:\users\All Users\COMMON FILES
2008-12-14 20:30 . 2008-12-22 23:18 d-------- c:\programdata\Intuit
2008-12-14 20:30 . 2008-12-14 20:30 d-------- c:\programdata\COMMON FILES
2008-12-14 20:30 . 2008-12-14 20:32 d-------- c:\program files\Intuit
2008-12-14 20:30 . 2008-12-22 23:18 d-------- c:\program files\Common Files\Intuit
2008-12-14 20:29 . 2008-12-14 20:29 d-------- c:\windows\System32\URTTEMP
2008-12-14 20:27 . 2008-12-30 22:49 d-------- c:\program files\Common Files\AOL
2008-12-14 20:27 . 2008-12-14 20:27 347 --ah----- C:\IPH.PH
2008-12-14 20:26 . 2007-08-01 09:54 985,600 --a------ c:\windows\System32\drivers\HSX_DPV.sys
2008-12-14 20:26 . 2007-08-01 09:54 659,968 --a------ c:\windows\System32\drivers\HSX_CNXT.sys
2008-12-14 20:26 . 2007-08-01 09:54 386,560 --a------ c:\windows\System32\drivers\XAudio.exe
2008-12-14 20:26 . 2007-08-01 09:54 207,360 --a------ c:\windows\System32\drivers\HSXHWAZL.sys
2008-12-14 20:26 . 2007-08-01 09:54 140,914 --a------ c:\windows\System32\drivers\SnyHDAN.cty
2008-12-14 20:26 . 2007-08-01 09:54 94,208 --a------ c:\windows\System32\mdmxsdk.dll
2008-12-14 20:26 . 2007-08-01 09:54 12,672 --a------ c:\windows\System32\drivers\mdmxsdk.sys
2008-12-14 20:26 . 2007-08-01 09:54 8,192 --a------ c:\windows\System32\drivers\XAudio.sys
2008-12-14 20:22 . 2008-12-14 20:24 d-------- c:\program files\Microsoft Works

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 5th January 2009, 2:34 am

SECOND PART:

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 03:58 --------- d-----w c:\program files\Common Files\Sony Shared
2009-01-02 03:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 03:57 --------- d-----w c:\program files\Sony
2009-01-02 03:56 --------- d-----w c:\programdata\Sony Corporation
2008-12-23 06:53 --------- d-----w c:\program files\Apoint
2008-12-16 06:03 --------- d-----w c:\program files\Java
2008-12-15 06:24 --------- d-sh--w c:\programdata\Templates
2008-12-15 06:24 --------- d-sh--w c:\programdata\Start Menu
2008-12-15 06:24 --------- d-sh--w c:\programdata\Favorites
2008-12-15 06:24 --------- d-sh--w c:\programdata\Documents
2008-12-15 06:24 --------- d-sh--w c:\programdata\Desktop
2008-12-15 06:24 --------- d-sh--w c:\programdata\Application Data
2008-12-15 04:38 --------- d-----w c:\program files\Common Files\InstallShield
2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-03 00:30:43 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-05 02:08:40 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-03 00:30:43 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-05 02:08:40 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-04 03:53:26 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-05 02:10:25 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-01-04 03:53:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-05 02:10:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-01-04 03:44:36 32,768 --sha-w
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-05 02:10:23 32,768 --sha-w
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-04 03:44:36 147,456 --sha-w
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\index.dat
+ 2009-01-05 02:10:23 147,456 --sha-w
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\index.dat
- 2009-01-04 03:44:36 32,768 --sha-w
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-05 02:10:23 32,768 --sha-w
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-03 00:39:14 107,714 ----a-w c:\windows\System32\perfc009.dat
+ 2009-01-05 00:11:13 107,714 ----a-w c:\windows\System32\perfc009.dat
- 2009-01-03 00:39:15 626,976 ----a-w c:\windows\System32\perfh009.dat
+ 2009-01-05 00:11:13 626,976 ----a-w c:\windows\System32\perfh009.dat
- 2009-01-03 00:33:08 4,734 ----a-w
c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-712910195-2065108488-2920947175-1002_UserData.bin
+ 2009-01-05 02:10:44 4,798 ----a-w
c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-712910195-2065108488-2920947175-1002_UserData.bin
- 2009-01-03 00:33:08 65,992 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-05 02:10:44 66,386 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-03 00:05:32 30,538 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-05 02:10:42 30,944 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 53248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe"
[2008-01-29 583048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 18:26 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1980A3A3-72DB-4E3F-9F05-2191AA5DB79A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0816D0DF-B54B-4F22-AD54-EF92FB51704A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

R1 IDSvix86;Symantec Intrusion Prevention
Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20081214.001\IDSvix86.sys
[2008-12-15 270384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common
Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-15 99376]
R3 KeyScrambler;KeyScrambler;c:\windows\System32\drivers\keyscrambler.sys [2009-01-01 113896]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2007-08-01 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2007-08-01 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [2007-08-01 31104]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2007-01-09 38200]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-08-01 812544]
R4 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing
Manager;c:\program files\Sony\VCM Intelligent Analyzing
Manager\VcmIAlzMgr.exe [2009-01-01 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program
files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-08-01
79736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - COMHOST
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
[You must be registered and logged in to see this link.]
c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
FF - ProfilePath - c:\users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\rafdrutm.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component:
c:\users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\rafdrutm.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-01-04 18:15:26
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-04 18:16:27
ComboFix-quarantined-files.txt 2009-01-05 02:16:24
ComboFix2.txt 2009-01-04 03:55:12

Pre-Run: 223,257,763,840 bytes free
Post-Run: 223,234,809,856 bytes free

239

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 5th January 2009, 2:47 pm

Looks okay still.
I ment disable TeaTimer, then try doing updates.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 6th January 2009, 5:09 am

Well i disabled tea timer and i still cant do updates or download anything from the microsoft wensite..like updates for windows defender or windows live messenger...Spybot and malware detect the supposed "trojan" or virus called "Zlob.DNSchanger" it deletes it then i restart and re run either of the programs and the virus still there. i disabled tea timer and stil no solution...im so confused with norton 360 doesnt detect it, it gets updates and such and says its fine and still doesnt detect any issue..........IM so frustrated... what is left to do? re install windows and my computer?

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 6th January 2009, 1:53 pm

Hello.


  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
    DhcpNameServer=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    DhcpNameServer=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    DhcpNameServer=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
    DhcpNameServer=-

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


Press Start > Run
Type in:
ipconfig /flushdns


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 7th January 2009, 3:21 am

ok i did that, upates:

well i tried to update windows, and i got this error "windows could not search for new updates errors found: code 80244019"...so that is still not working.

downloading windows live messenger doesnt work still it tells me there is no connection to the internet which i dont understand since im on here!!! (from filehippo)

i went to the windows (microsoft) to update too or download some items and i get to the download page then it says page load error.as if there was no internet connection......

i reran spybot and it still there....i canot erase it running it normally then i rerun in "administrator" mode and i can erase but theni run it again and still there.........

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 7th January 2009, 2:20 pm

Can you post where it's finding it?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 7th January 2009, 11:38 pm




ok theres the info...i canot make it any bigger than that?

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 7th January 2009, 11:47 pm

The screenshot is too small to see the CLSID.


  • Now open a new notepad file.
  • Input this into the notepad file:

    regedit /e peek1.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces"
    type peek1.txt >> look.txt
    del peek1.txt
    start notepad look.txt

  • Save this as look.bat, save it to your desktop.
  • Double click look.bat to run it.
  • Copy and paste the report back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 8th January 2009, 12:40 am

i did that and the log/notepad came out blank. so there was nothing to post.........im rerunning malware to see if they are still detecting it.

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 8th January 2009, 12:45 am

Okay, can you post the number here?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{this line of letters/numbers as in screenshit}


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 8th January 2009, 12:47 am

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 8th January 2009, 12:58 am

Okay, lets see if this makes any difference.


  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
    "DhcpNameServer"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    "DhcpNameServer"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    "DhcpNameServer"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
    "DhcpNameServer"=-

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 8th January 2009, 3:32 am

i did that it fixed it i reran malware didint find it. restarted comp and BAM! it was back hahaha......do you think i should just take my comp to a professional? do you recommend the people at bestbuy? or circuit city?

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 8th January 2009, 4:56 pm

Nah, we can find it using another tool, and it will clean the DNS hijack, but I need to know if your network IP is assigned by DHCP, or it's using a proxy server, because that will be removed also.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 9th January 2009, 4:31 am

umm how do i find that out? well i have comcast, and i am on a laptop using a wireless router

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 9th January 2009, 4:59 pm

There should be alittle icon down in your tray that looks like two computers, one behind the other.
Double click it to open it, click the "Support" tab, and it will say "Adress type"

It should be "Assigned by DHCP"


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 10th January 2009, 3:32 am

i went into network connection details. it says DHCP ENABLED NO i couldnt find it the way you told me...does that work?

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 10th January 2009, 2:01 pm

Please download smitfraudfix from here:
[You must be registered and logged in to see this link.]

Disconnect from the internet, unplug your Ethernet cable/disconnect from your wireless connection.

Download the file, then right click > Run as administrator.
Allow the cmd window to load, press any key when asked and it will give you a menu of options. Choose option 5 (Clean DNS)
It will make a log when done, post the log here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 12th January 2009, 2:16 am

SmitFraudFix v2.388

Scan done at 18:10:30.48, Sun 01/11/2009
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

HKLM\SYSTEM\CCS\Services\Tcpip\..\{f3190096-33e1-494f-8233-2fe9ece13e18}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{f3190096-33e1-494f-8233-2fe9ece13e18}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=208.67.220.220,208.67.222.222

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

HKLM\SYSTEM\CCS\Services\Tcpip\..\{f3190096-33e1-494f-8233-2fe9ece13e18}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{f3190096-33e1-494f-8233-2fe9ece13e18}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=208.67.220.220,208.67.222.222

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 12th January 2009, 2:25 am

Okay, I think my reg fix here is right.


  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
    "DhcpNameServer"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
    "DhcpNameServer"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    "DhcpNameServer"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    "DhcpNameServer"=-

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 12th January 2009, 4:54 am

did it restarted comp reran malware:

Malwarebytes' Anti-Malware 1.32
Database version: 1643
Windows 6.0.6000

1/11/2009 20:51:23
mbam-log-2009-01-11 (20-51-23).txt

Scan type: Quick Scan
Objects scanned: 49193
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


the trojan or w/e it is still there..... i obviously deleted it...but im sure once i restart it will showup again.....which is what hapens all the time..it detects it "deletes" it then im prompted to restart i do it rerun it and it appears there.......once again

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 12th January 2009, 2:11 pm

We need to go deeper and find out if there's anything else on the drive to cause this.

Download [You must be registered and logged in to see this link.] to your desktop.

  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras.txt. Just post OTViewIt.txt, I don't need to see Extras.txt
  • You may need to use more than one post to get it all on the forum


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 13th January 2009, 10:33 pm

OTViewIt logfile created on: 1/13/2009 14:24:19 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Angel\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16764)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 52.39% Memory free
4.00 Gb Paging File | 3.02 Gb Available in Paging File | 75.50% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.85 Gb Total Space | 203.52 Gb Free Space | 89.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANGEL-PC
Current User Name: Angel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/11/02 01:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2006/11/02 01:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2009/01/09 22:41:31 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2007/01/09 21:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
[2007/06/12 04:55:28 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
[2007/07/24 18:26:38 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
[2007/06/28 07:52:48 | 00,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
[2006/11/02 04:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2006/11/02 01:46:02 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2007/08/01 09:54:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
[2007/06/28 07:53:00 | 00,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
[2007/06/28 07:53:02 | 00,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
[2007/07/24 18:26:38 | 00,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
[2007/06/29 04:56:56 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
[2007/06/29 04:57:23 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
[2006/11/02 01:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 01:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 01:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2006/11/02 01:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007/06/15 12:45:20 | 00,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
[2007/05/31 08:32:14 | 00,551,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
[2007/06/14 07:40:46 | 00,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
[2007/06/29 04:56:25 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
[2007/06/29 04:57:23 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
[2007/06/29 04:56:56 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
[2008/12/15 22:03:30 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/01/09 21:59:52 | 00,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/06/08 04:35:43 | 00,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
[2009/01/09 22:39:24 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/06/08 04:35:39 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
[2007/06/08 04:35:43 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
[2008/12/15 20:44:02 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[2006/11/02 01:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 04:34:43 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2006/11/02 04:34:44 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2006/11/02 01:46:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2006/11/02 01:46:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2009/01/13 14:23:52 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Angel\Downloads\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/01/09 21:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
[2007/01/09 21:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Running])
[2006/11/01 22:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/01/09 21:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
[2007/01/12 19:40:58 | 00,049,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2006/11/02 04:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2009/01/09 23:10:44 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2006/11/02 04:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 04:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2006/11/02 04:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006/11/02 01:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running])
[2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
[2007/01/09 21:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Running])
[2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
[2006/12/14 01:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2006/11/02 05:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2006/11/02 04:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/12/14 00:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [Disabled | Stopped])
[2006/11/02 01:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2009/01/09 22:41:31 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 01:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2006/12/14 01:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2007/06/12 04:55:28 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe -- (STacSV [Auto | Running])
[2008/12/15 20:44:02 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
[2006/11/02 01:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [Disabled | Stopped])
[2007/06/28 07:53:04 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped])
[2007/07/24 18:26:38 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service [Auto | Running])
[2008/03/03 14:45:48 | 00,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr [On_Demand | Stopped])
[2007/07/05 16:43:04 | 00,079,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper [On_Demand | Stopped])
[2007/06/28 07:52:48 | 00,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw [On_Demand | Running])
[2006/11/02 01:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
[2007/06/28 07:53:00 | 00,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc [Auto | Running])
[2007/06/28 07:53:02 | 00,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw [Auto | Running])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/11/02 04:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/11/02 04:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
[2007/08/01 09:54:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService [Auto | Running])

========== Driver Services ==========


Last edited by AARG12 on 13th January 2009, 10:48 pm; edited 1 time in total

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 13th January 2009, 10:38 pm

Hello.
The log is huge, you may need to use a few posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 13th January 2009, 10:51 pm

[2006/11/02 01:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 01:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 01:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 01:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 01:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 01:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 01:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 00:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 00:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2007/06/08 04:35:43 | 00,140,800 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2006/11/02 01:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 01:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2006/11/02 00:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 00:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 00:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 00:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 00:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 00:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 00:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2007/08/01 18:53:01 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2006/11/02 00:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 00:55:27 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2007/08/01 18:53:01 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2007/08/01 18:53:01 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB [On_Demand | Stopped])
[2007/07/05 13:59:44 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2007/07/05 13:59:44 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2006/11/02 00:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2009/01/09 22:43:33 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 01:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 01:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 00:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2006/11/02 00:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2007/06/27 18:29:58 | 00,010,216 | ---- | M] (Sony Corporation) -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall [System | Running])
[2009/01/09 23:10:45 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/01 23:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006/11/02 04:34:35 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2008/11/20 09:35:32 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2006/11/02 01:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/11/20 09:35:32 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2006/11/02 01:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2006/11/02 00:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006/11/02 01:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/11/01 23:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2007/08/01 18:57:24 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 00:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 00:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 01:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/01 23:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
[2007/08/01 09:54:18 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2007/08/01 09:54:16 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
[2007/02/28 04:05:36 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Boot | Running])
[2008/12/05 00:59:00 | 00,270,384 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20090102.001\IDSvix86.sys -- (IDSvix86 [System | Running])
[2007/06/29 04:56:46 | 01,671,680 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx [On_Demand | Running])
[2006/11/02 01:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006/11/02 00:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2006/11/02 01:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 01:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 01:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 00:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2008/03/22 13:37:20 | 00,113,896 | ---- | M] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler [On_Demand | Running])
[2006/11/02 00:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 01:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 01:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 01:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/11/02 00:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2007/08/01 09:54:18 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/11/02 01:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2009/01/09 23:04:39 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 01:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2009/01/09 22:56:35 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 01:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2009/01/09 23:00:40 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2009/01/09 22:35:13 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 01:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 01:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2006/11/02 01:49:20 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2006/11/02 01:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2009/01/09 22:51:43 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2008/11/20 09:35:32 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090112.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/11/20 09:35:32 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090112.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2007/06/30 03:04:02 | 02,222,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32 [On_Demand | Running])
[2006/11/02 01:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2006/11/02 00:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/01 23:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006/11/02 01:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006/11/02 01:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/11/02 01:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 13th January 2009, 10:52 pm

[2009/01/09 23:10:45 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2007/01/09 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/02 01:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 01:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2006/11/02 04:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2007/06/27 04:13:22 | 00,075,008 | ---- | M] (Ricoh) -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86 [On_Demand | Running])
[2007/06/27 04:13:22 | 00,043,904 | ---- | M] (Ricoh) -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86 [On_Demand | Running])
[2006/11/02 01:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2007/04/17 20:09:28 | 00,011,032 | ---- | M] (InterVideo) -- C:\Windows\System32\drivers\regi.sys -- (regi [Auto | Running])
[2006/11/02 00:55:23 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2006/11/02 00:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 01:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006/11/01 22:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2009/01/09 22:43:29 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2007/08/01 18:54:51 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2007/08/01 18:54:51 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2007/08/01 18:54:51 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/11/02 01:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 01:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 01:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2006/11/02 00:57:10 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2006/11/05 23:09:26 | 00,027,520 | ---- | M] (Sony Corporation) -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC [On_Demand | Running])
[2007/04/05 05:06:32 | 00,031,104 | ---- | M] (Sony Corporation) -- C:\Windows\System32\drivers\SonyImgF.sys -- (SonyImgF [On_Demand | Running])
[2007/04/14 02:49:32 | 00,418,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2006/11/02 01:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2007/11/30 23:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP [On_Demand | Running])
[2007/11/30 23:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2007/11/30 23:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2009/01/09 22:35:13 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2009/01/09 22:35:13 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2007/06/12 04:55:39 | 00,326,656 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
[2006/11/02 01:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2007/01/09 14:32:14 | 00,012,984 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2009/01/05 18:18:12 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2007/01/09 14:32:14 | 00,145,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2007/01/09 14:32:14 | 00,040,120 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
[2007/01/09 14:32:14 | 00,038,200 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV [On_Demand | Running])
[2007/01/09 14:32:14 | 00,027,576 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2007/01/09 14:32:14 | 00,191,544 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2006/11/02 01:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 01:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2006/11/02 00:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006/11/02 00:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2007/06/05 04:17:29 | 00,812,544 | ---- | M] (Texas Instruments) -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony [On_Demand | Running])
[2006/11/02 01:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Running])
[2009/01/09 22:56:34 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2009/01/09 22:56:34 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 01:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 01:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 01:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 01:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2006/11/02 00:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 00:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008/12/14 20:50:28 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
[2006/11/02 00:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 00:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 01:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2006/11/02 01:50:24 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2006/11/02 01:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 01:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 00:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 01:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2009/01/09 22:43:30 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2007/05/24 16:36:21 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr [On_Demand | Stopped])
[2007/08/01 09:54:16 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
[2006/11/02 00:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2006/11/02 00:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2007/08/01 09:54:20 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio [Auto | Running])
[2007/05/18 05:19:23 | 00,240,128 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh [On_Demand | Running])

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 13th January 2009, 10:52 pm

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.yahoo.com/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (290752 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 008k.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 032439.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 1001namen.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 100888290cs.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 100sexlinks.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 10sek.com
127.0.0.1 [You must be registered and logged in to see this link.]
10015 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
{2B9F5787-88A5-4945-90E7-C4B18563BC5E} (HKLM) -- C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{90222687-F593-4738-B738-FBEE9C7B26DF}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Apoint"=C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\Windows\system32\igfxtray.exe (Intel Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Persistence"=C:\Windows\system32\igfxpers.exe (Intel Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1 (Sony Electronics, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript (Malwarebytes Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"DisableRegistryTools"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 13th January 2009, 10:54 pm

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{5C106A59-CC3C-4caa-81A4-6D909B5ACE23}: Menu: &KeyScrambler... -- %ProgramFiles%\KeyScrambler\KeyScramblerIE.dll [2008/06/01 23:24:58 | 00,808,936 | ---- | M] (QFX Software Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = [You must be registered and logged in to see this link.]
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0_11
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0_11
{D0C0F75C-683A-4390-A791-1ACFD5599AB8}: -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{FAECE2F7-4527-429B-AF36-B0C020A0926C} (Servers: | Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\Windows\System32\igfxdev.dll (Intel Corporation)
VESWinlogon: "DllName" = VESWinlogon.dll -- C:\Windows\System32\VESWinlogon.dll (Sony Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2006/11/02 01:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2006/11/02 01:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 13:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 13th January 2009, 10:55 pm

========== Files/Folders - Created Within 30 Days ==========

[2009/01/11 23:55:19 | 00,053,248 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2009/01/11 21:00:04 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/01/11 20:10:44 | 00,000,502 | ---- | C] () -- C:\Users\Angel\Desktop\fix.reg
[2009/01/11 18:11:48 | 00,000,691 | ---- | C] () -- C:\Users\Angel\AppData\Roaming\GetValue.vbs
[2009/01/11 18:11:48 | 00,000,035 | ---- | C] () -- C:\Users\Angel\AppData\Roaming\SetValue.bat
[2009/01/09 23:11:33 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/01/09 23:11:33 | 00,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2009/01/09 23:11:33 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2009/01/09 23:11:33 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/01/09 23:10:50 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/01/09 23:10:50 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2009/01/09 23:10:48 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.sys
[2009/01/09 23:10:48 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kmddsp.tsp
[2009/01/09 23:10:48 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndistapi.sys
[2009/01/09 23:10:47 | 00,564,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/01/09 23:10:47 | 00,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2009/01/09 23:10:47 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2009/01/09 23:10:47 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wanarp.sys
[2009/01/09 23:10:47 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/01/09 23:10:47 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndptsp.tsp
[2009/01/09 23:10:47 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2009/01/09 23:10:47 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2009/01/09 23:10:47 | 00,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2009/01/09 23:10:46 | 00,286,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipnathlp.dll
[2009/01/09 23:10:46 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2009/01/09 23:10:45 | 00,694,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/01/09 23:10:45 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/01/09 23:10:45 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2009/01/09 23:10:45 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2009/01/09 23:10:45 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2009/01/09 23:10:44 | 00,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/01/09 23:10:44 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dps.dll
[2009/01/09 23:10:44 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/01/09 23:10:02 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/01/09 23:10:02 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/01/09 23:10:02 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/01/09 23:09:25 | 00,704,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/01/09 23:09:23 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2009/01/09 23:09:22 | 00,258,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/01/09 23:09:22 | 00,020,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\compbatt.sys
[2009/01/09 23:09:21 | 00,028,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2009/01/09 23:09:21 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\CmBatt.sys
[2009/01/09 23:09:20 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/01/09 23:09:19 | 01,655,289 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/01/09 23:09:19 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/01/09 23:09:19 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/01/09 23:09:19 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/01/09 23:09:19 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/01/09 23:09:18 | 00,502,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/01/09 23:09:18 | 00,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/01/09 23:08:09 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/01/09 23:08:09 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/01/09 23:06:38 | 01,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009/01/09 23:06:37 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/01/09 23:06:37 | 00,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/01/09 23:06:37 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/01/09 23:06:37 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/01/09 23:06:37 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/01/09 23:06:37 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2009/01/09 23:06:37 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2009/01/09 23:05:13 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/01/09 23:04:39 | 01,060,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/01/09 23:04:39 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys
[2009/01/09 23:01:27 | 03,593,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/01/09 23:01:27 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/01/09 23:00:40 | 00,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/01/09 23:00:08 | 00,374,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/01/09 22:59:31 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/01/09 22:59:28 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/01/09 22:59:28 | 01,687,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 13th January 2009, 10:58 pm

[2009/01/09 22:58:50 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/01/09 22:58:18 | 02,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/01/09 22:57:47 | 01,194,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/01/09 22:57:47 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2009/01/09 22:57:10 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/01/09 22:57:09 | 10,617,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/01/09 22:57:09 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/01/09 22:57:08 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/01/09 22:57:08 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/01/09 22:57:08 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/01/09 22:56:35 | 00,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/01/09 22:56:35 | 00,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2009/01/09 22:56:35 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys
[2009/01/09 22:56:34 | 00,178,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/01/09 22:56:34 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2009/01/09 22:56:34 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2009/01/09 22:56:34 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
[2009/01/09 22:56:34 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2009/01/09 22:56:34 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS
[2009/01/09 22:56:05 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/01/09 22:55:32 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/01/09 22:54:14 | 11,315,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/01/09 22:51:45 | 00,021,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/01/09 22:51:44 | 00,211,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/01/09 22:51:44 | 00,109,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/01/09 22:51:44 | 00,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/01/09 22:51:44 | 00,017,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelide.sys
[2009/01/09 22:51:43 | 00,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/01/09 22:51:17 | 02,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/01/09 22:49:25 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/01/09 22:49:25 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/01/09 22:49:24 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/01/09 22:49:24 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/01/09 22:49:23 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/01/09 22:49:23 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/01/09 22:49:22 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/01/09 22:49:21 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/01/09 22:49:20 | 00,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/01/09 22:49:18 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/01/09 22:49:17 | 01,831,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/01/09 22:49:17 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/01/09 22:49:16 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/01/09 22:49:15 | 01,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/01/09 22:49:15 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/01/09 22:49:14 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/01/09 22:49:14 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/01/09 22:49:14 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/01/09 22:49:14 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/01/09 22:48:22 | 00,803,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/01/09 22:48:22 | 00,216,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/01/09 22:48:22 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/01/09 22:48:22 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 13th January 2009, 10:58 pm

[2009/01/09 22:48:22 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2009/01/09 22:47:04 | 01,808,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2009/01/09 22:47:04 | 01,793,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2009/01/09 22:47:04 | 01,558,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2009/01/09 22:47:04 | 01,411,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2009/01/09 22:47:03 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2009/01/09 22:47:03 | 01,782,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2009/01/09 22:47:03 | 01,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2009/01/09 22:47:02 | 07,964,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2009/01/09 22:47:02 | 05,499,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2009/01/09 22:47:01 | 05,791,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2009/01/09 22:47:00 | 06,224,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2009/01/09 22:47:00 | 04,175,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2009/01/09 22:46:59 | 02,466,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2009/01/09 22:46:58 | 04,981,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2009/01/09 22:46:58 | 03,331,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2009/01/09 22:46:57 | 06,781,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2009/01/09 22:46:56 | 11,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2009/01/09 22:46:56 | 04,164,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2009/01/09 22:46:55 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/01/09 22:46:55 | 01,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2009/01/09 22:46:54 | 03,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2009/01/09 22:46:54 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/01/09 22:46:54 | 01,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2009/01/09 22:46:53 | 04,093,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2009/01/09 22:46:53 | 01,972,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2009/01/09 22:46:52 | 06,014,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2009/01/09 22:46:52 | 04,045,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2009/01/09 22:46:52 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2009/01/09 22:46:51 | 06,585,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2009/01/09 22:46:51 | 06,346,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2009/01/09 22:46:50 | 09,892,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2009/01/09 22:46:50 | 06,237,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2009/01/09 22:46:49 | 05,654,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2009/01/09 22:46:49 | 01,722,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2009/01/09 22:46:48 | 05,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2009/01/09 22:46:48 | 04,616,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2009/01/09 22:46:47 | 07,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2009/01/09 22:46:47 | 05,031,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2009/01/09 22:46:46 | 05,071,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2009/01/09 22:46:46 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2009/01/09 22:46:46 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2009/01/09 22:46:46 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2009/01/09 22:46:45 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2009/01/09 22:46:45 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2009/01/09 22:46:45 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2009/01/09 22:46:44 | 01,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2009/01/09 22:46:44 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2009/01/09 22:46:44 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2009/01/09 22:46:44 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2009/01/09 22:46:44 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2009/01/09 22:46:43 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2009/01/09 22:46:43 | 02,655,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2009/01/09 22:46:42 | 03,464,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2009/01/09 22:46:42 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2009/01/09 22:46:42 | 01,523,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2009/01/09 22:46:41 | 04,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2009/01/09 22:46:41 | 02,597,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2009/01/09 22:46:41 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2009/01/09 22:46:41 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2009/01/09 22:46:40 | 04,874,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2009/01/09 22:46:40 | 02,241,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2009/01/09 22:46:39 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2009/01/09 22:46:39 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2009/01/09 22:46:39 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2009/01/09 22:46:38 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2009/01/09 22:46:38 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2009/01/09 22:46:38 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2009/01/09 22:46:38 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2009/01/09 22:46:38 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2009/01/09 22:46:37 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2009/01/09 22:46:36 | 09,845,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2009/01/09 22:46:36 | 02,641,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2009/01/09 22:46:36 | 02,340,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2009/01/09 22:46:35 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2009/01/09 22:46:35 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2009/01/09 22:46:34 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2009/01/09 22:46:34 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2009/01/09 22:46:34 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 13th January 2009, 10:59 pm

[2009/01/09 22:46:34 | 00,797,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/01/09 22:46:33 | 06,917,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2009/01/09 22:46:32 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2009/01/09 22:44:00 | 01,585,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/01/09 22:43:34 | 00,905,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/01/09 22:43:34 | 00,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/01/09 22:43:34 | 00,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/01/09 22:43:34 | 00,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2009/01/09 22:43:34 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
[2009/01/09 22:43:34 | 00,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/01/09 22:43:34 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2009/01/09 22:43:33 | 00,944,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/01/09 22:43:33 | 00,620,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/01/09 22:43:33 | 00,224,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/01/09 22:43:33 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2009/01/09 22:43:32 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/01/09 22:43:32 | 00,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2009/01/09 22:43:32 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/01/09 22:43:32 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/01/09 22:43:32 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/01/09 22:43:32 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2009/01/09 22:43:31 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2009/01/09 22:43:31 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2009/01/09 22:43:31 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2009/01/09 22:43:31 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2009/01/09 22:43:30 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/01/09 22:43:30 | 00,495,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys
[2009/01/09 22:43:30 | 00,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2009/01/09 22:43:30 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2009/01/09 22:43:30 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/01/09 22:43:29 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\i8042prt.sys
[2009/01/09 22:43:29 | 00,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdclass.sys
[2009/01/09 22:43:29 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2009/01/09 22:43:29 | 00,034,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouclass.sys
[2009/01/09 22:43:29 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys
[2009/01/09 22:42:05 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2009/01/09 22:42:05 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2009/01/09 22:42:05 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2009/01/09 22:41:52 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/01/09 22:41:34 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2009/01/09 22:41:34 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/01/09 22:41:34 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/01/09 22:41:33 | 00,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/01/09 22:41:33 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/01/09 22:41:33 | 00,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/01/09 22:41:32 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/01/09 22:41:31 | 02,605,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/01/09 22:41:31 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/01/09 22:41:08 | 00,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/01/09 22:41:08 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/01/09 22:41:07 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/01/09 22:40:04 | 00,269,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/01/09 22:40:04 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2009/01/09 22:40:03 | 00,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/01/09 22:40:01 | 01,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/01/09 22:40:01 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/01/09 22:40:01 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/01/09 22:40:01 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2009/01/09 22:40:00 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2009/01/09 22:40:00 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/01/09 22:40:00 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2009/01/09 22:40:00 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2009/01/09 22:39:59 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/01/09 22:39:59 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2009/01/09 22:39:59 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2009/01/09 22:39:57 | 08,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2009/01/09 22:39:40 | 00,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/01/09 22:39:40 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2009/01/09 22:39:32 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/01/09 22:39:32 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2009/01/09 22:39:23 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2009/01/09 22:39:07 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/01/09 22:39:07 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/01/09 22:39:07 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2009/01/09 22:35:25 | 02,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/01/09 22:35:25 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/01/09 22:35:25 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/01/09 22:35:25 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/01/09 22:35:25 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/01/09 22:35:24 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/01/09 22:35:24 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/01/09 22:35:23 | 02,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/01/09 22:35:13 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/01/09 22:35:13 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/01/09 22:35:13 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/01/09 22:35:13 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/01/09 22:35:07 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/01/09 22:35:03 | 00,788,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/01/09 22:34:16 | 00,737,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/01/09 22:34:16 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2009/01/09 22:34:04 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/01/09 22:33:43 | 01,327,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/01/09 22:32:45 | 03,505,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/01/09 22:32:44 | 03,470,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/01/09 22:32:22 | 01,341,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/01/09 22:32:22 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2009/01/09 22:31:40 | 00,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/01/07 20:11:47 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/01/07 20:11:47 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/01/07 20:11:47 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/01/07 20:11:47 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/01/07 20:11:18 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/01/07 20:11:18 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/01/07 20:11:17 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/01/07 20:10:47 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/01/07 20:10:47 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 29000
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum