I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Wed Jan 07, 2009 11:47 pm

The screenshot is too small to see the CLSID.


  • Now open a new notepad file.
  • Input this into the notepad file:

    regedit /e peek1.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces"
    type peek1.txt >> look.txt
    del peek1.txt
    start notepad look.txt

  • Save this as look.bat, save it to your desktop.
  • Double click look.bat to run it.
  • Copy and paste the report back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Thu Jan 08, 2009 12:40 am

i did that and the log/notepad came out blank. so there was nothing to post.........im rerunning malware to see if they are still detecting it.

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Thu Jan 08, 2009 12:45 am

Okay, can you post the number here?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{this line of letters/numbers as in screenshit}


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Thu Jan 08, 2009 12:47 am

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Thu Jan 08, 2009 12:58 am

Okay, lets see if this makes any difference.


  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
    "DhcpNameServer"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    "DhcpNameServer"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    "DhcpNameServer"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
    "DhcpNameServer"=-

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Thu Jan 08, 2009 3:32 am

i did that it fixed it i reran malware didint find it. restarted comp and BAM! it was back hahaha......do you think i should just take my comp to a professional? do you recommend the people at bestbuy? or circuit city?

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Thu Jan 08, 2009 4:56 pm

Nah, we can find it using another tool, and it will clean the DNS hijack, but I need to know if your network IP is assigned by DHCP, or it's using a proxy server, because that will be removed also.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Fri Jan 09, 2009 4:31 am

umm how do i find that out? well i have comcast, and i am on a laptop using a wireless router

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Fri Jan 09, 2009 4:59 pm

There should be alittle icon down in your tray that looks like two computers, one behind the other.
Double click it to open it, click the "Support" tab, and it will say "Adress type"

It should be "Assigned by DHCP"


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Sat Jan 10, 2009 3:32 am

i went into network connection details. it says DHCP ENABLED NO i couldnt find it the way you told me...does that work?

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Sat Jan 10, 2009 2:01 pm

Please download smitfraudfix from here:
[You must be registered and logged in to see this link.]

Disconnect from the internet, unplug your Ethernet cable/disconnect from your wireless connection.

Download the file, then right click > Run as administrator.
Allow the cmd window to load, press any key when asked and it will give you a menu of options. Choose option 5 (Clean DNS)
It will make a log when done, post the log here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 12, 2009 2:16 am

SmitFraudFix v2.388

Scan done at 18:10:30.48, Sun 01/11/2009
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

HKLM\SYSTEM\CCS\Services\Tcpip\..\{f3190096-33e1-494f-8233-2fe9ece13e18}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{f3190096-33e1-494f-8233-2fe9ece13e18}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=208.67.220.220,208.67.222.222

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

HKLM\SYSTEM\CCS\Services\Tcpip\..\{f3190096-33e1-494f-8233-2fe9ece13e18}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{f3190096-33e1-494f-8233-2fe9ece13e18}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=208.67.220.220,208.67.222.222

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Mon Jan 12, 2009 2:25 am

Okay, I think my reg fix here is right.


  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
    "DhcpNameServer"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
    "DhcpNameServer"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    "DhcpNameServer"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    "DhcpNameServer"=-

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 12, 2009 4:54 am

did it restarted comp reran malware:

Malwarebytes' Anti-Malware 1.32
Database version: 1643
Windows 6.0.6000

1/11/2009 20:51:23
mbam-log-2009-01-11 (20-51-23).txt

Scan type: Quick Scan
Objects scanned: 49193
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


the trojan or w/e it is still there..... i obviously deleted it...but im sure once i restart it will showup again.....which is what hapens all the time..it detects it "deletes" it then im prompted to restart i do it rerun it and it appears there.......once again

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Mon Jan 12, 2009 2:11 pm

We need to go deeper and find out if there's anything else on the drive to cause this.

Download [You must be registered and logged in to see this link.] to your desktop.

  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras.txt. Just post OTViewIt.txt, I don't need to see Extras.txt
  • You may need to use more than one post to get it all on the forum


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 10:33 pm

OTViewIt logfile created on: 1/13/2009 14:24:19 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Angel\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16764)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 52.39% Memory free
4.00 Gb Paging File | 3.02 Gb Available in Paging File | 75.50% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.85 Gb Total Space | 203.52 Gb Free Space | 89.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANGEL-PC
Current User Name: Angel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/11/02 01:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2006/11/02 01:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2009/01/09 22:41:31 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2007/01/09 21:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
[2007/06/12 04:55:28 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
[2007/07/24 18:26:38 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
[2007/06/28 07:52:48 | 00,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
[2006/11/02 04:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2006/11/02 01:46:02 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2007/08/01 09:54:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
[2007/06/28 07:53:00 | 00,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
[2007/06/28 07:53:02 | 00,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
[2007/07/24 18:26:38 | 00,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
[2007/06/29 04:56:56 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
[2007/06/29 04:57:23 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
[2006/11/02 01:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 01:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 01:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2006/11/02 01:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007/06/15 12:45:20 | 00,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
[2007/05/31 08:32:14 | 00,551,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
[2007/06/14 07:40:46 | 00,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
[2007/06/29 04:56:25 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
[2007/06/29 04:57:23 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
[2007/06/29 04:56:56 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
[2008/12/15 22:03:30 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/01/09 21:59:52 | 00,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/06/08 04:35:43 | 00,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
[2009/01/09 22:39:24 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/06/08 04:35:39 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
[2007/06/08 04:35:43 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
[2008/12/15 20:44:02 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[2006/11/02 01:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 04:34:43 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2006/11/02 04:34:44 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2006/11/02 01:46:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2006/11/02 01:46:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2009/01/13 14:23:52 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Angel\Downloads\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/01/09 21:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
[2007/01/09 21:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Running])
[2006/11/01 22:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/01/09 21:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
[2007/01/12 19:40:58 | 00,049,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2006/11/02 04:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2009/01/09 23:10:44 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2006/11/02 04:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 04:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2006/11/02 04:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006/11/02 01:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running])
[2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
[2007/01/09 21:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Running])
[2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
[2006/12/14 01:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2006/11/02 05:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2006/11/02 04:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/12/14 00:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [Disabled | Stopped])
[2006/11/02 01:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2009/01/09 22:41:31 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 01:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2006/12/14 01:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2007/06/12 04:55:28 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe -- (STacSV [Auto | Running])
[2008/12/15 20:44:02 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
[2006/11/02 01:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [Disabled | Stopped])
[2007/06/28 07:53:04 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped])
[2007/07/24 18:26:38 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service [Auto | Running])
[2008/03/03 14:45:48 | 00,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr [On_Demand | Stopped])
[2007/07/05 16:43:04 | 00,079,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper [On_Demand | Stopped])
[2007/06/28 07:52:48 | 00,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw [On_Demand | Running])
[2006/11/02 01:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
[2007/06/28 07:53:00 | 00,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc [Auto | Running])
[2007/06/28 07:53:02 | 00,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw [Auto | Running])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/11/02 04:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/11/02 04:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
[2007/08/01 09:54:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService [Auto | Running])

========== Driver Services ==========


Last edited by AARG12 on Tue Jan 13, 2009 10:48 pm; edited 1 time in total

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Tue Jan 13, 2009 10:38 pm

Hello.
The log is huge, you may need to use a few posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 10:51 pm

[2006/11/02 01:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 01:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 01:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 01:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 01:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 01:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 01:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 00:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 00:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2007/06/08 04:35:43 | 00,140,800 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2006/11/02 01:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 01:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2006/11/02 00:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 00:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 00:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 00:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 00:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 00:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 00:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2007/08/01 18:53:01 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2006/11/02 00:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 00:55:27 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2007/08/01 18:53:01 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2007/08/01 18:53:01 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB [On_Demand | Stopped])
[2007/07/05 13:59:44 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2007/07/05 13:59:44 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2006/11/02 00:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2009/01/09 22:43:33 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 01:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 01:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 00:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2006/11/02 00:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2007/06/27 18:29:58 | 00,010,216 | ---- | M] (Sony Corporation) -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall [System | Running])
[2009/01/09 23:10:45 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/01 23:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006/11/02 04:34:35 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2008/11/20 09:35:32 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2006/11/02 01:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/11/20 09:35:32 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2006/11/02 01:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2006/11/02 00:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006/11/02 01:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/11/01 23:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2007/08/01 18:57:24 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 00:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 00:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 01:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/01 23:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
[2007/08/01 09:54:18 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2007/08/01 09:54:16 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
[2007/02/28 04:05:36 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Boot | Running])
[2008/12/05 00:59:00 | 00,270,384 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20090102.001\IDSvix86.sys -- (IDSvix86 [System | Running])
[2007/06/29 04:56:46 | 01,671,680 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx [On_Demand | Running])
[2006/11/02 01:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006/11/02 00:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2006/11/02 01:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 01:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 01:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 00:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2008/03/22 13:37:20 | 00,113,896 | ---- | M] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler [On_Demand | Running])
[2006/11/02 00:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 01:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 01:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 01:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/11/02 00:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2007/08/01 09:54:18 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/11/02 01:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2009/01/09 23:04:39 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 01:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2009/01/09 22:56:35 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 01:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2009/01/09 23:00:40 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2009/01/09 22:35:13 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 01:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 01:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2006/11/02 01:49:20 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2006/11/02 01:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2009/01/09 22:51:43 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2008/11/20 09:35:32 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090112.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/11/20 09:35:32 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090112.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2007/06/30 03:04:02 | 02,222,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32 [On_Demand | Running])
[2006/11/02 01:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2006/11/02 00:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/01 23:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006/11/02 01:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006/11/02 01:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/11/02 01:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 10:52 pm

[2009/01/09 23:10:45 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2007/01/09 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/02 01:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 01:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2006/11/02 04:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2007/06/27 04:13:22 | 00,075,008 | ---- | M] (Ricoh) -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86 [On_Demand | Running])
[2007/06/27 04:13:22 | 00,043,904 | ---- | M] (Ricoh) -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86 [On_Demand | Running])
[2006/11/02 01:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2007/04/17 20:09:28 | 00,011,032 | ---- | M] (InterVideo) -- C:\Windows\System32\drivers\regi.sys -- (regi [Auto | Running])
[2006/11/02 00:55:23 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2006/11/02 00:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 01:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006/11/01 22:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2009/01/09 22:43:29 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2007/08/01 18:54:51 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2007/08/01 18:54:51 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2007/08/01 18:54:51 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/11/02 01:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 01:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 01:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2006/11/02 00:57:10 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2006/11/05 23:09:26 | 00,027,520 | ---- | M] (Sony Corporation) -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC [On_Demand | Running])
[2007/04/05 05:06:32 | 00,031,104 | ---- | M] (Sony Corporation) -- C:\Windows\System32\drivers\SonyImgF.sys -- (SonyImgF [On_Demand | Running])
[2007/04/14 02:49:32 | 00,418,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2006/11/02 01:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2007/11/30 23:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP [On_Demand | Running])
[2007/11/30 23:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2007/11/30 23:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2009/01/09 22:35:13 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2009/01/09 22:35:13 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2007/06/12 04:55:39 | 00,326,656 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
[2006/11/02 01:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2007/01/09 14:32:14 | 00,012,984 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2009/01/05 18:18:12 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2007/01/09 14:32:14 | 00,145,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2007/01/09 14:32:14 | 00,040,120 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
[2007/01/09 14:32:14 | 00,038,200 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV [On_Demand | Running])
[2007/01/09 14:32:14 | 00,027,576 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2007/01/09 14:32:14 | 00,191,544 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2006/11/02 01:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 01:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2006/11/02 00:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006/11/02 00:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2007/06/05 04:17:29 | 00,812,544 | ---- | M] (Texas Instruments) -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony [On_Demand | Running])
[2006/11/02 01:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Running])
[2009/01/09 22:56:34 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2009/01/09 22:56:34 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 01:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 01:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 01:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 01:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2006/11/02 00:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 00:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008/12/14 20:50:28 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
[2006/11/02 00:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 00:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 01:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2006/11/02 01:50:24 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2006/11/02 01:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 01:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 00:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 01:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2009/01/09 22:43:30 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2007/05/24 16:36:21 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr [On_Demand | Stopped])
[2007/08/01 09:54:16 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
[2006/11/02 00:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2006/11/02 00:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2007/08/01 09:54:20 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio [Auto | Running])
[2007/05/18 05:19:23 | 00,240,128 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh [On_Demand | Running])

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 10:52 pm

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.yahoo.com/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (290752 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 008k.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 032439.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 1001namen.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 100888290cs.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 100sexlinks.com
127.0.0.1 [You must be registered and logged in to see this link.]
127.0.0.1 10sek.com
127.0.0.1 [You must be registered and logged in to see this link.]
10015 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
{2B9F5787-88A5-4945-90E7-C4B18563BC5E} (HKLM) -- C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{90222687-F593-4738-B738-FBEE9C7B26DF}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Apoint"=C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\Windows\system32\igfxtray.exe (Intel Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Persistence"=C:\Windows\system32\igfxpers.exe (Intel Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1 (Sony Electronics, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript (Malwarebytes Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"DisableRegistryTools"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 10:54 pm

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{5C106A59-CC3C-4caa-81A4-6D909B5ACE23}: Menu: &KeyScrambler... -- %ProgramFiles%\KeyScrambler\KeyScramblerIE.dll [2008/06/01 23:24:58 | 00,808,936 | ---- | M] (QFX Software Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = [You must be registered and logged in to see this link.]
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0_11
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0_11
{D0C0F75C-683A-4390-A791-1ACFD5599AB8}: -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{FAECE2F7-4527-429B-AF36-B0C020A0926C} (Servers: | Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\Windows\System32\igfxdev.dll (Intel Corporation)
VESWinlogon: "DllName" = VESWinlogon.dll -- C:\Windows\System32\VESWinlogon.dll (Sony Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2006/11/02 01:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2006/11/02 01:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 13:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 10:55 pm

========== Files/Folders - Created Within 30 Days ==========

[2009/01/11 23:55:19 | 00,053,248 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2009/01/11 21:00:04 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/01/11 20:10:44 | 00,000,502 | ---- | C] () -- C:\Users\Angel\Desktop\fix.reg
[2009/01/11 18:11:48 | 00,000,691 | ---- | C] () -- C:\Users\Angel\AppData\Roaming\GetValue.vbs
[2009/01/11 18:11:48 | 00,000,035 | ---- | C] () -- C:\Users\Angel\AppData\Roaming\SetValue.bat
[2009/01/09 23:11:33 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/01/09 23:11:33 | 00,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2009/01/09 23:11:33 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2009/01/09 23:11:33 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/01/09 23:10:50 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/01/09 23:10:50 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2009/01/09 23:10:48 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.sys
[2009/01/09 23:10:48 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kmddsp.tsp
[2009/01/09 23:10:48 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndistapi.sys
[2009/01/09 23:10:47 | 00,564,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/01/09 23:10:47 | 00,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2009/01/09 23:10:47 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2009/01/09 23:10:47 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wanarp.sys
[2009/01/09 23:10:47 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/01/09 23:10:47 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndptsp.tsp
[2009/01/09 23:10:47 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2009/01/09 23:10:47 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2009/01/09 23:10:47 | 00,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2009/01/09 23:10:46 | 00,286,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipnathlp.dll
[2009/01/09 23:10:46 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2009/01/09 23:10:45 | 00,694,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/01/09 23:10:45 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/01/09 23:10:45 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2009/01/09 23:10:45 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2009/01/09 23:10:45 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2009/01/09 23:10:44 | 00,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/01/09 23:10:44 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dps.dll
[2009/01/09 23:10:44 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/01/09 23:10:02 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/01/09 23:10:02 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/01/09 23:10:02 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/01/09 23:09:25 | 00,704,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/01/09 23:09:23 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2009/01/09 23:09:22 | 00,258,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/01/09 23:09:22 | 00,020,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\compbatt.sys
[2009/01/09 23:09:21 | 00,028,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2009/01/09 23:09:21 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\CmBatt.sys
[2009/01/09 23:09:20 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/01/09 23:09:19 | 01,655,289 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/01/09 23:09:19 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/01/09 23:09:19 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/01/09 23:09:19 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/01/09 23:09:19 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/01/09 23:09:18 | 00,502,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/01/09 23:09:18 | 00,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/01/09 23:08:09 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/01/09 23:08:09 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/01/09 23:06:38 | 01,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009/01/09 23:06:37 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/01/09 23:06:37 | 00,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/01/09 23:06:37 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/01/09 23:06:37 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/01/09 23:06:37 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/01/09 23:06:37 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2009/01/09 23:06:37 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2009/01/09 23:05:13 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/01/09 23:04:39 | 01,060,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/01/09 23:04:39 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys
[2009/01/09 23:01:27 | 03,593,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/01/09 23:01:27 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/01/09 23:00:40 | 00,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/01/09 23:00:08 | 00,374,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/01/09 22:59:31 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/01/09 22:59:28 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/01/09 22:59:28 | 01,687,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 10:58 pm

[2009/01/09 22:58:50 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/01/09 22:58:18 | 02,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/01/09 22:57:47 | 01,194,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/01/09 22:57:47 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2009/01/09 22:57:10 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/01/09 22:57:09 | 10,617,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/01/09 22:57:09 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/01/09 22:57:08 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/01/09 22:57:08 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/01/09 22:57:08 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/01/09 22:56:35 | 00,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/01/09 22:56:35 | 00,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2009/01/09 22:56:35 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys
[2009/01/09 22:56:34 | 00,178,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/01/09 22:56:34 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2009/01/09 22:56:34 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2009/01/09 22:56:34 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
[2009/01/09 22:56:34 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2009/01/09 22:56:34 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS
[2009/01/09 22:56:05 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/01/09 22:55:32 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/01/09 22:54:14 | 11,315,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/01/09 22:51:45 | 00,021,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/01/09 22:51:44 | 00,211,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/01/09 22:51:44 | 00,109,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/01/09 22:51:44 | 00,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/01/09 22:51:44 | 00,017,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelide.sys
[2009/01/09 22:51:43 | 00,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/01/09 22:51:17 | 02,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/01/09 22:49:25 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/01/09 22:49:25 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/01/09 22:49:24 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/01/09 22:49:24 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/01/09 22:49:23 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/01/09 22:49:23 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/01/09 22:49:22 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/01/09 22:49:21 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/01/09 22:49:20 | 00,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/01/09 22:49:18 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/01/09 22:49:17 | 01,831,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/01/09 22:49:17 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/01/09 22:49:16 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/01/09 22:49:15 | 01,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/01/09 22:49:15 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/01/09 22:49:14 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/01/09 22:49:14 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/01/09 22:49:14 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/01/09 22:49:14 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/01/09 22:48:22 | 00,803,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/01/09 22:48:22 | 00,216,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/01/09 22:48:22 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/01/09 22:48:22 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 10:58 pm

[2009/01/09 22:48:22 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2009/01/09 22:47:04 | 01,808,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2009/01/09 22:47:04 | 01,793,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2009/01/09 22:47:04 | 01,558,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2009/01/09 22:47:04 | 01,411,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2009/01/09 22:47:03 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2009/01/09 22:47:03 | 01,782,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2009/01/09 22:47:03 | 01,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2009/01/09 22:47:02 | 07,964,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2009/01/09 22:47:02 | 05,499,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2009/01/09 22:47:01 | 05,791,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2009/01/09 22:47:00 | 06,224,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2009/01/09 22:47:00 | 04,175,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2009/01/09 22:46:59 | 02,466,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2009/01/09 22:46:58 | 04,981,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2009/01/09 22:46:58 | 03,331,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2009/01/09 22:46:57 | 06,781,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2009/01/09 22:46:56 | 11,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2009/01/09 22:46:56 | 04,164,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2009/01/09 22:46:55 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/01/09 22:46:55 | 01,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2009/01/09 22:46:54 | 03,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2009/01/09 22:46:54 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/01/09 22:46:54 | 01,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2009/01/09 22:46:53 | 04,093,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2009/01/09 22:46:53 | 01,972,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2009/01/09 22:46:52 | 06,014,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2009/01/09 22:46:52 | 04,045,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2009/01/09 22:46:52 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2009/01/09 22:46:51 | 06,585,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2009/01/09 22:46:51 | 06,346,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2009/01/09 22:46:50 | 09,892,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2009/01/09 22:46:50 | 06,237,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2009/01/09 22:46:49 | 05,654,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2009/01/09 22:46:49 | 01,722,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2009/01/09 22:46:48 | 05,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2009/01/09 22:46:48 | 04,616,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2009/01/09 22:46:47 | 07,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2009/01/09 22:46:47 | 05,031,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2009/01/09 22:46:46 | 05,071,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2009/01/09 22:46:46 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2009/01/09 22:46:46 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2009/01/09 22:46:46 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2009/01/09 22:46:45 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2009/01/09 22:46:45 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2009/01/09 22:46:45 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2009/01/09 22:46:44 | 01,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2009/01/09 22:46:44 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2009/01/09 22:46:44 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2009/01/09 22:46:44 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2009/01/09 22:46:44 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2009/01/09 22:46:43 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2009/01/09 22:46:43 | 02,655,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2009/01/09 22:46:42 | 03,464,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2009/01/09 22:46:42 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2009/01/09 22:46:42 | 01,523,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2009/01/09 22:46:41 | 04,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2009/01/09 22:46:41 | 02,597,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2009/01/09 22:46:41 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2009/01/09 22:46:41 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2009/01/09 22:46:40 | 04,874,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2009/01/09 22:46:40 | 02,241,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2009/01/09 22:46:39 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2009/01/09 22:46:39 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2009/01/09 22:46:39 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2009/01/09 22:46:38 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2009/01/09 22:46:38 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2009/01/09 22:46:38 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2009/01/09 22:46:38 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2009/01/09 22:46:38 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2009/01/09 22:46:37 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2009/01/09 22:46:36 | 09,845,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2009/01/09 22:46:36 | 02,641,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2009/01/09 22:46:36 | 02,340,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2009/01/09 22:46:35 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2009/01/09 22:46:35 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2009/01/09 22:46:34 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2009/01/09 22:46:34 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2009/01/09 22:46:34 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 10:59 pm

[2009/01/09 22:46:34 | 00,797,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/01/09 22:46:33 | 06,917,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2009/01/09 22:46:32 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2009/01/09 22:44:00 | 01,585,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/01/09 22:43:34 | 00,905,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/01/09 22:43:34 | 00,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/01/09 22:43:34 | 00,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/01/09 22:43:34 | 00,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2009/01/09 22:43:34 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
[2009/01/09 22:43:34 | 00,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/01/09 22:43:34 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2009/01/09 22:43:33 | 00,944,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/01/09 22:43:33 | 00,620,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/01/09 22:43:33 | 00,224,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/01/09 22:43:33 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2009/01/09 22:43:32 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/01/09 22:43:32 | 00,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2009/01/09 22:43:32 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/01/09 22:43:32 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/01/09 22:43:32 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/01/09 22:43:32 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2009/01/09 22:43:31 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2009/01/09 22:43:31 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2009/01/09 22:43:31 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2009/01/09 22:43:31 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2009/01/09 22:43:30 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/01/09 22:43:30 | 00,495,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys
[2009/01/09 22:43:30 | 00,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2009/01/09 22:43:30 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2009/01/09 22:43:30 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/01/09 22:43:29 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\i8042prt.sys
[2009/01/09 22:43:29 | 00,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdclass.sys
[2009/01/09 22:43:29 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2009/01/09 22:43:29 | 00,034,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouclass.sys
[2009/01/09 22:43:29 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys
[2009/01/09 22:42:05 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2009/01/09 22:42:05 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2009/01/09 22:42:05 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2009/01/09 22:41:52 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/01/09 22:41:34 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2009/01/09 22:41:34 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/01/09 22:41:34 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/01/09 22:41:33 | 00,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/01/09 22:41:33 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/01/09 22:41:33 | 00,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/01/09 22:41:32 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/01/09 22:41:31 | 02,605,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/01/09 22:41:31 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/01/09 22:41:08 | 00,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/01/09 22:41:08 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/01/09 22:41:07 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/01/09 22:40:04 | 00,269,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/01/09 22:40:04 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2009/01/09 22:40:03 | 00,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/01/09 22:40:01 | 01,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/01/09 22:40:01 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/01/09 22:40:01 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/01/09 22:40:01 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2009/01/09 22:40:00 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2009/01/09 22:40:00 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/01/09 22:40:00 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2009/01/09 22:40:00 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2009/01/09 22:39:59 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/01/09 22:39:59 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2009/01/09 22:39:59 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2009/01/09 22:39:57 | 08,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2009/01/09 22:39:40 | 00,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/01/09 22:39:40 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2009/01/09 22:39:32 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/01/09 22:39:32 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2009/01/09 22:39:23 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2009/01/09 22:39:07 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/01/09 22:39:07 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/01/09 22:39:07 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2009/01/09 22:35:25 | 02,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/01/09 22:35:25 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/01/09 22:35:25 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/01/09 22:35:25 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/01/09 22:35:25 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/01/09 22:35:24 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/01/09 22:35:24 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/01/09 22:35:23 | 02,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/01/09 22:35:13 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/01/09 22:35:13 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/01/09 22:35:13 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/01/09 22:35:13 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/01/09 22:35:07 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/01/09 22:35:03 | 00,788,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/01/09 22:34:16 | 00,737,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/01/09 22:34:16 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2009/01/09 22:34:04 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/01/09 22:33:43 | 01,327,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/01/09 22:32:45 | 03,505,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/01/09 22:32:44 | 03,470,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/01/09 22:32:22 | 01,341,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/01/09 22:32:22 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2009/01/09 22:31:40 | 00,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/01/07 20:11:47 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/01/07 20:11:47 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/01/07 20:11:47 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/01/07 20:11:47 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/01/07 20:11:18 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/01/07 20:11:18 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/01/07 20:11:17 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/01/07 20:10:47 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/01/07 20:10:47 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 11:01 pm

[2009/01/06 20:48:10 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Apple Computer
[2009/01/06 20:48:10 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\Apple Computer
[2009/01/06 20:48:06 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/01/06 20:47:48 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/01/06 20:47:47 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/01/06 20:47:01 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/01/06 20:46:45 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/01/06 20:46:31 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/01/06 20:46:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/01/06 20:46:09 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\Apple
[2009/01/06 20:46:04 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/01/06 20:45:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/01/06 20:45:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/01/06 20:14:16 | 00,000,000 | ---D | C] -- C:\Users\Angel\Documents\My Received Files
[2009/01/06 20:14:06 | 00,000,000 | -HSD | C] -- C:\Program Files\Common Files\WindowsLiveInstaller
[2009/01/06 20:13:40 | 00,000,000 | ---D | C] -- C:\ProgramData\WLInstaller
[2009/01/06 20:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/01/05 23:52:46 | 00,004,608 | ---- | C] () -- C:\Users\Angel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/05 23:17:04 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\Agent.OMZ.Fix.exe
[2009/01/05 22:17:26 | 00,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2009/01/05 21:53:58 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/01/05 21:32:33 | 00,001,874 | ---- | C] () -- C:\Users\Angel\Desktop\HijackThis.lnk
[2009/01/04 18:16:28 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/01/04 18:12:57 | 00,000,540 | ---- | C] () -- C:\Users\Angel\Desktop\ComboFix - Shortcut.lnk
[2009/01/02 16:31:13 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/01/02 16:26:41 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/01/02 16:26:41 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/01/02 16:26:41 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\Windows\fdsv.exe
[2009/01/02 16:26:41 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/01/02 16:26:41 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/01/02 16:26:41 | 00,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2009/01/02 16:26:41 | 00,028,672 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/01/02 16:26:40 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/01/02 16:26:40 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/01/02 16:26:34 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/01/02 16:26:34 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/01/02 15:43:49 | 00,731,136 | ---- | C] () -- C:\Users\Angel\Desktop\avenger.exe
[2009/01/01 21:26:47 | 00,001,085 | ---- | C] () -- C:\Users\Angel\Desktop\Spybot - Search & Destroy.lnk
[2009/01/01 21:15:59 | 00,113,896 | ---- | C] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys
[2009/01/01 21:15:59 | 00,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2009/01/01 19:56:33 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\InstallShield
[2009/01/01 19:50:28 | 00,000,000 | ---D | C] -- C:\Update
[2008/12/30 23:18:48 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/30 22:28:32 | 01,963,676 | -H-- | C] () -- C:\Users\Angel\AppData\Local\IconCache.db
[2008/12/30 21:45:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2008/12/30 21:45:44 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/30 21:45:42 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/12/30 21:45:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/28 20:18:50 | 00,000,000 | ---D | C] -- C:\Users\Angel\Documents\Oberon Media
[2008/12/28 15:31:09 | 00,000,000 | ---D | C] -- C:\scscc20
[2008/12/26 16:19:53 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
[2008/12/23 23:14:57 | 21,374,48448 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/23 00:53:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2008/12/23 00:53:37 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/12/22 23:40:10 | 00,001,670 | ---- | C] () -- C:\Users\Angel\Desktop\CCleaner.lnk
[2008/12/22 23:40:09 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/12/22 23:39:02 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Malwarebytes
[2008/12/22 23:38:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2008/12/22 23:19:05 | 00,000,000 | ---D | C] -- C:\Windows\Intuit
[2008/12/22 22:31:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/17 11:55:51 | 00,001,637 | ---- | C] () -- C:\Users\Angel\Desktop\Paint.lnk
[2008/12/15 21:29:08 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Symantec
[2008/12/15 21:13:10 | 00,023,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\COH_Mon.sys
[2008/12/15 21:13:10 | 00,010,537 | ---- | C] () -- C:\Windows\System32\drivers\COH_Mon.cat
[2008/12/15 21:13:10 | 00,000,706 | ---- | C] () -- C:\Windows\System32\drivers\COH_Mon.inf
[2008/12/15 21:11:52 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Corel
[2008/12/15 21:01:01 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Adobe
[2008/12/15 21:01:01 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\Adobe
[2008/12/15 20:50:54 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2008/12/15 20:46:07 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Mozilla
[2008/12/15 20:46:07 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\Mozilla
[2008/12/15 20:45:54 | 00,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2008/12/15 20:45:44 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/12/15 20:45:08 | 00,186,256 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\SymNPPWA.dll
[2008/12/15 20:44:17 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2008/12/15 20:44:17 | 00,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/12/15 20:28:07 | 00,000,016 | ---- | C] () -- C:\Windows\System32\coh.cache
[2008/12/14 22:37:39 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\AOL
[2008/12/14 22:32:08 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Macromedia
[2008/12/14 22:31:59 | 00,072,632 | ---- | C] () -- C:\Users\Angel\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/12/14 22:31:41 | 00,000,432 | -HS- | C] () -- C:\Users\Angel\Desktop\desktop.ini
[2008/12/14 22:31:41 | 00,000,402 | -HS- | C] () -- C:\Users\Angel\Documents\desktop.ini
[2008/12/14 22:31:41 | 00,000,174 | -HS- | C] () -- C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/12/14 22:31:38 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Identities
[2008/12/14 22:31:35 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\VirtualStore
[2008/12/14 22:28:44 | 00,000,000 | -HSD | C] -- C:\Users\Angel\Documents\My Videos
[2008/12/14 22:28:44 | 00,000,000 | -HSD | C] -- C:\Users\Angel\Documents\My Pictures
[2008/12/14 22:28:44 | 00,000,000 | -HSD | C] -- C:\Users\Angel\Documents\My Music
[2008/12/14 22:28:44 | 00,000,000 | -HSD | C] -- C:\Users\Angel\AppData\Local\Temporary Internet Files
[2008/12/14 22:28:44 | 00,000,000 | -HSD | C] -- C:\Users\Angel\AppData\Local\History
[2008/12/14 22:28:44 | 00,000,000 | -HSD | C] -- C:\Users\Angel\AppData\Local\Application Data
[2008/12/14 22:28:40 | 00,000,000 | --SD | C] -- C:\Users\Angel\AppData\Roaming\Microsoft
[2008/12/14 22:28:40 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Media Center Programs
[2008/12/14 22:28:40 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\Temp
[2008/12/14 22:28:40 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\Microsoft
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\Documents and Settings
[2008/12/14 21:18:41 | 00,000,040 | -H-- | C] () -- C:\Windows\System32\ivireg.ivr
[2008/12/14 21:08:55 | 00,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2008/12/14 21:06:54 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2008/12/14 21:06:39 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2008/12/14 21:06:39 | 00,010,635 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2008/12/14 21:06:39 | 00,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2008/12/14 21:05:56 | 00,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll
[2008/12/14 21:05:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2008/12/14 21:05:50 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2008/12/14 21:05:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2008/12/14 20:55:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InterVideo
[2008/12/14 20:55:16 | 00,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2008/12/14 20:54:33 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2008/12/14 20:54:33 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2008/12/14 20:54:32 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2008/12/14 20:54:32 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2008/12/14 20:54:31 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2008/12/14 20:54:31 | 00,068,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2008/12/14 20:54:31 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2008/12/14 20:54:30 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2008/12/14 20:54:30 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2008/12/14 20:54:30 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2008/12/14 20:54:29 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2008/12/14 20:54:29 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2008/12/14 20:54:28 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2008/12/14 20:54:16 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2008/12/14 20:54:14 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2008/12/14 20:54:14 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2008/12/14 20:54:13 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2008/12/14 20:54:12 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2008/12/14 20:54:11 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2008/12/14 20:54:10 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2008/12/14 20:54:10 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2008/12/14 20:54:08 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2008/12/14 20:50:28 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbvideo.sys
[2008/12/14 20:47:32 | 00,000,000 | RH-- | C] () -- C:\Windows\System32\drivers\Sony_VGN-FZ240E.mrk
[2008/12/14 20:46:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Corel
[2008/12/14 20:45:39 | 00,000,000 | ---D | C] -- C:\Program Files\Corel
[2008/12/14 20:45:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2008/12/14 20:45:38 | 01,132,112 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2008/12/14 20:44:24 | 00,002,152 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2008/12/14 20:44:24 | 00,000,000 | ---D | C] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2008/12/14 20:44:21 | 00,000,000 | ---D | C] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2008/12/14 20:43:56 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2008/12/14 20:43:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 11:02 pm

[2008/12/14 20:43:02 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2008/12/14 20:43:02 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2008/12/14 20:41:46 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2008/12/14 20:41:13 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2008/12/14 20:38:41 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2008/12/14 20:37:10 | 00,000,067 | -H-- | C] () -- C:\kernel.pam
[2008/12/14 20:37:10 | 00,000,017 | -H-- | C] () -- C:\initrd.pam
[2008/12/14 20:37:10 | 00,000,000 | -H-D | C] -- C:\InstantON
[2008/12/14 20:32:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2008/12/14 20:32:46 | 01,933,312 | ---- | C] (Amyuni Technologies
[You must be registered and logged in to see this link.] -- C:\Windows\System32\cdintf251.dll
[2008/12/14 20:30:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2008/12/14 20:30:53 | 00,000,000 | ---D | C] -- C:\Program Files\Intuit
[2008/12/14 20:30:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2008/12/14 20:30:44 | 00,000,000 | ---D | C] -- C:\ProgramData\COMMON FILES
[2008/12/14 20:29:01 | 00,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2008/12/14 20:27:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2008/12/14 20:27:43 | 00,000,000 | ---D | C] -- C:\Program Files\AOL
[2008/12/14 20:27:40 | 00,000,347 | -H-- | C] () -- C:\IPH.PH
[2008/12/14 20:27:24 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2008/12/14 20:26:19 | 00,140,914 | ---- | C] () -- C:\Windows\System32\drivers\SnyHDAN.cty
[2008/12/14 20:26:13 | 00,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2008/12/14 20:24:29 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2008/12/14 20:22:54 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2008/12/14 20:17:53 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2008/12/14 20:15:48 | 00,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2009/01/13 14:22:50 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/01/13 14:22:50 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/01/13 14:22:50 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/01/12 13:20:41 | 00,729,436 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/01/12 13:20:41 | 00,626,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/01/12 13:20:41 | 00,107,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/01/12 13:14:12 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/01/12 13:13:59 | 21,374,48448 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/12 01:17:40 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/01/12 01:17:17 | 01,963,676 | -H-- | M] () -- C:\Users\Angel\AppData\Local\IconCache.db
[2009/01/11 23:57:44 | 00,053,248 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2009/01/11 23:55:23 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/01/11 21:00:04 | 00,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/01/11 20:10:44 | 00,000,502 | ---- | M] () -- C:\Users\Angel\Desktop\fix.reg
[2009/01/11 18:11:48 | 00,000,691 | ---- | M] () -- C:\Users\Angel\AppData\Roaming\GetValue.vbs
[2009/01/11 18:11:48 | 00,000,035 | ---- | M] () -- C:\Users\Angel\AppData\Roaming\SetValue.bat
[2009/01/11 18:11:42 | 00,290,752 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/01/11 14:08:22 | 00,001,085 | ---- | M] () -- C:\Users\Angel\Desktop\Spybot - Search & Destroy.lnk
[2009/01/10 00:30:04 | 00,000,280 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
[2009/01/10 00:30:04 | 00,000,174 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini
[2009/01/10 00:30:04 | 00,000,174 | -HS- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2009/01/10 00:25:45 | 00,301,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/01/09 23:11:33 | 00,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/01/09 23:11:33 | 00,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2009/01/09 23:11:33 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2009/01/09 23:11:33 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/01/09 23:10:50 | 00,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/01/09 23:10:50 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2009/01/09 23:10:48 | 00,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.sys
[2009/01/09 23:10:48 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kmddsp.tsp
[2009/01/09 23:10:48 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndistapi.sys
[2009/01/09 23:10:47 | 00,564,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/01/09 23:10:47 | 00,384,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2009/01/09 23:10:47 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2009/01/09 23:10:47 | 00,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wanarp.sys
[2009/01/09 23:10:47 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/01/09 23:10:47 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ndptsp.tsp
[2009/01/09 23:10:47 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2009/01/09 23:10:47 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2009/01/09 23:10:47 | 00,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2009/01/09 23:10:46 | 00,286,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipnathlp.dll
[2009/01/09 23:10:46 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2009/01/09 23:10:45 | 00,694,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/01/09 23:10:45 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/01/09 23:10:45 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/01/09 23:10:45 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2009/01/09 23:10:45 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2009/01/09 23:10:45 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2009/01/09 23:10:44 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll
[2009/01/09 23:10:44 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/01/09 23:10:02 | 00,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/01/09 23:10:02 | 00,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/01/09 23:10:02 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/01/09 23:09:25 | 00,704,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/01/09 23:09:23 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2009/01/09 23:09:22 | 00,258,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/01/09 23:09:22 | 00,020,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\compbatt.sys
[2009/01/09 23:09:21 | 00,028,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2009/01/09 23:09:21 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\CmBatt.sys
[2009/01/09 23:09:20 | 00,542,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/01/09 23:09:19 | 01,655,289 | ---- | M] () -- C:\Windows\System32\wlan.tmf

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 11:02 pm

[2009/01/09 23:09:19 | 00,714,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/01/09 23:09:19 | 00,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/01/09 23:09:19 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/01/09 23:09:19 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/01/09 23:09:18 | 00,502,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/01/09 23:09:18 | 00,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/01/09 23:08:09 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/01/09 23:08:09 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/01/09 23:06:38 | 01,244,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009/01/09 23:06:37 | 00,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/01/09 23:06:37 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/01/09 23:06:37 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/01/09 23:06:37 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/01/09 23:06:37 | 00,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/01/09 23:06:37 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2009/01/09 23:06:37 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2009/01/09 23:05:13 | 00,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/01/09 23:04:39 | 01,060,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/01/09 23:04:39 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys
[2009/01/09 23:01:27 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/01/09 23:01:27 | 01,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/01/09 23:00:40 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/01/09 23:00:09 | 00,374,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/01/09 22:59:31 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/01/09 22:59:28 | 04,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/01/09 22:59:28 | 01,687,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/01/09 22:58:50 | 00,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/01/09 22:58:18 | 02,027,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/01/09 22:57:47 | 01,194,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/01/09 22:57:47 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2009/01/09 22:57:10 | 08,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/01/09 22:57:09 | 10,617,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/01/09 22:57:09 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/01/09 22:57:08 | 00,356,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/01/09 22:57:08 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/01/09 22:57:08 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/01/09 22:56:35 | 00,396,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/01/09 22:56:35 | 00,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2009/01/09 22:56:35 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys
[2009/01/09 22:56:34 | 00,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/01/09 22:56:34 | 00,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2009/01/09 22:56:34 | 00,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2009/01/09 22:56:34 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
[2009/01/09 22:56:34 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2009/01/09 22:56:34 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS
[2009/01/09 22:56:05 | 00,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/01/09 22:55:32 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/01/09 22:54:15 | 11,315,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/01/09 22:51:45 | 00,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/01/09 22:51:44 | 00,211,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/01/09 22:51:44 | 00,109,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/01/09 22:51:44 | 00,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/01/09 22:51:44 | 00,017,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelide.sys
[2009/01/09 22:51:43 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/01/09 22:51:17 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/01/09 22:49:25 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/01/09 22:49:25 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/01/09 22:49:24 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/01/09 22:49:24 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/01/09 22:49:23 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/01/09 22:49:23 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/01/09 22:49:22 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/01/09 22:49:22 | 00,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/01/09 22:49:20 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/01/09 22:49:18 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/01/09 22:49:17 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/01/09 22:49:17 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/01/09 22:49:16 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/01/09 22:49:15 | 01,160,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/01/09 22:49:15 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/01/09 22:49:14 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/01/09 22:49:14 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/01/09 22:49:14 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/01/09 22:49:14 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/01/09 22:48:22 | 00,803,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/01/09 22:48:22 | 00,216,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/01/09 22:48:22 | 00,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/01/09 22:48:22 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2009/01/09 22:48:22 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 11:03 pm

[2009/01/09 22:47:04 | 01,808,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2009/01/09 22:47:04 | 01,793,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2009/01/09 22:47:04 | 01,558,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2009/01/09 22:47:04 | 01,411,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2009/01/09 22:47:04 | 01,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2009/01/09 22:47:03 | 05,499,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2009/01/09 22:47:03 | 02,136,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2009/01/09 22:47:03 | 01,782,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2009/01/09 22:47:02 | 07,964,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2009/01/09 22:47:01 | 06,224,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2009/01/09 22:47:01 | 05,791,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2009/01/09 22:47:00 | 04,175,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2009/01/09 22:46:59 | 04,981,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2009/01/09 22:46:59 | 02,466,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2009/01/09 22:46:58 | 06,781,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2009/01/09 22:46:58 | 03,331,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2009/01/09 22:46:57 | 11,722,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2009/01/09 22:46:56 | 04,164,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2009/01/09 22:46:55 | 12,240,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/01/09 22:46:55 | 02,644,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/01/09 22:46:55 | 01,452,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2009/01/09 22:46:54 | 04,093,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2009/01/09 22:46:54 | 03,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2009/01/09 22:46:54 | 01,702,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2009/01/09 22:46:53 | 04,045,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2009/01/09 22:46:53 | 01,972,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2009/01/09 22:46:52 | 06,585,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2009/01/09 22:46:52 | 06,014,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2009/01/09 22:46:52 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2009/01/09 22:46:51 | 09,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2009/01/09 22:46:51 | 06,346,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2009/01/09 22:46:50 | 06,237,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2009/01/09 22:46:50 | 01,722,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2009/01/09 22:46:49 | 05,654,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2009/01/09 22:46:48 | 05,090,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2009/01/09 22:46:48 | 04,616,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2009/01/09 22:46:47 | 07,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2009/01/09 22:46:47 | 05,071,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2009/01/09 22:46:47 | 05,031,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2009/01/09 22:46:46 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2009/01/09 22:46:46 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2009/01/09 22:46:46 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2009/01/09 22:46:45 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2009/01/09 22:46:45 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2009/01/09 22:46:45 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2009/01/09 22:46:44 | 01,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2009/01/09 22:46:44 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2009/01/09 22:46:44 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2009/01/09 22:46:44 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2009/01/09 22:46:44 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2009/01/09 22:46:43 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2009/01/09 22:46:43 | 02,655,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2009/01/09 22:46:42 | 04,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2009/01/09 22:46:42 | 03,464,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2009/01/09 22:46:42 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2009/01/09 22:46:42 | 01,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2009/01/09 22:46:41 | 02,597,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2009/01/09 22:46:41 | 02,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2009/01/09 22:46:41 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2009/01/09 22:46:41 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2009/01/09 22:46:40 | 04,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2009/01/09 22:46:40 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2009/01/09 22:46:39 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2009/01/09 22:46:39 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2009/01/09 22:46:39 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2009/01/09 22:46:38 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2009/01/09 22:46:38 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2009/01/09 22:46:38 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2009/01/09 22:46:38 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2009/01/09 22:46:37 | 09,845,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2009/01/09 22:46:37 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2009/01/09 22:46:36 | 02,641,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2009/01/09 22:46:36 | 02,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2009/01/09 22:46:35 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2009/01/09 22:46:35 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2009/01/09 22:46:35 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2009/01/09 22:46:34 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2009/01/09 22:46:34 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2009/01/09 22:46:34 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/01/09 22:46:33 | 06,917,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2009/01/09 22:46:33 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2009/01/09 22:44:00 | 01,585,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/01/09 22:43:36 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\i8042prt.sys.mui
[2009/01/09 22:43:36 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\sermouse.sys.mui
[2009/01/09 22:43:36 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouclass.sys.mui
[2009/01/09 22:43:36 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
[2009/01/09 22:43:36 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouhid.sys.mui
[2009/01/09 22:43:36 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdhid.sys.mui
[2009/01/09 22:43:34 | 00,905,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/01/09 22:43:34 | 00,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/01/09 22:43:34 | 00,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/01/09 22:43:34 | 00,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2009/01/09 22:43:34 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
[2009/01/09 22:43:34 | 00,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/01/09 22:43:34 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2009/01/09 22:43:33 | 00,944,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 11:04 pm

[2009/01/09 22:43:33 | 00,620,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/01/09 22:43:33 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/01/09 22:43:33 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/01/09 22:43:33 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2009/01/09 22:43:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/01/09 22:43:32 | 00,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2009/01/09 22:43:32 | 00,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/01/09 22:43:32 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/01/09 22:43:32 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2009/01/09 22:43:31 | 00,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2009/01/09 22:43:31 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2009/01/09 22:43:31 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2009/01/09 22:43:31 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2009/01/09 22:43:30 | 00,595,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/01/09 22:43:30 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys
[2009/01/09 22:43:30 | 00,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2009/01/09 22:43:30 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2009/01/09 22:43:30 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2009/01/09 22:43:30 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/01/09 22:43:29 | 00,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i8042prt.sys
[2009/01/09 22:43:29 | 00,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdclass.sys
[2009/01/09 22:43:29 | 00,034,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouclass.sys
[2009/01/09 22:43:29 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys
[2009/01/09 22:42:05 | 00,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2009/01/09 22:42:05 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2009/01/09 22:42:05 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2009/01/09 22:41:52 | 00,290,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/01/09 22:41:34 | 00,268,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2009/01/09 22:41:34 | 00,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/01/09 22:41:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/01/09 22:41:33 | 00,566,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/01/09 22:41:33 | 00,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/01/09 22:41:33 | 00,186,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/01/09 22:41:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/01/09 22:41:31 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/01/09 22:41:31 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/01/09 22:41:08 | 00,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/01/09 22:41:08 | 00,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/01/09 22:41:07 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/01/09 22:40:04 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/01/09 22:40:04 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2009/01/09 22:40:03 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/01/09 22:40:02 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2009/01/09 22:40:01 | 01,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/01/09 22:40:01 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/01/09 22:40:01 | 00,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/01/09 22:40:00 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2009/01/09 22:40:00 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/01/09 22:40:00 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2009/01/09 22:40:00 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2009/01/09 22:39:59 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/01/09 22:39:59 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2009/01/09 22:39:59 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2009/01/09 22:39:57 | 08,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2009/01/09 22:39:40 | 00,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/01/09 22:39:40 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2009/01/09 22:39:32 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/01/09 22:39:32 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2009/01/09 22:39:23 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2009/01/09 22:39:07 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/01/09 22:39:07 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/01/09 22:39:07 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2009/01/09 22:35:25 | 02,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/01/09 22:35:25 | 00,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/01/09 22:35:25 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/01/09 22:35:25 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/01/09 22:35:25 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/01/09 22:35:24 | 00,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/01/09 22:35:24 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/01/09 22:35:23 | 02,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/01/09 22:35:13 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/01/09 22:35:13 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/01/09 22:35:13 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/01/09 22:35:13 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/01/09 22:35:07 | 00,148,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/01/09 22:35:03 | 00,788,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 11:04 pm

[2009/01/09 22:34:16 | 00,737,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/01/09 22:34:16 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2009/01/09 22:34:04 | 01,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/01/09 22:33:43 | 01,327,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/01/09 22:32:45 | 03,505,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/01/09 22:32:44 | 03,470,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/01/09 22:32:22 | 01,341,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/01/09 22:32:22 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2009/01/09 22:31:41 | 00,750,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/01/09 22:27:46 | 00,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/01/07 20:11:47 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/01/07 20:11:47 | 01,524,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/01/07 20:11:47 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/01/07 20:11:47 | 00,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/01/07 20:11:18 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/01/07 20:11:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/01/07 20:11:18 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/01/07 20:10:47 | 00,162,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/01/07 20:10:47 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/01/06 20:48:06 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/01/06 20:46:45 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/01/05 23:52:48 | 00,004,608 | ---- | M] () -- C:\Users\Angel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/05 21:32:33 | 00,001,874 | ---- | M] () -- C:\Users\Angel\Desktop\HijackThis.lnk
[2009/01/05 18:18:12 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/01/05 18:18:12 | 00,010,635 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/01/05 18:18:12 | 00,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/01/04 18:12:59 | 00,000,540 | ---- | M] () -- C:\Users\Angel\Desktop\ComboFix - Shortcut.lnk
[2009/01/02 15:43:49 | 00,731,136 | ---- | M] () -- C:\Users\Angel\Desktop\avenger.exe
[2008/12/30 23:20:10 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2008/12/30 21:45:44 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/22 23:40:10 | 00,001,670 | ---- | M] () -- C:\Users\Angel\Desktop\CCleaner.lnk
[2008/12/22 23:26:37 | 00,072,632 | ---- | M] () -- C:\Users\Angel\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/12/17 11:55:51 | 00,001,637 | ---- | M] () -- C:\Users\Angel\Desktop\Paint.lnk
[2008/12/17 11:55:51 | 00,000,432 | -HS- | M] () -- C:\Users\Angel\Desktop\desktop.ini
[2008/12/15 20:28:10 | 00,000,016 | ---- | M] () -- C:\Windows\System32\coh.cache
[2008/12/14 22:31:41 | 00,000,402 | -HS- | M] () -- C:\Users\Angel\Documents\desktop.ini
[2008/12/14 22:31:41 | 00,000,174 | -HS- | M] () -- C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/12/14 21:19:11 | 00,000,000 | RH-- | M] () -- C:\Windows\System32\drivers\Sony_VGN-FZ240E.mrk
[2008/12/14 21:18:43 | 00,000,040 | -H-- | M] () -- C:\Windows\System32\ivireg.ivr
[2008/12/14 21:08:55 | 00,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2008/12/14 20:50:28 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbvideo.sys
[2008/12/14 20:46:12 | 01,132,112 | ---- | M] () -- C:\ProgramData\pswi_preloaded.exe
[2008/12/14 20:44:24 | 00,002,152 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2008/12/14 20:27:44 | 00,000,347 | -H-- | M] () -- C:\IPH.PH
[2008/12/14 20:26:13 | 00,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
< End of report >

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 11:04 pm

jajaj ok finnally dats it

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Tue Jan 13, 2009 11:13 pm

Lets try this.
If you still have Combofix, please delete it and download from the link we used before.
DO NOT run it yet.

Now open a new notepad file.
Input this into the notepad file:

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DhcpNameServer"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
"DhcpNameServer"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
"DhcpNameServer"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
"DhcpNameServer"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
"DhcpNameServer"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Wed Jan 14, 2009 6:06 am

ComboFix 09-01-13.03 - Angel 2009-01-13 21:53:28.6 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1027 [GMT -8:00]
Running from: c:\users\Angel\Downloads\ComboFix.exe
Command switches used :: c:\users\Angel\Desktop\CFscript.txt
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: Norton 360 *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Agent.OMZ.Fix.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.

2009-01-11 21:00 . 2009-01-11 21:00 268,800 --a------ c:\windows\System32\es.dll
2009-01-11 18:11 . 2009-01-11 18:11 691 --a------ c:\users\Angel\AppData\Roaming\GetValue.vbs
2009-01-11 18:11 . 2009-01-11 18:11 35 --a------ c:\users\Angel\AppData\Roaming\SetValue.bat
2009-01-09 23:11 . 2009-01-09 23:11 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2009-01-09 23:11 . 2009-01-09 23:11 272,896 --a------ c:\windows\System32\polstore.dll
2009-01-09 23:11 . 2009-01-09 23:11 61,440 --a------ c:\windows\System32\winipsec.dll
2009-01-09 23:11 . 2009-01-09 23:11 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2009-01-09 23:09 . 2009-01-09 23:09 1,655,289 --a------ c:\windows\System32\wlan.tmf
2009-01-09 23:08 . 2009-01-09 23:08 194,560 --a------ c:\windows\System32\WebClnt.dll
2009-01-09 23:08 . 2009-01-09 23:08 110,080 --a------ c:\windows\System32\drivers\mrxdav.sys
2009-01-09 23:06 . 2009-01-09 23:06 1,244,672 --a------ c:\windows\System32\mcmde.dll
2009-01-09 23:06 . 2009-01-09 23:06 428,032 --a------ c:\windows\System32\EncDec.dll
2009-01-09 23:06 . 2009-01-09 23:06 292,352 --a------ c:\windows\System32\psisdecd.dll
2009-01-09 23:06 . 2009-01-09 23:06 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-01-09 23:06 . 2009-01-09 23:06 177,152 --a------ c:\windows\System32\mpg2splt.ax
2009-01-09 23:06 . 2009-01-09 23:06 80,896 --a------ c:\windows\System32\MSNP.ax
2009-01-09 23:06 . 2009-01-09 23:06 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2009-01-09 23:06 . 2009-01-09 23:06 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2009-01-09 23:05 . 2009-01-09 23:05 297,472 --a------ c:\windows\System32\gdi32.dll
2009-01-09 23:04 . 2009-01-09 23:04 1,060,920 --a------ c:\windows\System32\drivers\ntfs.sys
2009-01-09 23:04 . 2009-01-09 23:04 41,984 --a------ c:\windows\System32\drivers\monitor.sys
2009-01-09 23:01 . 2009-01-09 23:01 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-01-09 23:00 . 2009-01-09 23:00 374,456 --a------ c:\windows\System32\mcupdate_GenuineIntel.dll
2009-01-09 23:00 . 2009-01-09 23:00 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-01-09 22:59 . 2009-01-09 22:59 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-09 22:59 . 2009-01-09 22:59 1,687,040 --a------ c:\windows\System32\gameux.dll
2009-01-09 22:59 . 2009-01-09 22:59 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-01-09 22:58 . 2009-01-09 22:58 2,027,520 --a------ c:\windows\System32\win32k.sys
2009-01-09 22:58 . 2009-01-09 22:58 303,616 --a------ c:\windows\System32\wmpeffects.dll
2009-01-09 22:57 . 2009-01-09 22:57 8,147,968 --a------ c:\windows\System32\wmploc.DLL
2009-01-09 22:57 . 2009-01-09 22:57 1,194,496 --a------ c:\windows\System32\msxml3.dll
2009-01-09 22:57 . 2009-01-09 22:57 356,864 --a------ c:\windows\System32\MediaMetadataHandler.dll
2009-01-09 22:57 . 2009-01-09 22:57 7,680 --a------ c:\windows\System32\spwmp.dll
2009-01-09 22:57 . 2009-01-09 22:57 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-01-09 22:57 . 2009-01-09 22:57 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-01-09 22:57 . 2009-01-09 22:57 2,048 --a------ c:\windows\System32\msxml3r.dll
2009-01-09 22:56 . 2009-01-09 22:56 396,800 --a------ c:\windows\System32\MPSSVC.dll
2009-01-09 22:56 . 2009-01-09 22:56 392,192 --a------ c:\windows\System32\FirewallAPI.dll
2009-01-09 22:56 . 2009-01-09 22:56 178,688 --a------ c:\windows\System32\iphlpsvc.dll
2009-01-09 22:56 . 2009-01-09 22:56 86,016 --a------ c:\windows\System32\icfupgd.dll
2009-01-09 22:56 . 2009-01-09 22:56 63,488 --a------ c:\windows\System32\drivers\mpsdrv.sys
2009-01-09 22:56 . 2009-01-09 22:56 61,952 --a------ c:\windows\System32\cmifw.dll
2009-01-09 22:56 . 2009-01-09 22:56 23,040 --a------ c:\windows\System32\drivers\tunnel.sys
2009-01-09 22:56 . 2009-01-09 22:56 16,896 --a------ c:\windows\System32\wfapigp.dll
2009-01-09 22:56 . 2009-01-09 22:56 15,360 --a------ c:\windows\System32\drivers\TUNMP.SYS
2009-01-09 22:55 . 2009-01-09 22:55 2,048 --a------ c:\windows\System32\tzres.dll
2009-01-09 22:51 . 2009-01-09 22:51 2,923,520 --a------ c:\windows\explorer.exe
2009-01-09 22:51 . 2009-01-09 22:51 211,000 --a------ c:\windows\System32\drivers\volsnap.sys
2009-01-09 22:51 . 2009-01-09 22:51 154,624 --a------ c:\windows\System32\drivers\nwifi.sys
2009-01-09 22:51 . 2009-01-09 22:51 109,624 --a------ c:\windows\System32\drivers\ataport.sys
2009-01-09 22:51 . 2009-01-09 22:51 45,112 --a------ c:\windows\System32\drivers\pciidex.sys
2009-01-09 22:51 . 2009-01-09 22:51 21,560 --a------ c:\windows\System32\drivers\atapi.sys
2009-01-09 22:51 . 2009-01-09 22:51 17,464 --a------ c:\windows\System32\drivers\intelide.sys
2009-01-09 22:48 . 2009-01-09 22:48 803,328 --a------ c:\windows\System32\drivers\tcpip.sys
2009-01-09 22:48 . 2009-01-09 22:48 216,632 --a------ c:\windows\System32\drivers\netio.sys
2009-01-09 22:48 . 2009-01-09 22:48 167,424 --a------ c:\windows\System32\tcpipcfg.dll
2009-01-09 22:48 . 2009-01-09 22:48 24,064 --a------ c:\windows\System32\netcfg.exe
2009-01-09 22:48 . 2009-01-09 22:48 22,016 --a------ c:\windows\System32\netiougc.exe
2009-01-09 22:47 . 2009-01-09 22:47 7,964,672 --a------ c:\windows\System32\NlsLexicons0024.dll
2009-01-09 22:47 . 2009-01-09 22:47 6,224,896 --a------ c:\windows\System32\NlsLexicons0027.dll
2009-01-09 22:47 . 2009-01-09 22:47 5,791,232 --a------ c:\windows\System32\NlsLexicons0026.dll
2009-01-09 22:47 . 2009-01-09 22:47 5,499,904 --a------ c:\windows\System32\NlsLexicons0022.dll
2009-01-09 22:47 . 2009-01-09 22:47 4,175,872 --a------ c:\windows\System32\NlsLexicons0010.dll
2009-01-09 22:47 . 2009-01-09 22:47 2,136,064 --a------ c:\windows\System32\NlsLexicons0021.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,808,896 --a------ c:\windows\System32\NlsLexicons0046.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,793,536 --a------ c:\windows\System32\NlsLexicons0045.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,782,272 --a------ c:\windows\System32\NlsLexicons0039.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,558,016 --a------ c:\windows\System32\NlsLexicons0049.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,411,072 --a------ c:\windows\System32\NlsLexicons0047.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,236,992 --a------ c:\windows\System32\NlsLexicons0020.dll
2009-01-09 22:44 . 2009-01-09 22:44 1,585,664 --a------ c:\windows\System32\setupapi.dll
2009-01-09 22:42 . 2009-01-09 22:42 223,232 --a------ c:\windows\System32\WMASF.DLL
2009-01-09 22:42 . 2009-01-09 22:42 9,728 --a------ c:\windows\System32\LAPRXY.DLL
2009-01-09 22:42 . 2009-01-09 22:42 2,048 --a------ c:\windows\System32\asferror.dll
2009-01-09 22:40 . 2009-01-09 22:40 1,984,512 --a------ c:\windows\System32\authui.dll
2009-01-09 22:40 . 2009-01-09 22:40 269,824 --a------ c:\windows\System32\schannel.dll
2009-01-09 22:40 . 2009-01-09 22:40 220,160 --a------ c:\windows\System32\ntprint.dll
2009-01-09 22:40 . 2009-01-09 22:40 123,904 --a------ c:\windows\System32\msvfw32.dll
2009-01-09 22:40 . 2009-01-09 22:40 120,320 --a------ c:\windows\System32\dhcpcsvc6.dll
2009-01-09 22:40 . 2009-01-09 22:40 88,576 --a------ c:\windows\System32\avifil32.dll
2009-01-09 22:40 . 2009-01-09 22:40 82,944 --a------ c:\windows\System32\mciavi32.dll
2009-01-09 22:40 . 2009-01-09 22:40 65,024 --a------ c:\windows\System32\avicap32.dll
2009-01-09 22:40 . 2009-01-09 22:40 61,440 --a------ c:\windows\System32\ntprint.exe
2009-01-09 22:40 . 2009-01-09 22:40 10,240 --a------ c:\windows\System32\dhcpcmonitor.dll
2009-01-09 22:39 . 2009-01-09 22:39 8,138,240 --a------ c:\windows\System32\ssBranded.scr
2009-01-09 22:39 . 2009-01-09 22:39 441,856 --a------ c:\windows\System32\win32spl.dll
2009-01-09 22:39 . 2009-01-09 22:39 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2009-01-09 22:39 . 2009-01-09 22:39 83,968 --a------ c:\windows\System32\dnsrslvr.dll
2009-01-09 22:39 . 2009-01-09 22:39 69,632 --a------ c:\windows\System32\sendmail.dll
2009-01-09 22:39 . 2009-01-09 22:39 37,376 --a------ c:\windows\System32\printcom.dll
2009-01-09 22:39 . 2009-01-09 22:39 31,232 --a------ c:\windows\System32\msvidc32.dll
2009-01-09 22:39 . 2009-01-09 22:39 24,576 --a------ c:\windows\System32\dnscacheugc.exe
2009-01-09 22:39 . 2009-01-09 22:39 14,848 --a------ c:\windows\System32\wshrm.dll
2009-01-09 22:39 . 2009-01-09 22:39 12,800 --a------ c:\windows\System32\msrle32.dll
2009-01-09 22:39 . 2009-01-09 22:39 11,776 --a------ c:\windows\System32\sbunattend.exe
2009-01-09 22:34 . 2009-01-09 22:34 1,645,568 --a------ c:\windows\System32\connect.dll
2009-01-09 22:34 . 2009-01-09 22:34 737,792 --a------ c:\windows\System32\inetcomm.dll
2009-01-09 22:34 . 2009-01-09 22:34 84,480 --a------ c:\windows\System32\INETRES.dll
2009-01-09 22:33 . 2009-01-09 22:33 1,327,104 --a------ c:\windows\System32\quartz.dll
2009-01-09 22:32 . 2009-01-09 22:32 3,505,208 --a------ c:\windows\System32\ntkrnlpa.exe
2009-01-09 22:32 . 2009-01-09 22:32 3,470,904 --a------ c:\windows\System32\ntoskrnl.exe
2009-01-09 22:32 . 2009-01-09 22:32 1,341,440 --a------ c:\windows\System32\msxml6.dll
2009-01-09 22:32 . 2009-01-09 22:32 2,048 --a------ c:\windows\System32\msxml6r.dll
2009-01-09 22:31 . 2009-01-09 22:31 750,080 --a------ c:\windows\System32\qmgr.dll
2009-01-07 20:11 . 2009-01-07 20:11 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2009-01-07 20:11 . 2009-01-07 20:11 1,524,736 --a------ c:\windows\System32\wucltux.dll
2009-01-07 20:11 . 2009-01-07 20:11 561,688 --a------ c:\windows\System32\wuapi.dll
2009-01-07 20:11 . 2009-01-07 20:11 83,456 --a------ c:\windows\System32\wudriver.dll
2009-01-07 20:11 . 2009-01-07 20:11 51,224 --a------ c:\windows\System32\wuauclt.exe
2009-01-07 20:11 . 2009-01-07 20:11 43,544 --a------ c:\windows\System32\wups2.dll
2009-01-07 20:11 . 2009-01-07 20:11 34,328 --a------ c:\windows\System32\wups.dll
2009-01-07 20:10 . 2009-01-07 20:10 162,064 --a------ c:\windows\System32\wuwebv.dll
2009-01-07 20:10 . 2009-01-07 20:10 31,232 --a------ c:\windows\System32\wuapp.exe
2009-01-06 20:48 . 2009-01-06 20:48 d-------- c:\users\Angel\AppData\Roaming\Apple Computer
2009-01-06 20:47 . 2009-01-06 20:48 d-------- c:\program files\iTunes
2009-01-06 20:47 . 2009-01-06 20:47 d-------- c:\program files\iPod
2009-01-06 20:47 . 2009-01-06 20:47 d-------- c:\program files\Bonjour
2009-01-06 20:46 . 2009-01-06 20:47 d-------- c:\users\All Users\Apple Computer
2009-01-06 20:46 . 2009-01-06 20:47 d-------- c:\programdata\Apple Computer
2009-01-06 20:46 . 2009-01-06 20:46 d-------- c:\program files\QuickTime
2009-01-06 20:46 . 2009-01-06 20:46 d-------- c:\program files\Apple Software Update
2009-01-06 20:45 . 2009-01-06 20:45 d-------- c:\users\All Users\Apple
2009-01-06 20:45 . 2009-01-06 20:45 d-------- c:\programdata\Apple
2009-01-06 20:45 . 2009-01-06 20:47 d-------- c:\program files\Common Files\Apple
2009-01-06 20:14 . 2009-01-06 20:14 d--hsc--- c:\program files\Common Files\WindowsLiveInstaller

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Wed Jan 14, 2009 6:06 am

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 08:30 174 --sha-w c:\program files\desktop.ini
2009-01-10 08:23 --------- d-----w c:\program files\Windows Sidebar
2009-01-10 08:23 --------- d-----w c:\program files\Windows Mail
2009-01-10 08:23 --------- d-----w c:\program files\Windows Calendar
2009-01-10 08:21 --------- d-----w c:\program files\Apoint
2009-01-10 07:09 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2009-01-10 07:09 67,584 ----a-w c:\windows\System32\wlanhlp.dll
2009-01-10 07:09 542,720 ----a-w c:\windows\System32\sysmain.dll
2009-01-10 07:09 502,784 ----a-w c:\windows\System32\wlansvc.dll
2009-01-10 07:09 47,104 ----a-w c:\windows\System32\wlanapi.dll
2009-01-10 07:09 297,984 ----a-w c:\windows\System32\wlansec.dll
2009-01-10 07:09 290,816 ----a-w c:\windows\System32\wlanmsm.dll
2009-01-10 07:09 28,344 ----a-w c:\windows\system32\drivers\battc.sys
2009-01-10 07:09 258,232 ----a-w c:\windows\system32\drivers\acpi.sys
2009-01-10 07:09 24,064 ----a-w c:\windows\System32\wtsapi32.dll
2009-01-10 07:09 20,920 ----a-w c:\windows\system32\drivers\compbatt.sys
2009-01-10 07:09 14,208 ----a-w c:\windows\system32\drivers\CmBatt.sys
2009-01-10 06:59 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-10 06:59 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-10 06:59 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-10 06:59 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-10 06:59 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-10 06:59 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-10 06:49 826,368 ----a-w c:\windows\System32\wininet.dll
2009-01-10 06:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2009-01-10 06:49 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-10 06:43 944,184 ----a-w c:\windows\System32\winload.exe
2009-01-10 06:41 712,192 ----a-w c:\windows\System32\WindowsCodecs.dll
2009-01-10 06:41 57,856 ----a-w c:\windows\System32\SLUINotify.dll
2009-01-10 06:41 566,784 ----a-w c:\windows\System32\SLCommDlg.dll
2009-01-10 06:41 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2009-01-10 06:41 39,936 ----a-w c:\windows\System32\slcinst.dll
2009-01-10 06:41 351,232 ----a-w c:\windows\System32\SLUI.exe
2009-01-10 06:41 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll
2009-01-10 06:41 33,280 ----a-w c:\windows\System32\slwmi.dll
2009-01-10 06:41 290,304 ----a-w c:\windows\system32\drivers\srv.sys
2009-01-10 06:41 268,288 ----a-w c:\windows\System32\mcbuilder.exe
2009-01-10 06:41 223,232 ----a-w c:\windows\System32\SLC.dll
2009-01-10 06:41 2,605,568 ----a-w c:\windows\System32\SLsvc.exe
2009-01-10 06:41 186,368 ----a-w c:\windows\System32\SLLUA.exe
2009-01-02 03:58 --------- d-----w c:\program files\Common Files\Sony Shared
2009-01-02 03:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 03:57 --------- d-----w c:\program files\Sony
2009-01-02 03:56 --------- d-----w c:\programdata\Sony Corporation
2008-12-16 06:03 --------- d-----w c:\program files\Java
2008-12-15 06:24 --------- d-sh--w c:\programdata\Templates
2008-12-15 06:24 --------- d-sh--w c:\programdata\Start Menu
2008-12-15 06:24 --------- d-sh--w c:\programdata\Favorites
2008-12-15 06:24 --------- d-sh--w c:\programdata\Documents
2008-12-15 06:24 --------- d-sh--w c:\programdata\Desktop
2008-12-15 06:24 --------- d-sh--w c:\programdata\Application Data
2008-12-15 04:38 --------- d-----w c:\program files\Common Files\InstallShield
.

((((((((((((((((((((((((((((( snapshot_2009-01-11_23.55.50.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-14 05:52:57 6,189,056 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2000-08-31 16:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 16:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2009-01-12 07:01:32 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-12 21:14:06 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-12 07:01:32 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-12 21:14:06 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-12 07:02:12 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-12 21:15:42 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-01-12 07:02:17 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-12 21:15:37 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-01-12 07:02:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-14 03:30:51 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-12 07:02:52 147,456 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-14 03:30:51 163,840 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-12 07:02:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-14 03:30:51 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-06 05:22:11 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-01-14 05:53:02 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2009-01-12 07:08:05 107,714 ----a-w c:\windows\System32\perfc009.dat
+ 2009-01-12 21:20:41 107,714 ----a-w c:\windows\System32\perfc009.dat
- 2009-01-12 07:08:05 626,976 ----a-w c:\windows\System32\perfh009.dat
+ 2009-01-12 21:20:41 626,976 ----a-w c:\windows\System32\perfh009.dat
- 2009-01-12 07:00:44 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-01-14 02:03:48 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-01-12 07:03:21 5,966 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-712910195-2065108488-2920947175-1002_UserData.bin
+ 2009-01-12 21:16:04 6,018 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-712910195-2065108488-2920947175-1002_UserData.bin
- 2009-01-12 07:03:21 67,228 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-12 21:16:04 67,228 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-12 07:03:20 34,156 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-12 21:16:03 34,220 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-14 02:04:09 91,249 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-01-09 1232896]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 53248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 18:26 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1980A3A3-72DB-4E3F-9F05-2191AA5DB79A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0816D0DF-B54B-4F22-AD54-EF92FB51704A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{00D323C8-E223-4115-B226-39A64557D821}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{516FF797-A0CA-43D6-A288-6A38B1835483}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F67C3699-D469-4522-851C-F156159CCFE6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D2100068-A81F-4DFA-A023-89A8E6C91F13}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AE100143-A4AF-4F19-A255-1F87AACED5C4}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BC772F8E-19BD-44C7-9AE8-77DBB2AEC02E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090102.001\IDSvix86.sys [2009-01-09 270384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-15 99376]
R3 KeyScrambler;KeyScrambler;c:\windows\System32\drivers\keyscrambler.sys [2009-01-01 113896]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2007-08-01 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2007-08-01 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [2007-08-01 31104]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2007-01-09 38200]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-08-01 812544]
R4 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-01 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-08-01 79736]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\rafdrutm.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\rafdrutm.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-01-13 21:55:38
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-13 21:57:49
ComboFix-quarantined-files.txt 2009-01-14 05:57:47
ComboFix2.txt 2009-01-12 07:57:41
ComboFix3.txt 2009-01-06 05:25:56
ComboFix4.txt 2009-01-05 02:16:28
ComboFix5.txt 2009-01-14 05:51:34

Pre-Run: 218,168,745,984 bytes free
Post-Run: 218,141,712,384 bytes free

333 --- E O F --- 2009-01-12 06:35:31

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Wed Jan 14, 2009 2:07 pm

Hmmm.
I wonder if that did it.
Still having problems?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Wed Jan 14, 2009 8:34 pm

i still cannot uPDte but now spybot only finds two trojans instead of four and malware sometimes finds two sometimes it doesnt instead of the six or foud it used it. but when i do erase them without restarting i can do updates but once i restart its back to the same. i think that it has to do with my internet connection because when thats restarted too the viruses comeback

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Wed Jan 14, 2009 8:48 pm

Okay, do this:
Do a spybot scan, remove everything it found.

DO NOT reboot yet.
Press Start > Run
Type in:
cmd
Press enter
Type in:
ipconfig /release
Press enter. (your net connection will die for now, but this next command fixes it)
Then type in:
ipconfig /renew
Press enter.
Then type in:
ipconfig /flushdns

Then close the command prompt.
Reboot now.
Does Spybot still find anything now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Fri Jan 16, 2009 2:22 am

when i do the ipconfig /release it says the required operation requires elevation

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Fri Jan 16, 2009 4:51 pm

Darn Vista.
Press Start > All Programs > Accessories > Command Prompt > right click > "Run as administrator"


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Sat Jan 17, 2009 12:30 am

it says this when i try:

windows ip configuration
no operation can be performed on Local Area Connection while it has its media disconnected

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Sat Jan 17, 2009 12:54 am

I'm gonna get in touch with my colleagues and see if we can come up with anything.
While I'm doing that, you said after that CF run, the number of stuff that Spybot found has dropped, can you post a log of what Spybot is still finding?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Sun Jan 18, 2009 4:02 am

Sorry idk how to find the log for the findings!! can you help me?

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Sun Jan 18, 2009 4:54 am

This is all i can find :
Malwarebytes' Anti-Malware 1.32
Database version: 1643
Windows 6.0.6000

1/17/2009 20:53:47
mbam-log-2009-01-17 (20-53-47).txt

Scan type: Quick Scan
Objects scanned: 49053
Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Sun Jan 18, 2009 1:20 pm

Okay, we'll use combofix again.
Delete combofix you have and download a new copy.

Now open a new notepad file.
Input this into the notepad file:

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
"DhcpNameServer"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
"DhcpNameServer"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:14 pm

ComboFix 09-01-19.01 - Angel 2009-01-19 11:03:27.7 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1143 [GMT -8:00]
Running from: c:\users\Angel\Downloads\ComboFix.exe
Command switches used :: c:\users\Angel\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: Norton 360 *enabled*
* Created a new restore point
.

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:16 pm

((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-16 22:54 . 2009-01-16 22:54 d-------- c:\program files\Microsoft Silverlight
2009-01-13 18:04 . 2008-12-15 19:14 290,304 --a------ c:\windows\System32\drivers\srv.sys
2009-01-11 21:00 . 2009-01-11 21:00 268,800 --a------ c:\windows\System32\es.dll
2009-01-11 18:11 . 2009-01-11 18:11 691 --a------ c:\users\Angel\AppData\Roaming\GetValue.vbs
2009-01-11 18:11 . 2009-01-11 18:11 35 --a------ c:\users\Angel\AppData\Roaming\SetValue.bat
2009-01-09 23:11 . 2009-01-09 23:11 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2009-01-09 23:11 . 2009-01-09 23:11 272,896 --a------ c:\windows\System32\polstore.dll
2009-01-09 23:11 . 2009-01-09 23:11 61,440 --a------ c:\windows\System32\winipsec.dll
2009-01-09 23:11 . 2009-01-09 23:11 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2009-01-09 23:09 . 2009-01-09 23:09 1,655,289 --a------ c:\windows\System32\wlan.tmf
2009-01-09 23:08 . 2009-01-09 23:08 194,560 --a------ c:\windows\System32\WebClnt.dll
2009-01-09 23:08 . 2009-01-09 23:08 110,080 --a------ c:\windows\System32\drivers\mrxdav.sys
2009-01-09 23:06 . 2009-01-09 23:06 1,244,672 --a------ c:\windows\System32\mcmde.dll
2009-01-09 23:06 . 2009-01-09 23:06 428,032 --a------ c:\windows\System32\EncDec.dll
2009-01-09 23:06 . 2009-01-09 23:06 292,352 --a------ c:\windows\System32\psisdecd.dll
2009-01-09 23:06 . 2009-01-09 23:06 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-01-09 23:06 . 2009-01-09 23:06 177,152 --a------ c:\windows\System32\mpg2splt.ax
2009-01-09 23:06 . 2009-01-09 23:06 80,896 --a------ c:\windows\System32\MSNP.ax
2009-01-09 23:06 . 2009-01-09 23:06 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2009-01-09 23:06 . 2009-01-09 23:06 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2009-01-09 23:05 . 2009-01-09 23:05 297,472 --a------ c:\windows\System32\gdi32.dll
2009-01-09 23:04 . 2009-01-09 23:04 1,060,920 --a------ c:\windows\System32\drivers\ntfs.sys
2009-01-09 23:04 . 2009-01-09 23:04 41,984 --a------ c:\windows\System32\drivers\monitor.sys
2009-01-09 23:01 . 2009-01-09 23:01 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-01-09 23:00 . 2009-01-09 23:00 374,456 --a------ c:\windows\System32\mcupdate_GenuineIntel.dll
2009-01-09 23:00 . 2009-01-09 23:00 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-01-09 22:59 . 2009-01-09 22:59 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-09 22:59 . 2009-01-09 22:59 1,687,040 --a------ c:\windows\System32\gameux.dll
2009-01-09 22:59 . 2009-01-09 22:59 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-01-09 22:58 . 2009-01-09 22:58 2,027,520 --a------ c:\windows\System32\win32k.sys
2009-01-09 22:58 . 2009-01-09 22:58 303,616 --a------ c:\windows\System32\wmpeffects.dll
2009-01-09 22:57 . 2009-01-09 22:57 8,147,968 --a------ c:\windows\System32\wmploc.DLL
2009-01-09 22:57 . 2009-01-09 22:57 1,194,496 --a------ c:\windows\System32\msxml3.dll
2009-01-09 22:57 . 2009-01-09 22:57 356,864 --a------ c:\windows\System32\MediaMetadataHandler.dll
2009-01-09 22:57 . 2009-01-09 22:57 7,680 --a------ c:\windows\System32\spwmp.dll
2009-01-09 22:57 . 2009-01-09 22:57 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-01-09 22:57 . 2009-01-09 22:57 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-01-09 22:57 . 2009-01-09 22:57 2,048 --a------ c:\windows\System32\msxml3r.dll
2009-01-09 22:56 . 2009-01-09 22:56 396,800 --a------ c:\windows\System32\MPSSVC.dll
2009-01-09 22:56 . 2009-01-09 22:56 392,192 --a------ c:\windows\System32\FirewallAPI.dll
2009-01-09 22:56 . 2009-01-09 22:56 178,688 --a------ c:\windows\System32\iphlpsvc.dll
2009-01-09 22:56 . 2009-01-09 22:56 86,016 --a------ c:\windows\System32\icfupgd.dll
2009-01-09 22:56 . 2009-01-09 22:56 63,488 --a------ c:\windows\System32\drivers\mpsdrv.sys
2009-01-09 22:56 . 2009-01-09 22:56 61,952 --a------ c:\windows\System32\cmifw.dll
2009-01-09 22:56 . 2009-01-09 22:56 23,040 --a------ c:\windows\System32\drivers\tunnel.sys
2009-01-09 22:56 . 2009-01-09 22:56 16,896 --a------ c:\windows\System32\wfapigp.dll
2009-01-09 22:56 . 2009-01-09 22:56 15,360 --a------ c:\windows\System32\drivers\TUNMP.SYS
2009-01-09 22:55 . 2009-01-09 22:55 2,048 --a------ c:\windows\System32\tzres.dll
2009-01-09 22:51 . 2009-01-09 22:51 2,923,520 --a------ c:\windows\explorer.exe
2009-01-09 22:51 . 2009-01-09 22:51 211,000 --a------ c:\windows\System32\drivers\volsnap.sys
2009-01-09 22:51 . 2009-01-09 22:51 154,624 --a------ c:\windows\System32\drivers\nwifi.sys
2009-01-09 22:51 . 2009-01-09 22:51 109,624 --a------ c:\windows\System32\drivers\ataport.sys
2009-01-09 22:51 . 2009-01-09 22:51 45,112 --a------ c:\windows\System32\drivers\pciidex.sys
2009-01-09 22:51 . 2009-01-09 22:51 21,560 --a------ c:\windows\System32\drivers\atapi.sys
2009-01-09 22:51 . 2009-01-09 22:51 17,464 --a------ c:\windows\System32\drivers\intelide.sys
2009-01-09 22:48 . 2009-01-09 22:48 803,328 --a------ c:\windows\System32\drivers\tcpip.sys
2009-01-09 22:48 . 2009-01-09 22:48 216,632 --a------ c:\windows\System32\drivers\netio.sys
2009-01-09 22:48 . 2009-01-09 22:48 167,424 --a------ c:\windows\System32\tcpipcfg.dll
2009-01-09 22:48 . 2009-01-09 22:48 24,064 --a------ c:\windows\System32\netcfg.exe
2009-01-09 22:48 . 2009-01-09 22:48 22,016 --a------ c:\windows\System32\netiougc.exe
2009-01-09 22:47 . 2009-01-09 22:47 7,964,672 --a------ c:\windows\System32\NlsLexicons0024.dll
2009-01-09 22:47 . 2009-01-09 22:47 6,224,896 --a------ c:\windows\System32\NlsLexicons0027.dll
2009-01-09 22:47 . 2009-01-09 22:47 5,791,232 --a------ c:\windows\System32\NlsLexicons0026.dll
2009-01-09 22:47 . 2009-01-09 22:47 5,499,904 --a------ c:\windows\System32\NlsLexicons0022.dll
2009-01-09 22:47 . 2009-01-09 22:47 4,175,872 --a------ c:\windows\System32\NlsLexicons0010.dll
2009-01-09 22:47 . 2009-01-09 22:47 2,136,064 --a------ c:\windows\System32\NlsLexicons0021.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,808,896 --a------ c:\windows\System32\NlsLexicons0046.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,793,536 --a------ c:\windows\System32\NlsLexicons0045.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,782,272 --a------ c:\windows\System32\NlsLexicons0039.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,558,016 --a------ c:\windows\System32\NlsLexicons0049.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,411,072 --a------ c:\windows\System32\NlsLexicons0047.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,236,992 --a------ c:\windows\System32\NlsLexicons0020.dll
2009-01-09 22:44 . 2009-01-09 22:44 1,585,664 --a------ c:\windows\System32\setupapi.dll
2009-01-09 22:42 . 2009-01-09 22:42 223,232 --a------ c:\windows\System32\WMASF.DLL
2009-01-09 22:42 . 2009-01-09 22:42 9,728 --a------ c:\windows\System32\LAPRXY.DLL
2009-01-09 22:42 . 2009-01-09 22:42 2,048 --a------ c:\windows\System32\asferror.dll
2009-01-09 22:41 . 2009-01-09 22:41 2,605,568 --a------ c:\windows\System32\SLsvc.exe
2009-01-09 22:41 . 2009-01-09 22:41 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2009-01-09 22:41 . 2009-01-09 22:41 566,784 --a------ c:\windows\System32\SLCommDlg.dll
2009-01-09 22:41 . 2009-01-09 22:41 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2009-01-09 22:41 . 2009-01-09 22:41 351,232 --a------ c:\windows\System32\SLUI.exe
2009-01-09 22:41 . 2009-01-09 22:41 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2009-01-09 22:41 . 2009-01-09 22:41 268,288 --a------ c:\windows\System32\mcbuilder.exe
2009-01-09 22:41 . 2009-01-09 22:41 223,232 --a------ c:\windows\System32\SLC.dll
2009-01-09 22:41 . 2009-01-09 22:41 186,368 --a------ c:\windows\System32\SLLUA.exe
2009-01-09 22:41 . 2009-01-09 22:41 57,856 --a------ c:\windows\System32\SLUINotify.dll
2009-01-09 22:41 . 2009-01-09 22:41 39,936 --a------ c:\windows\System32\slcinst.dll
2009-01-09 22:41 . 2009-01-09 22:41 33,280 --a------ c:\windows\System32\slwmi.dll
2009-01-09 22:40 . 2009-01-09 22:40 1,984,512 --a------ c:\windows\System32\authui.dll
2009-01-09 22:40 . 2009-01-09 22:40 269,824 --a------ c:\windows\System32\schannel.dll
2009-01-09 22:40 . 2009-01-09 22:40 220,160 --a------ c:\windows\System32\ntprint.dll
2009-01-09 22:40 . 2009-01-09 22:40 123,904 --a------ c:\windows\System32\msvfw32.dll
2009-01-09 22:40 . 2009-01-09 22:40 120,320 --a------ c:\windows\System32\dhcpcsvc6.dll
2009-01-09 22:40 . 2009-01-09 22:40 88,576 --a------ c:\windows\System32\avifil32.dll

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:17 pm

2009-01-09 22:40 . 2009-01-09 22:40 82,944 --a------ c:\windows\System32\mciavi32.dll
2009-01-09 22:40 . 2009-01-09 22:40 65,024 --a------ c:\windows\System32\avicap32.dll
2009-01-09 22:40 . 2009-01-09 22:40 61,440 --a------ c:\windows\System32\ntprint.exe
2009-01-09 22:40 . 2009-01-09 22:40 10,240 --a------ c:\windows\System32\dhcpcmonitor.dll
2009-01-09 22:39 . 2009-01-09 22:39 8,138,240 --a------ c:\windows\System32\ssBranded.scr
2009-01-09 22:39 . 2009-01-09 22:39 441,856 --a------ c:\windows\System32\win32spl.dll
2009-01-09 22:39 . 2009-01-09 22:39 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2009-01-09 22:39 . 2009-01-09 22:39 83,968 --a------ c:\windows\System32\dnsrslvr.dll
2009-01-09 22:39 . 2009-01-09 22:39 69,632 --a------ c:\windows\System32\sendmail.dll
2009-01-09 22:39 . 2009-01-09 22:39 37,376 --a------ c:\windows\System32\printcom.dll
2009-01-09 22:39 . 2009-01-09 22:39 31,232 --a------ c:\windows\System32\msvidc32.dll
2009-01-09 22:39 . 2009-01-09 22:39 24,576 --a------ c:\windows\System32\dnscacheugc.exe
2009-01-09 22:39 . 2009-01-09 22:39 14,848 --a------ c:\windows\System32\wshrm.dll
2009-01-09 22:39 . 2009-01-09 22:39 12,800 --a------ c:\windows\System32\msrle32.dll
2009-01-09 22:39 . 2009-01-09 22:39 11,776 --a------ c:\windows\System32\sbunattend.exe
2009-01-09 22:34 . 2009-01-09 22:34 1,645,568 --a------ c:\windows\System32\connect.dll
2009-01-09 22:34 . 2009-01-09 22:34 737,792 --a------ c:\windows\System32\inetcomm.dll
2009-01-09 22:34 . 2009-01-09 22:34 84,480 --a------ c:\windows\System32\INETRES.dll
2009-01-09 22:33 . 2009-01-09 22:33 1,327,104 --a------ c:\windows\System32\quartz.dll
2009-01-09 22:32 . 2009-01-09 22:32 3,505,208 --a------ c:\windows\System32\ntkrnlpa.exe
2009-01-09 22:32 . 2009-01-09 22:32 3,470,904 --a------ c:\windows\System32\ntoskrnl.exe
2009-01-09 22:32 . 2009-01-09 22:32 1,341,440 --a------ c:\windows\System32\msxml6.dll
2009-01-09 22:32 . 2009-01-09 22:32 2,048 --a------ c:\windows\System32\msxml6r.dll
2009-01-09 22:31 . 2009-01-09 22:31 750,080 --a------ c:\windows\System32\qmgr.dll
2009-01-07 20:11 . 2009-01-07 20:11 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2009-01-07 20:11 . 2009-01-07 20:11 1,524,736 --a------ c:\windows\System32\wucltux.dll
2009-01-07 20:11 . 2009-01-07 20:11 561,688 --a------ c:\windows\System32\wuapi.dll
2009-01-07 20:11 . 2009-01-07 20:11 83,456 --a------ c:\windows\System32\wudriver.dll
2009-01-07 20:11 . 2009-01-07 20:11 51,224 --a------ c:\windows\System32\wuauclt.exe
2009-01-07 20:11 . 2009-01-07 20:11 43,544 --a------ c:\windows\System32\wups2.dll
2009-01-07 20:11 . 2009-01-07 20:11 34,328 --a------ c:\windows\System32\wups.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 11:02 --------- d-----w c:\program files\Windows Mail
2009-01-14 08:37 --------- d-----w c:\programdata\Sony Corporation
2009-01-10 08:30 174 --sha-w c:\program files\desktop.ini
2009-01-10 08:23 --------- d-----w c:\program files\Windows Sidebar
2009-01-10 08:23 --------- d-----w c:\program files\Windows Calendar
2009-01-10 08:21 --------- d-----w c:\program files\Apoint
2009-01-10 07:12 --------- d-----w c:\programdata\Microsoft Help
2009-01-10 07:09 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2009-01-10 07:09 67,584 ----a-w c:\windows\System32\wlanhlp.dll
2009-01-10 07:09 542,720 ----a-w c:\windows\System32\sysmain.dll
2009-01-10 07:09 502,784 ----a-w c:\windows\System32\wlansvc.dll
2009-01-10 07:09 47,104 ----a-w c:\windows\System32\wlanapi.dll
2009-01-10 07:09 297,984 ----a-w c:\windows\System32\wlansec.dll
2009-01-10 07:09 290,816 ----a-w c:\windows\System32\wlanmsm.dll
2009-01-10 07:09 28,344 ----a-w c:\windows\system32\drivers\battc.sys
2009-01-10 07:09 258,232 ----a-w c:\windows\system32\drivers\acpi.sys
2009-01-10 07:09 24,064 ----a-w c:\windows\System32\wtsapi32.dll
2009-01-10 07:09 20,920 ----a-w c:\windows\system32\drivers\compbatt.sys
2009-01-10 07:09 14,208 ----a-w c:\windows\system32\drivers\CmBatt.sys
2009-01-10 06:59 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-10 06:59 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-10 06:59 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-10 06:59 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-10 06:59 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-10 06:59 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-10 06:49 826,368 ----a-w c:\windows\System32\wininet.dll
2009-01-10 06:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2009-01-10 06:49 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-10 06:43 944,184 ----a-w c:\windows\System32\winload.exe
2009-01-10 06:35 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2009-01-10 06:35 98,816 ----a-w c:\windows\System32\mfps.dll
2009-01-10 06:35 94,720 ----a-w c:\windows\System32\logagent.exe
2009-01-10 06:35 84,992 ----a-w c:\windows\system32\drivers\srvnet.sys
2009-01-10 06:35 788,992 ----a-w c:\windows\System32\rpcrt4.dll
2009-01-10 06:35 58,368 ----a-w c:\windows\system32\drivers\mrxsmb20.sys
2009-01-10 06:35 52,736 ----a-w c:\windows\System32\rrinstaller.exe
2009-01-10 06:35 24,576 ----a-w c:\windows\System32\mfpmp.exe
2009-01-10 06:35 2,855,424 ----a-w c:\windows\System32\mf.dll
2009-01-10 06:35 2,048 ----a-w c:\windows\System32\mferror.dll
2009-01-10 06:35 148,992 ----a-w c:\windows\system32\drivers\ks.sys
2009-01-10 06:35 130,048 ----a-w c:\windows\system32\drivers\srv2.sys
2009-01-10 06:35 101,888 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2009-01-08 03:24 --------- d-----w c:\programdata\Symantec
2009-01-06 02:18 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-06 02:18 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 02:18 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-06 02:18 --------- d-----w c:\program files\Symantec
2009-01-02 03:58 --------- d-----w c:\program files\Common Files\Sony Shared
2009-01-02 03:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 03:57 --------- d-----w c:\program files\Sony
2008-12-31 06:49 --------- d-----w c:\program files\Common Files\AOL
2008-12-23 21:58 --------- d-----w c:\program files\Norton 360
2008-12-23 07:18 --------- d-----w c:\programdata\Intuit
2008-12-23 07:18 --------- d-----w c:\program files\Common Files\Intuit
2008-12-16 06:03 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-16 06:03 --------- d-----w c:\program files\Java
2008-12-16 05:29 --------- d-----w c:\users\Angel\AppData\Roaming\Symantec
2008-12-16 05:19 --------- d-----w c:\users\Angel\AppData\Roaming\Corel
2008-12-16 04:44 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-16 04:43 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-16 04:38 --------- d-----w c:\users\Angel\AppData\Roaming\Sony Corporation
2008-12-15 06:24 --------- d-sh--w c:\programdata\Templates
2008-12-15 06:24 --------- d-sh--w c:\programdata\Start Menu
2008-12-15 06:24 --------- d-sh--w c:\programdata\Favorites
2008-12-15 06:24 --------- d-sh--w c:\programdata\Documents
2008-12-15 06:24 --------- d-sh--w c:\programdata\Desktop
2008-12-15 06:24 --------- d-sh--w c:\programdata\Application Data
2008-12-15 05:19 0 ---ha-r c:\windows\system32\drivers\Sony_VGN-FZ240E.mrk
2008-12-15 04:55 --------- d-----w c:\program files\InterVideo
2008-12-15 04:55 --------- d-----w c:\program files\Common Files\InterVideo
2008-12-15 04:50 132,608 ----a-w c:\windows\system32\drivers\usbvideo.sys
2008-12-15 04:46 1,132,112 ----a-w c:\users\All Users\pswi_preloaded.exe
2008-12-15 04:46 1,132,112 ----a-w c:\programdata\pswi_preloaded.exe
2008-12-15 04:46 --------- d-----w c:\programdata\Corel
2008-12-15 04:46 --------- d-----w c:\program files\Corel
2008-12-15 04:45 --------- d-----w c:\program files\Common Files\Corel
2008-12-15 04:44 --------- d-----w c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-12-15 04:44 --------- d-----w c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2008-12-15 04:43 --------- d-----w c:\program files\Microsoft.NET
2008-12-15 04:38 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-15 04:38 --------- d-----w c:\program files\ArcSoft
2008-12-15 04:32 --------- d-----w c:\program files\Intuit
2008-12-15 04:32 --------- d-----w c:\program files\Common Files\supportsoft
2008-12-15 04:30 --------- d-----w c:\programdata\COMMON FILES
2008-12-15 04:24 --------- d-----w c:\program files\Microsoft Works

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:19 pm

.
((((((((((((((((((((((((((((( snapshot_2009-01-13_21.56.03.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-12 21:14:06 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-19 18:47:44 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-12 21:14:06 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-19 18:47:44 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-12 21:15:42 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-19 18:49:24 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-01-12 21:15:37 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-19 18:49:30 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-01-14 03:30:51 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-19 18:49:34 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-14 03:30:51 163,840 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-19 18:49:34 163,840 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-14 03:30:51 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-19 18:49:34 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-14 05:53:02 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-01-19 19:03:01 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-12-09 23:24:38 17,593,280 ----a-w c:\windows\System32\mrt.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\System32\mrt.exe
- 2009-01-12 21:20:41 107,714 ----a-w c:\windows\System32\perfc009.dat
+ 2009-01-19 19:00:44 107,714 ----a-w c:\windows\System32\perfc009.dat
- 2009-01-12 21:20:41 626,976 ----a-w c:\windows\System32\perfh009.dat
+ 2009-01-19 19:00:44 626,976 ----a-w c:\windows\System32\perfh009.dat
- 2009-01-14 02:03:48 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-01-17 07:18:09 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-01-12 21:16:04 6,018 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-712910195-2065108488-2920947175-1002_UserData.bin
+ 2009-01-19 18:49:48 6,516 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-712910195-2065108488-2920947175-1002_UserData.bin
- 2009-01-12 21:16:04 67,228 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-19 18:49:48 67,502 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-12 21:16:03 34,220 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-19 18:49:46 34,526 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:20 pm

- 2009-01-14 02:04:09 91,249 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-01-17 04:55:01 126,270,543 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2006-11-02 12:35:28 77,824 ----a-w c:\windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6001.18000_none_fdcbbc4906dd2f5d\ehiExtens.dll
+ 2009-01-10 06:44:37 19,456 ----a-w c:\windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18000_none_7244c43bbb913795\bthenum.sys
+ 2006-11-02 09:46:02 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\aelupsvc.dll
+ 2006-11-02 09:45:39 20,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\sdbinst.exe
+ 2006-11-02 09:46:13 111,104 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\shimeng.dll
+ 2006-11-02 07:11:38 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18000_none_0c223829f24c6bcd\AcRes.dll
+ 2006-11-02 09:46:02 38,912 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\acppage.dll
+ 2006-11-02 07:11:39 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\acprgwiz.dll
+ 2006-11-02 09:45:32 8,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\pcaelv.exe
+ 2006-11-02 09:45:32 7,680 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\pcalua.exe
+ 2006-11-02 09:45:32 14,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\pcaui.exe
+ 2006-11-02 12:34:33 30,208 ----a-w c:\windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dmband.dll
+ 2006-11-02 12:34:33 62,976 ----a-w c:\windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dmcompos.dll
+ 2006-11-02 12:34:33 105,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dmstyle.dll
+ 2006-11-02 12:34:33 20,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dswave.dll
+ 2006-11-02 09:46:05 52,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc804108fe1a6\mmci.dll
+ 2006-11-02 09:46:05 12,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc804108fe1a6\mmcico.dll
+ 2006-11-02 09:46:13 185,856 ----a-w c:\windows\winsxs\x86_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_6.0.6001.18000_none_c62871670779ffa4\SndVolSSO.dll
+ 2006-11-02 09:41:17 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6001.18000_none_175cb770bf6b8f77\netmsg.dll

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum