I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 11:01 pm

[2009/01/06 20:48:10 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Apple Computer
[2009/01/06 20:48:10 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\Apple Computer
[2009/01/06 20:48:06 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/01/06 20:47:48 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/01/06 20:47:47 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/01/06 20:47:01 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/01/06 20:46:45 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/01/06 20:46:31 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/01/06 20:46:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/01/06 20:46:09 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\Apple
[2009/01/06 20:46:04 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/01/06 20:45:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/01/06 20:45:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/01/06 20:14:16 | 00,000,000 | ---D | C] -- C:\Users\Angel\Documents\My Received Files
[2009/01/06 20:14:06 | 00,000,000 | -HSD | C] -- C:\Program Files\Common Files\WindowsLiveInstaller
[2009/01/06 20:13:40 | 00,000,000 | ---D | C] -- C:\ProgramData\WLInstaller
[2009/01/06 20:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/01/05 23:52:46 | 00,004,608 | ---- | C] () -- C:\Users\Angel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/05 23:17:04 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\Agent.OMZ.Fix.exe
[2009/01/05 22:17:26 | 00,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2009/01/05 21:53:58 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/01/05 21:32:33 | 00,001,874 | ---- | C] () -- C:\Users\Angel\Desktop\HijackThis.lnk
[2009/01/04 18:16:28 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/01/04 18:12:57 | 00,000,540 | ---- | C] () -- C:\Users\Angel\Desktop\ComboFix - Shortcut.lnk
[2009/01/02 16:31:13 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/01/02 16:26:41 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/01/02 16:26:41 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/01/02 16:26:41 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\Windows\fdsv.exe
[2009/01/02 16:26:41 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/01/02 16:26:41 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/01/02 16:26:41 | 00,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2009/01/02 16:26:41 | 00,028,672 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/01/02 16:26:40 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/01/02 16:26:40 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/01/02 16:26:34 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/01/02 16:26:34 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/01/02 15:43:49 | 00,731,136 | ---- | C] () -- C:\Users\Angel\Desktop\avenger.exe
[2009/01/01 21:26:47 | 00,001,085 | ---- | C] () -- C:\Users\Angel\Desktop\Spybot - Search & Destroy.lnk
[2009/01/01 21:15:59 | 00,113,896 | ---- | C] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys
[2009/01/01 21:15:59 | 00,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2009/01/01 19:56:33 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\InstallShield
[2009/01/01 19:50:28 | 00,000,000 | ---D | C] -- C:\Update
[2008/12/30 23:18:48 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/30 22:28:32 | 01,963,676 | -H-- | C] () -- C:\Users\Angel\AppData\Local\IconCache.db
[2008/12/30 21:45:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2008/12/30 21:45:44 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/30 21:45:42 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/12/30 21:45:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/28 20:18:50 | 00,000,000 | ---D | C] -- C:\Users\Angel\Documents\Oberon Media
[2008/12/28 15:31:09 | 00,000,000 | ---D | C] -- C:\scscc20
[2008/12/26 16:19:53 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
[2008/12/23 23:14:57 | 21,374,48448 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/23 00:53:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2008/12/23 00:53:37 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/12/22 23:40:10 | 00,001,670 | ---- | C] () -- C:\Users\Angel\Desktop\CCleaner.lnk
[2008/12/22 23:40:09 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/12/22 23:39:02 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Malwarebytes
[2008/12/22 23:38:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2008/12/22 23:19:05 | 00,000,000 | ---D | C] -- C:\Windows\Intuit
[2008/12/22 22:31:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/17 11:55:51 | 00,001,637 | ---- | C] () -- C:\Users\Angel\Desktop\Paint.lnk
[2008/12/15 21:29:08 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Symantec
[2008/12/15 21:13:10 | 00,023,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\COH_Mon.sys
[2008/12/15 21:13:10 | 00,010,537 | ---- | C] () -- C:\Windows\System32\drivers\COH_Mon.cat
[2008/12/15 21:13:10 | 00,000,706 | ---- | C] () -- C:\Windows\System32\drivers\COH_Mon.inf
[2008/12/15 21:11:52 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Corel
[2008/12/15 21:01:01 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Adobe
[2008/12/15 21:01:01 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\Adobe
[2008/12/15 20:50:54 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2008/12/15 20:46:07 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Mozilla
[2008/12/15 20:46:07 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\Mozilla
[2008/12/15 20:45:54 | 00,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2008/12/15 20:45:44 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/12/15 20:45:08 | 00,186,256 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\SymNPPWA.dll
[2008/12/15 20:44:17 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2008/12/15 20:44:17 | 00,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/12/15 20:28:07 | 00,000,016 | ---- | C] () -- C:\Windows\System32\coh.cache
[2008/12/14 22:37:39 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\AOL
[2008/12/14 22:32:08 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Macromedia
[2008/12/14 22:31:59 | 00,072,632 | ---- | C] () -- C:\Users\Angel\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/12/14 22:31:41 | 00,000,432 | -HS- | C] () -- C:\Users\Angel\Desktop\desktop.ini
[2008/12/14 22:31:41 | 00,000,402 | -HS- | C] () -- C:\Users\Angel\Documents\desktop.ini
[2008/12/14 22:31:41 | 00,000,174 | -HS- | C] () -- C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/12/14 22:31:38 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Identities
[2008/12/14 22:31:35 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\VirtualStore
[2008/12/14 22:28:44 | 00,000,000 | -HSD | C] -- C:\Users\Angel\Documents\My Videos
[2008/12/14 22:28:44 | 00,000,000 | -HSD | C] -- C:\Users\Angel\Documents\My Pictures
[2008/12/14 22:28:44 | 00,000,000 | -HSD | C] -- C:\Users\Angel\Documents\My Music
[2008/12/14 22:28:44 | 00,000,000 | -HSD | C] -- C:\Users\Angel\AppData\Local\Temporary Internet Files
[2008/12/14 22:28:44 | 00,000,000 | -HSD | C] -- C:\Users\Angel\AppData\Local\History
[2008/12/14 22:28:44 | 00,000,000 | -HSD | C] -- C:\Users\Angel\AppData\Local\Application Data
[2008/12/14 22:28:40 | 00,000,000 | --SD | C] -- C:\Users\Angel\AppData\Roaming\Microsoft
[2008/12/14 22:28:40 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Media Center Programs
[2008/12/14 22:28:40 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\Temp
[2008/12/14 22:28:40 | 00,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\Microsoft
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2008/12/14 22:24:39 | 00,000,000 | -HSD | C] -- C:\Documents and Settings
[2008/12/14 21:18:41 | 00,000,040 | -H-- | C] () -- C:\Windows\System32\ivireg.ivr
[2008/12/14 21:08:55 | 00,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2008/12/14 21:06:54 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2008/12/14 21:06:39 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2008/12/14 21:06:39 | 00,010,635 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2008/12/14 21:06:39 | 00,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2008/12/14 21:05:56 | 00,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll
[2008/12/14 21:05:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2008/12/14 21:05:50 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2008/12/14 21:05:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2008/12/14 20:55:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InterVideo
[2008/12/14 20:55:16 | 00,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2008/12/14 20:54:33 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2008/12/14 20:54:33 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2008/12/14 20:54:32 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2008/12/14 20:54:32 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2008/12/14 20:54:31 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2008/12/14 20:54:31 | 00,068,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2008/12/14 20:54:31 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2008/12/14 20:54:30 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2008/12/14 20:54:30 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2008/12/14 20:54:30 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2008/12/14 20:54:29 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2008/12/14 20:54:29 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2008/12/14 20:54:28 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2008/12/14 20:54:16 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2008/12/14 20:54:14 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2008/12/14 20:54:14 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2008/12/14 20:54:13 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2008/12/14 20:54:12 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2008/12/14 20:54:11 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2008/12/14 20:54:10 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2008/12/14 20:54:10 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2008/12/14 20:54:08 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2008/12/14 20:50:28 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbvideo.sys
[2008/12/14 20:47:32 | 00,000,000 | RH-- | C] () -- C:\Windows\System32\drivers\Sony_VGN-FZ240E.mrk
[2008/12/14 20:46:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Corel
[2008/12/14 20:45:39 | 00,000,000 | ---D | C] -- C:\Program Files\Corel
[2008/12/14 20:45:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2008/12/14 20:45:38 | 01,132,112 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2008/12/14 20:44:24 | 00,002,152 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2008/12/14 20:44:24 | 00,000,000 | ---D | C] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2008/12/14 20:44:21 | 00,000,000 | ---D | C] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2008/12/14 20:43:56 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2008/12/14 20:43:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 11:02 pm

[2008/12/14 20:43:02 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2008/12/14 20:43:02 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2008/12/14 20:41:46 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2008/12/14 20:41:13 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2008/12/14 20:38:41 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2008/12/14 20:37:10 | 00,000,067 | -H-- | C] () -- C:\kernel.pam
[2008/12/14 20:37:10 | 00,000,017 | -H-- | C] () -- C:\initrd.pam
[2008/12/14 20:37:10 | 00,000,000 | -H-D | C] -- C:\InstantON
[2008/12/14 20:32:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2008/12/14 20:32:46 | 01,933,312 | ---- | C] (Amyuni Technologies
[You must be registered and logged in to see this link.] -- C:\Windows\System32\cdintf251.dll
[2008/12/14 20:30:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2008/12/14 20:30:53 | 00,000,000 | ---D | C] -- C:\Program Files\Intuit
[2008/12/14 20:30:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2008/12/14 20:30:44 | 00,000,000 | ---D | C] -- C:\ProgramData\COMMON FILES
[2008/12/14 20:29:01 | 00,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2008/12/14 20:27:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2008/12/14 20:27:43 | 00,000,000 | ---D | C] -- C:\Program Files\AOL
[2008/12/14 20:27:40 | 00,000,347 | -H-- | C] () -- C:\IPH.PH
[2008/12/14 20:27:24 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2008/12/14 20:26:19 | 00,140,914 | ---- | C] () -- C:\Windows\System32\drivers\SnyHDAN.cty
[2008/12/14 20:26:13 | 00,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2008/12/14 20:24:29 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2008/12/14 20:22:54 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2008/12/14 20:17:53 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2008/12/14 20:15:48 | 00,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2009/01/13 14:22:50 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/01/13 14:22:50 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/01/13 14:22:50 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/01/12 13:20:41 | 00,729,436 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/01/12 13:20:41 | 00,626,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/01/12 13:20:41 | 00,107,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/01/12 13:14:12 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/01/12 13:13:59 | 21,374,48448 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/12 01:17:40 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/01/12 01:17:17 | 01,963,676 | -H-- | M] () -- C:\Users\Angel\AppData\Local\IconCache.db
[2009/01/11 23:57:44 | 00,053,248 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2009/01/11 23:55:23 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/01/11 21:00:04 | 00,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/01/11 20:10:44 | 00,000,502 | ---- | M] () -- C:\Users\Angel\Desktop\fix.reg
[2009/01/11 18:11:48 | 00,000,691 | ---- | M] () -- C:\Users\Angel\AppData\Roaming\GetValue.vbs
[2009/01/11 18:11:48 | 00,000,035 | ---- | M] () -- C:\Users\Angel\AppData\Roaming\SetValue.bat
[2009/01/11 18:11:42 | 00,290,752 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/01/11 14:08:22 | 00,001,085 | ---- | M] () -- C:\Users\Angel\Desktop\Spybot - Search & Destroy.lnk
[2009/01/10 00:30:04 | 00,000,280 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
[2009/01/10 00:30:04 | 00,000,174 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini
[2009/01/10 00:30:04 | 00,000,174 | -HS- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2009/01/10 00:25:45 | 00,301,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/01/09 23:11:33 | 00,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/01/09 23:11:33 | 00,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2009/01/09 23:11:33 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2009/01/09 23:11:33 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/01/09 23:10:50 | 00,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/01/09 23:10:50 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2009/01/09 23:10:48 | 00,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.sys
[2009/01/09 23:10:48 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kmddsp.tsp
[2009/01/09 23:10:48 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndistapi.sys
[2009/01/09 23:10:47 | 00,564,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/01/09 23:10:47 | 00,384,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2009/01/09 23:10:47 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2009/01/09 23:10:47 | 00,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wanarp.sys
[2009/01/09 23:10:47 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/01/09 23:10:47 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ndptsp.tsp
[2009/01/09 23:10:47 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2009/01/09 23:10:47 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2009/01/09 23:10:47 | 00,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2009/01/09 23:10:46 | 00,286,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipnathlp.dll
[2009/01/09 23:10:46 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2009/01/09 23:10:45 | 00,694,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/01/09 23:10:45 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/01/09 23:10:45 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/01/09 23:10:45 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2009/01/09 23:10:45 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2009/01/09 23:10:45 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2009/01/09 23:10:44 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll
[2009/01/09 23:10:44 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/01/09 23:10:02 | 00,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/01/09 23:10:02 | 00,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/01/09 23:10:02 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/01/09 23:09:25 | 00,704,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/01/09 23:09:23 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2009/01/09 23:09:22 | 00,258,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/01/09 23:09:22 | 00,020,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\compbatt.sys
[2009/01/09 23:09:21 | 00,028,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2009/01/09 23:09:21 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\CmBatt.sys
[2009/01/09 23:09:20 | 00,542,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/01/09 23:09:19 | 01,655,289 | ---- | M] () -- C:\Windows\System32\wlan.tmf

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 11:02 pm

[2009/01/09 23:09:19 | 00,714,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/01/09 23:09:19 | 00,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/01/09 23:09:19 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/01/09 23:09:19 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/01/09 23:09:18 | 00,502,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/01/09 23:09:18 | 00,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/01/09 23:08:09 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/01/09 23:08:09 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/01/09 23:06:38 | 01,244,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009/01/09 23:06:37 | 00,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/01/09 23:06:37 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/01/09 23:06:37 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/01/09 23:06:37 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/01/09 23:06:37 | 00,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/01/09 23:06:37 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2009/01/09 23:06:37 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2009/01/09 23:05:13 | 00,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/01/09 23:04:39 | 01,060,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/01/09 23:04:39 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys
[2009/01/09 23:01:27 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/01/09 23:01:27 | 01,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/01/09 23:00:40 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/01/09 23:00:09 | 00,374,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/01/09 22:59:31 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/01/09 22:59:28 | 04,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/01/09 22:59:28 | 01,687,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/01/09 22:58:50 | 00,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/01/09 22:58:18 | 02,027,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/01/09 22:57:47 | 01,194,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/01/09 22:57:47 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2009/01/09 22:57:10 | 08,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/01/09 22:57:09 | 10,617,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/01/09 22:57:09 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/01/09 22:57:08 | 00,356,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/01/09 22:57:08 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/01/09 22:57:08 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/01/09 22:56:35 | 00,396,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/01/09 22:56:35 | 00,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2009/01/09 22:56:35 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys
[2009/01/09 22:56:34 | 00,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/01/09 22:56:34 | 00,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2009/01/09 22:56:34 | 00,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2009/01/09 22:56:34 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
[2009/01/09 22:56:34 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2009/01/09 22:56:34 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS
[2009/01/09 22:56:05 | 00,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/01/09 22:55:32 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/01/09 22:54:15 | 11,315,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/01/09 22:51:45 | 00,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/01/09 22:51:44 | 00,211,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/01/09 22:51:44 | 00,109,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/01/09 22:51:44 | 00,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/01/09 22:51:44 | 00,017,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelide.sys
[2009/01/09 22:51:43 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/01/09 22:51:17 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/01/09 22:49:25 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/01/09 22:49:25 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/01/09 22:49:24 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/01/09 22:49:24 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/01/09 22:49:23 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/01/09 22:49:23 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/01/09 22:49:22 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/01/09 22:49:22 | 00,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/01/09 22:49:20 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/01/09 22:49:18 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/01/09 22:49:17 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/01/09 22:49:17 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/01/09 22:49:16 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/01/09 22:49:15 | 01,160,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/01/09 22:49:15 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/01/09 22:49:14 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/01/09 22:49:14 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/01/09 22:49:14 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/01/09 22:49:14 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/01/09 22:48:22 | 00,803,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/01/09 22:48:22 | 00,216,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/01/09 22:48:22 | 00,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/01/09 22:48:22 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2009/01/09 22:48:22 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 11:03 pm

[2009/01/09 22:47:04 | 01,808,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2009/01/09 22:47:04 | 01,793,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2009/01/09 22:47:04 | 01,558,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2009/01/09 22:47:04 | 01,411,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2009/01/09 22:47:04 | 01,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2009/01/09 22:47:03 | 05,499,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2009/01/09 22:47:03 | 02,136,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2009/01/09 22:47:03 | 01,782,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2009/01/09 22:47:02 | 07,964,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2009/01/09 22:47:01 | 06,224,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2009/01/09 22:47:01 | 05,791,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2009/01/09 22:47:00 | 04,175,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2009/01/09 22:46:59 | 04,981,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2009/01/09 22:46:59 | 02,466,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2009/01/09 22:46:58 | 06,781,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2009/01/09 22:46:58 | 03,331,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2009/01/09 22:46:57 | 11,722,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2009/01/09 22:46:56 | 04,164,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2009/01/09 22:46:55 | 12,240,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/01/09 22:46:55 | 02,644,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/01/09 22:46:55 | 01,452,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2009/01/09 22:46:54 | 04,093,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2009/01/09 22:46:54 | 03,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2009/01/09 22:46:54 | 01,702,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2009/01/09 22:46:53 | 04,045,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2009/01/09 22:46:53 | 01,972,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2009/01/09 22:46:52 | 06,585,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2009/01/09 22:46:52 | 06,014,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2009/01/09 22:46:52 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2009/01/09 22:46:51 | 09,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2009/01/09 22:46:51 | 06,346,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2009/01/09 22:46:50 | 06,237,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2009/01/09 22:46:50 | 01,722,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2009/01/09 22:46:49 | 05,654,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2009/01/09 22:46:48 | 05,090,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2009/01/09 22:46:48 | 04,616,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2009/01/09 22:46:47 | 07,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2009/01/09 22:46:47 | 05,071,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2009/01/09 22:46:47 | 05,031,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2009/01/09 22:46:46 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2009/01/09 22:46:46 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2009/01/09 22:46:46 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2009/01/09 22:46:45 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2009/01/09 22:46:45 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2009/01/09 22:46:45 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2009/01/09 22:46:44 | 01,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2009/01/09 22:46:44 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2009/01/09 22:46:44 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2009/01/09 22:46:44 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2009/01/09 22:46:44 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2009/01/09 22:46:43 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2009/01/09 22:46:43 | 02,655,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2009/01/09 22:46:42 | 04,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2009/01/09 22:46:42 | 03,464,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2009/01/09 22:46:42 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2009/01/09 22:46:42 | 01,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2009/01/09 22:46:41 | 02,597,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2009/01/09 22:46:41 | 02,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2009/01/09 22:46:41 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2009/01/09 22:46:41 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2009/01/09 22:46:40 | 04,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2009/01/09 22:46:40 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2009/01/09 22:46:39 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2009/01/09 22:46:39 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2009/01/09 22:46:39 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2009/01/09 22:46:38 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2009/01/09 22:46:38 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2009/01/09 22:46:38 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2009/01/09 22:46:38 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2009/01/09 22:46:37 | 09,845,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2009/01/09 22:46:37 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2009/01/09 22:46:36 | 02,641,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2009/01/09 22:46:36 | 02,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2009/01/09 22:46:35 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2009/01/09 22:46:35 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2009/01/09 22:46:35 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2009/01/09 22:46:34 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2009/01/09 22:46:34 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2009/01/09 22:46:34 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/01/09 22:46:33 | 06,917,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2009/01/09 22:46:33 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2009/01/09 22:44:00 | 01,585,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/01/09 22:43:36 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\i8042prt.sys.mui
[2009/01/09 22:43:36 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\sermouse.sys.mui
[2009/01/09 22:43:36 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouclass.sys.mui
[2009/01/09 22:43:36 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
[2009/01/09 22:43:36 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouhid.sys.mui
[2009/01/09 22:43:36 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdhid.sys.mui
[2009/01/09 22:43:34 | 00,905,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/01/09 22:43:34 | 00,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/01/09 22:43:34 | 00,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/01/09 22:43:34 | 00,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2009/01/09 22:43:34 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
[2009/01/09 22:43:34 | 00,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/01/09 22:43:34 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2009/01/09 22:43:33 | 00,944,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 11:04 pm

[2009/01/09 22:43:33 | 00,620,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/01/09 22:43:33 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/01/09 22:43:33 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/01/09 22:43:33 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2009/01/09 22:43:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/01/09 22:43:32 | 00,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2009/01/09 22:43:32 | 00,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/01/09 22:43:32 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/01/09 22:43:32 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2009/01/09 22:43:31 | 00,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2009/01/09 22:43:31 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2009/01/09 22:43:31 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2009/01/09 22:43:31 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2009/01/09 22:43:30 | 00,595,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/01/09 22:43:30 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys
[2009/01/09 22:43:30 | 00,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2009/01/09 22:43:30 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2009/01/09 22:43:30 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2009/01/09 22:43:30 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/01/09 22:43:29 | 00,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i8042prt.sys
[2009/01/09 22:43:29 | 00,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdclass.sys
[2009/01/09 22:43:29 | 00,034,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouclass.sys
[2009/01/09 22:43:29 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys
[2009/01/09 22:42:05 | 00,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2009/01/09 22:42:05 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2009/01/09 22:42:05 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2009/01/09 22:41:52 | 00,290,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/01/09 22:41:34 | 00,268,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2009/01/09 22:41:34 | 00,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/01/09 22:41:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/01/09 22:41:33 | 00,566,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/01/09 22:41:33 | 00,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/01/09 22:41:33 | 00,186,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/01/09 22:41:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/01/09 22:41:31 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/01/09 22:41:31 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/01/09 22:41:08 | 00,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/01/09 22:41:08 | 00,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/01/09 22:41:07 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/01/09 22:40:04 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/01/09 22:40:04 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2009/01/09 22:40:03 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/01/09 22:40:02 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2009/01/09 22:40:01 | 01,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/01/09 22:40:01 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/01/09 22:40:01 | 00,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/01/09 22:40:00 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2009/01/09 22:40:00 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/01/09 22:40:00 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2009/01/09 22:40:00 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2009/01/09 22:39:59 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/01/09 22:39:59 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2009/01/09 22:39:59 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2009/01/09 22:39:57 | 08,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2009/01/09 22:39:40 | 00,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/01/09 22:39:40 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2009/01/09 22:39:32 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/01/09 22:39:32 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2009/01/09 22:39:23 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2009/01/09 22:39:07 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/01/09 22:39:07 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/01/09 22:39:07 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2009/01/09 22:35:25 | 02,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/01/09 22:35:25 | 00,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/01/09 22:35:25 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/01/09 22:35:25 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/01/09 22:35:25 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/01/09 22:35:24 | 00,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/01/09 22:35:24 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/01/09 22:35:23 | 02,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/01/09 22:35:13 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/01/09 22:35:13 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/01/09 22:35:13 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/01/09 22:35:13 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/01/09 22:35:07 | 00,148,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/01/09 22:35:03 | 00,788,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 11:04 pm

[2009/01/09 22:34:16 | 00,737,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/01/09 22:34:16 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2009/01/09 22:34:04 | 01,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/01/09 22:33:43 | 01,327,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/01/09 22:32:45 | 03,505,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/01/09 22:32:44 | 03,470,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/01/09 22:32:22 | 01,341,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/01/09 22:32:22 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2009/01/09 22:31:41 | 00,750,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/01/09 22:27:46 | 00,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/01/07 20:11:47 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/01/07 20:11:47 | 01,524,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/01/07 20:11:47 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/01/07 20:11:47 | 00,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/01/07 20:11:18 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/01/07 20:11:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/01/07 20:11:18 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/01/07 20:10:47 | 00,162,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/01/07 20:10:47 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/01/06 20:48:06 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/01/06 20:46:45 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/01/05 23:52:48 | 00,004,608 | ---- | M] () -- C:\Users\Angel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/05 21:32:33 | 00,001,874 | ---- | M] () -- C:\Users\Angel\Desktop\HijackThis.lnk
[2009/01/05 18:18:12 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/01/05 18:18:12 | 00,010,635 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/01/05 18:18:12 | 00,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/01/04 18:12:59 | 00,000,540 | ---- | M] () -- C:\Users\Angel\Desktop\ComboFix - Shortcut.lnk
[2009/01/02 15:43:49 | 00,731,136 | ---- | M] () -- C:\Users\Angel\Desktop\avenger.exe
[2008/12/30 23:20:10 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2008/12/30 21:45:44 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/22 23:40:10 | 00,001,670 | ---- | M] () -- C:\Users\Angel\Desktop\CCleaner.lnk
[2008/12/22 23:26:37 | 00,072,632 | ---- | M] () -- C:\Users\Angel\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/12/17 11:55:51 | 00,001,637 | ---- | M] () -- C:\Users\Angel\Desktop\Paint.lnk
[2008/12/17 11:55:51 | 00,000,432 | -HS- | M] () -- C:\Users\Angel\Desktop\desktop.ini
[2008/12/15 20:28:10 | 00,000,016 | ---- | M] () -- C:\Windows\System32\coh.cache
[2008/12/14 22:31:41 | 00,000,402 | -HS- | M] () -- C:\Users\Angel\Documents\desktop.ini
[2008/12/14 22:31:41 | 00,000,174 | -HS- | M] () -- C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/12/14 21:19:11 | 00,000,000 | RH-- | M] () -- C:\Windows\System32\drivers\Sony_VGN-FZ240E.mrk
[2008/12/14 21:18:43 | 00,000,040 | -H-- | M] () -- C:\Windows\System32\ivireg.ivr
[2008/12/14 21:08:55 | 00,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2008/12/14 20:50:28 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbvideo.sys
[2008/12/14 20:46:12 | 01,132,112 | ---- | M] () -- C:\ProgramData\pswi_preloaded.exe
[2008/12/14 20:44:24 | 00,002,152 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2008/12/14 20:27:44 | 00,000,347 | -H-- | M] () -- C:\IPH.PH
[2008/12/14 20:26:13 | 00,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
< End of report >

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Tue Jan 13, 2009 11:04 pm

jajaj ok finnally dats it

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Tue Jan 13, 2009 11:13 pm

Lets try this.
If you still have Combofix, please delete it and download from the link we used before.
DO NOT run it yet.

Now open a new notepad file.
Input this into the notepad file:

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DhcpNameServer"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
"DhcpNameServer"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
"DhcpNameServer"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
"DhcpNameServer"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
"DhcpNameServer"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Wed Jan 14, 2009 6:06 am

ComboFix 09-01-13.03 - Angel 2009-01-13 21:53:28.6 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1027 [GMT -8:00]
Running from: c:\users\Angel\Downloads\ComboFix.exe
Command switches used :: c:\users\Angel\Desktop\CFscript.txt
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: Norton 360 *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Agent.OMZ.Fix.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.

2009-01-11 21:00 . 2009-01-11 21:00 268,800 --a------ c:\windows\System32\es.dll
2009-01-11 18:11 . 2009-01-11 18:11 691 --a------ c:\users\Angel\AppData\Roaming\GetValue.vbs
2009-01-11 18:11 . 2009-01-11 18:11 35 --a------ c:\users\Angel\AppData\Roaming\SetValue.bat
2009-01-09 23:11 . 2009-01-09 23:11 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2009-01-09 23:11 . 2009-01-09 23:11 272,896 --a------ c:\windows\System32\polstore.dll
2009-01-09 23:11 . 2009-01-09 23:11 61,440 --a------ c:\windows\System32\winipsec.dll
2009-01-09 23:11 . 2009-01-09 23:11 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2009-01-09 23:09 . 2009-01-09 23:09 1,655,289 --a------ c:\windows\System32\wlan.tmf
2009-01-09 23:08 . 2009-01-09 23:08 194,560 --a------ c:\windows\System32\WebClnt.dll
2009-01-09 23:08 . 2009-01-09 23:08 110,080 --a------ c:\windows\System32\drivers\mrxdav.sys
2009-01-09 23:06 . 2009-01-09 23:06 1,244,672 --a------ c:\windows\System32\mcmde.dll
2009-01-09 23:06 . 2009-01-09 23:06 428,032 --a------ c:\windows\System32\EncDec.dll
2009-01-09 23:06 . 2009-01-09 23:06 292,352 --a------ c:\windows\System32\psisdecd.dll
2009-01-09 23:06 . 2009-01-09 23:06 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-01-09 23:06 . 2009-01-09 23:06 177,152 --a------ c:\windows\System32\mpg2splt.ax
2009-01-09 23:06 . 2009-01-09 23:06 80,896 --a------ c:\windows\System32\MSNP.ax
2009-01-09 23:06 . 2009-01-09 23:06 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2009-01-09 23:06 . 2009-01-09 23:06 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2009-01-09 23:05 . 2009-01-09 23:05 297,472 --a------ c:\windows\System32\gdi32.dll
2009-01-09 23:04 . 2009-01-09 23:04 1,060,920 --a------ c:\windows\System32\drivers\ntfs.sys
2009-01-09 23:04 . 2009-01-09 23:04 41,984 --a------ c:\windows\System32\drivers\monitor.sys
2009-01-09 23:01 . 2009-01-09 23:01 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-01-09 23:00 . 2009-01-09 23:00 374,456 --a------ c:\windows\System32\mcupdate_GenuineIntel.dll
2009-01-09 23:00 . 2009-01-09 23:00 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-01-09 22:59 . 2009-01-09 22:59 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-09 22:59 . 2009-01-09 22:59 1,687,040 --a------ c:\windows\System32\gameux.dll
2009-01-09 22:59 . 2009-01-09 22:59 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-01-09 22:58 . 2009-01-09 22:58 2,027,520 --a------ c:\windows\System32\win32k.sys
2009-01-09 22:58 . 2009-01-09 22:58 303,616 --a------ c:\windows\System32\wmpeffects.dll
2009-01-09 22:57 . 2009-01-09 22:57 8,147,968 --a------ c:\windows\System32\wmploc.DLL
2009-01-09 22:57 . 2009-01-09 22:57 1,194,496 --a------ c:\windows\System32\msxml3.dll
2009-01-09 22:57 . 2009-01-09 22:57 356,864 --a------ c:\windows\System32\MediaMetadataHandler.dll
2009-01-09 22:57 . 2009-01-09 22:57 7,680 --a------ c:\windows\System32\spwmp.dll
2009-01-09 22:57 . 2009-01-09 22:57 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-01-09 22:57 . 2009-01-09 22:57 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-01-09 22:57 . 2009-01-09 22:57 2,048 --a------ c:\windows\System32\msxml3r.dll
2009-01-09 22:56 . 2009-01-09 22:56 396,800 --a------ c:\windows\System32\MPSSVC.dll
2009-01-09 22:56 . 2009-01-09 22:56 392,192 --a------ c:\windows\System32\FirewallAPI.dll
2009-01-09 22:56 . 2009-01-09 22:56 178,688 --a------ c:\windows\System32\iphlpsvc.dll
2009-01-09 22:56 . 2009-01-09 22:56 86,016 --a------ c:\windows\System32\icfupgd.dll
2009-01-09 22:56 . 2009-01-09 22:56 63,488 --a------ c:\windows\System32\drivers\mpsdrv.sys
2009-01-09 22:56 . 2009-01-09 22:56 61,952 --a------ c:\windows\System32\cmifw.dll
2009-01-09 22:56 . 2009-01-09 22:56 23,040 --a------ c:\windows\System32\drivers\tunnel.sys
2009-01-09 22:56 . 2009-01-09 22:56 16,896 --a------ c:\windows\System32\wfapigp.dll
2009-01-09 22:56 . 2009-01-09 22:56 15,360 --a------ c:\windows\System32\drivers\TUNMP.SYS
2009-01-09 22:55 . 2009-01-09 22:55 2,048 --a------ c:\windows\System32\tzres.dll
2009-01-09 22:51 . 2009-01-09 22:51 2,923,520 --a------ c:\windows\explorer.exe
2009-01-09 22:51 . 2009-01-09 22:51 211,000 --a------ c:\windows\System32\drivers\volsnap.sys
2009-01-09 22:51 . 2009-01-09 22:51 154,624 --a------ c:\windows\System32\drivers\nwifi.sys
2009-01-09 22:51 . 2009-01-09 22:51 109,624 --a------ c:\windows\System32\drivers\ataport.sys
2009-01-09 22:51 . 2009-01-09 22:51 45,112 --a------ c:\windows\System32\drivers\pciidex.sys
2009-01-09 22:51 . 2009-01-09 22:51 21,560 --a------ c:\windows\System32\drivers\atapi.sys
2009-01-09 22:51 . 2009-01-09 22:51 17,464 --a------ c:\windows\System32\drivers\intelide.sys
2009-01-09 22:48 . 2009-01-09 22:48 803,328 --a------ c:\windows\System32\drivers\tcpip.sys
2009-01-09 22:48 . 2009-01-09 22:48 216,632 --a------ c:\windows\System32\drivers\netio.sys
2009-01-09 22:48 . 2009-01-09 22:48 167,424 --a------ c:\windows\System32\tcpipcfg.dll
2009-01-09 22:48 . 2009-01-09 22:48 24,064 --a------ c:\windows\System32\netcfg.exe
2009-01-09 22:48 . 2009-01-09 22:48 22,016 --a------ c:\windows\System32\netiougc.exe
2009-01-09 22:47 . 2009-01-09 22:47 7,964,672 --a------ c:\windows\System32\NlsLexicons0024.dll
2009-01-09 22:47 . 2009-01-09 22:47 6,224,896 --a------ c:\windows\System32\NlsLexicons0027.dll
2009-01-09 22:47 . 2009-01-09 22:47 5,791,232 --a------ c:\windows\System32\NlsLexicons0026.dll
2009-01-09 22:47 . 2009-01-09 22:47 5,499,904 --a------ c:\windows\System32\NlsLexicons0022.dll
2009-01-09 22:47 . 2009-01-09 22:47 4,175,872 --a------ c:\windows\System32\NlsLexicons0010.dll
2009-01-09 22:47 . 2009-01-09 22:47 2,136,064 --a------ c:\windows\System32\NlsLexicons0021.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,808,896 --a------ c:\windows\System32\NlsLexicons0046.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,793,536 --a------ c:\windows\System32\NlsLexicons0045.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,782,272 --a------ c:\windows\System32\NlsLexicons0039.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,558,016 --a------ c:\windows\System32\NlsLexicons0049.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,411,072 --a------ c:\windows\System32\NlsLexicons0047.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,236,992 --a------ c:\windows\System32\NlsLexicons0020.dll
2009-01-09 22:44 . 2009-01-09 22:44 1,585,664 --a------ c:\windows\System32\setupapi.dll
2009-01-09 22:42 . 2009-01-09 22:42 223,232 --a------ c:\windows\System32\WMASF.DLL
2009-01-09 22:42 . 2009-01-09 22:42 9,728 --a------ c:\windows\System32\LAPRXY.DLL
2009-01-09 22:42 . 2009-01-09 22:42 2,048 --a------ c:\windows\System32\asferror.dll
2009-01-09 22:40 . 2009-01-09 22:40 1,984,512 --a------ c:\windows\System32\authui.dll
2009-01-09 22:40 . 2009-01-09 22:40 269,824 --a------ c:\windows\System32\schannel.dll
2009-01-09 22:40 . 2009-01-09 22:40 220,160 --a------ c:\windows\System32\ntprint.dll
2009-01-09 22:40 . 2009-01-09 22:40 123,904 --a------ c:\windows\System32\msvfw32.dll
2009-01-09 22:40 . 2009-01-09 22:40 120,320 --a------ c:\windows\System32\dhcpcsvc6.dll
2009-01-09 22:40 . 2009-01-09 22:40 88,576 --a------ c:\windows\System32\avifil32.dll
2009-01-09 22:40 . 2009-01-09 22:40 82,944 --a------ c:\windows\System32\mciavi32.dll
2009-01-09 22:40 . 2009-01-09 22:40 65,024 --a------ c:\windows\System32\avicap32.dll
2009-01-09 22:40 . 2009-01-09 22:40 61,440 --a------ c:\windows\System32\ntprint.exe
2009-01-09 22:40 . 2009-01-09 22:40 10,240 --a------ c:\windows\System32\dhcpcmonitor.dll
2009-01-09 22:39 . 2009-01-09 22:39 8,138,240 --a------ c:\windows\System32\ssBranded.scr
2009-01-09 22:39 . 2009-01-09 22:39 441,856 --a------ c:\windows\System32\win32spl.dll
2009-01-09 22:39 . 2009-01-09 22:39 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2009-01-09 22:39 . 2009-01-09 22:39 83,968 --a------ c:\windows\System32\dnsrslvr.dll
2009-01-09 22:39 . 2009-01-09 22:39 69,632 --a------ c:\windows\System32\sendmail.dll
2009-01-09 22:39 . 2009-01-09 22:39 37,376 --a------ c:\windows\System32\printcom.dll
2009-01-09 22:39 . 2009-01-09 22:39 31,232 --a------ c:\windows\System32\msvidc32.dll
2009-01-09 22:39 . 2009-01-09 22:39 24,576 --a------ c:\windows\System32\dnscacheugc.exe
2009-01-09 22:39 . 2009-01-09 22:39 14,848 --a------ c:\windows\System32\wshrm.dll
2009-01-09 22:39 . 2009-01-09 22:39 12,800 --a------ c:\windows\System32\msrle32.dll
2009-01-09 22:39 . 2009-01-09 22:39 11,776 --a------ c:\windows\System32\sbunattend.exe
2009-01-09 22:34 . 2009-01-09 22:34 1,645,568 --a------ c:\windows\System32\connect.dll
2009-01-09 22:34 . 2009-01-09 22:34 737,792 --a------ c:\windows\System32\inetcomm.dll
2009-01-09 22:34 . 2009-01-09 22:34 84,480 --a------ c:\windows\System32\INETRES.dll
2009-01-09 22:33 . 2009-01-09 22:33 1,327,104 --a------ c:\windows\System32\quartz.dll
2009-01-09 22:32 . 2009-01-09 22:32 3,505,208 --a------ c:\windows\System32\ntkrnlpa.exe
2009-01-09 22:32 . 2009-01-09 22:32 3,470,904 --a------ c:\windows\System32\ntoskrnl.exe
2009-01-09 22:32 . 2009-01-09 22:32 1,341,440 --a------ c:\windows\System32\msxml6.dll
2009-01-09 22:32 . 2009-01-09 22:32 2,048 --a------ c:\windows\System32\msxml6r.dll
2009-01-09 22:31 . 2009-01-09 22:31 750,080 --a------ c:\windows\System32\qmgr.dll
2009-01-07 20:11 . 2009-01-07 20:11 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2009-01-07 20:11 . 2009-01-07 20:11 1,524,736 --a------ c:\windows\System32\wucltux.dll
2009-01-07 20:11 . 2009-01-07 20:11 561,688 --a------ c:\windows\System32\wuapi.dll
2009-01-07 20:11 . 2009-01-07 20:11 83,456 --a------ c:\windows\System32\wudriver.dll
2009-01-07 20:11 . 2009-01-07 20:11 51,224 --a------ c:\windows\System32\wuauclt.exe
2009-01-07 20:11 . 2009-01-07 20:11 43,544 --a------ c:\windows\System32\wups2.dll
2009-01-07 20:11 . 2009-01-07 20:11 34,328 --a------ c:\windows\System32\wups.dll
2009-01-07 20:10 . 2009-01-07 20:10 162,064 --a------ c:\windows\System32\wuwebv.dll
2009-01-07 20:10 . 2009-01-07 20:10 31,232 --a------ c:\windows\System32\wuapp.exe
2009-01-06 20:48 . 2009-01-06 20:48 d-------- c:\users\Angel\AppData\Roaming\Apple Computer
2009-01-06 20:47 . 2009-01-06 20:48 d-------- c:\program files\iTunes
2009-01-06 20:47 . 2009-01-06 20:47 d-------- c:\program files\iPod
2009-01-06 20:47 . 2009-01-06 20:47 d-------- c:\program files\Bonjour
2009-01-06 20:46 . 2009-01-06 20:47 d-------- c:\users\All Users\Apple Computer
2009-01-06 20:46 . 2009-01-06 20:47 d-------- c:\programdata\Apple Computer
2009-01-06 20:46 . 2009-01-06 20:46 d-------- c:\program files\QuickTime
2009-01-06 20:46 . 2009-01-06 20:46 d-------- c:\program files\Apple Software Update
2009-01-06 20:45 . 2009-01-06 20:45 d-------- c:\users\All Users\Apple
2009-01-06 20:45 . 2009-01-06 20:45 d-------- c:\programdata\Apple
2009-01-06 20:45 . 2009-01-06 20:47 d-------- c:\program files\Common Files\Apple
2009-01-06 20:14 . 2009-01-06 20:14 d--hsc--- c:\program files\Common Files\WindowsLiveInstaller

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Wed Jan 14, 2009 6:06 am

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 08:30 174 --sha-w c:\program files\desktop.ini
2009-01-10 08:23 --------- d-----w c:\program files\Windows Sidebar
2009-01-10 08:23 --------- d-----w c:\program files\Windows Mail
2009-01-10 08:23 --------- d-----w c:\program files\Windows Calendar
2009-01-10 08:21 --------- d-----w c:\program files\Apoint
2009-01-10 07:09 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2009-01-10 07:09 67,584 ----a-w c:\windows\System32\wlanhlp.dll
2009-01-10 07:09 542,720 ----a-w c:\windows\System32\sysmain.dll
2009-01-10 07:09 502,784 ----a-w c:\windows\System32\wlansvc.dll
2009-01-10 07:09 47,104 ----a-w c:\windows\System32\wlanapi.dll
2009-01-10 07:09 297,984 ----a-w c:\windows\System32\wlansec.dll
2009-01-10 07:09 290,816 ----a-w c:\windows\System32\wlanmsm.dll
2009-01-10 07:09 28,344 ----a-w c:\windows\system32\drivers\battc.sys
2009-01-10 07:09 258,232 ----a-w c:\windows\system32\drivers\acpi.sys
2009-01-10 07:09 24,064 ----a-w c:\windows\System32\wtsapi32.dll
2009-01-10 07:09 20,920 ----a-w c:\windows\system32\drivers\compbatt.sys
2009-01-10 07:09 14,208 ----a-w c:\windows\system32\drivers\CmBatt.sys
2009-01-10 06:59 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-10 06:59 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-10 06:59 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-10 06:59 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-10 06:59 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-10 06:59 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-10 06:49 826,368 ----a-w c:\windows\System32\wininet.dll
2009-01-10 06:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2009-01-10 06:49 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-10 06:43 944,184 ----a-w c:\windows\System32\winload.exe
2009-01-10 06:41 712,192 ----a-w c:\windows\System32\WindowsCodecs.dll
2009-01-10 06:41 57,856 ----a-w c:\windows\System32\SLUINotify.dll
2009-01-10 06:41 566,784 ----a-w c:\windows\System32\SLCommDlg.dll
2009-01-10 06:41 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2009-01-10 06:41 39,936 ----a-w c:\windows\System32\slcinst.dll
2009-01-10 06:41 351,232 ----a-w c:\windows\System32\SLUI.exe
2009-01-10 06:41 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll
2009-01-10 06:41 33,280 ----a-w c:\windows\System32\slwmi.dll
2009-01-10 06:41 290,304 ----a-w c:\windows\system32\drivers\srv.sys
2009-01-10 06:41 268,288 ----a-w c:\windows\System32\mcbuilder.exe
2009-01-10 06:41 223,232 ----a-w c:\windows\System32\SLC.dll
2009-01-10 06:41 2,605,568 ----a-w c:\windows\System32\SLsvc.exe
2009-01-10 06:41 186,368 ----a-w c:\windows\System32\SLLUA.exe
2009-01-02 03:58 --------- d-----w c:\program files\Common Files\Sony Shared
2009-01-02 03:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 03:57 --------- d-----w c:\program files\Sony
2009-01-02 03:56 --------- d-----w c:\programdata\Sony Corporation
2008-12-16 06:03 --------- d-----w c:\program files\Java
2008-12-15 06:24 --------- d-sh--w c:\programdata\Templates
2008-12-15 06:24 --------- d-sh--w c:\programdata\Start Menu
2008-12-15 06:24 --------- d-sh--w c:\programdata\Favorites
2008-12-15 06:24 --------- d-sh--w c:\programdata\Documents
2008-12-15 06:24 --------- d-sh--w c:\programdata\Desktop
2008-12-15 06:24 --------- d-sh--w c:\programdata\Application Data
2008-12-15 04:38 --------- d-----w c:\program files\Common Files\InstallShield
.

((((((((((((((((((((((((((((( snapshot_2009-01-11_23.55.50.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-14 05:52:57 6,189,056 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2000-08-31 16:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 16:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2009-01-12 07:01:32 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-12 21:14:06 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-12 07:01:32 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-12 21:14:06 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-12 07:02:12 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-12 21:15:42 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-01-12 07:02:17 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-12 21:15:37 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-01-12 07:02:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-14 03:30:51 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-12 07:02:52 147,456 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-14 03:30:51 163,840 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-12 07:02:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-14 03:30:51 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-06 05:22:11 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-01-14 05:53:02 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2009-01-12 07:08:05 107,714 ----a-w c:\windows\System32\perfc009.dat
+ 2009-01-12 21:20:41 107,714 ----a-w c:\windows\System32\perfc009.dat
- 2009-01-12 07:08:05 626,976 ----a-w c:\windows\System32\perfh009.dat
+ 2009-01-12 21:20:41 626,976 ----a-w c:\windows\System32\perfh009.dat
- 2009-01-12 07:00:44 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-01-14 02:03:48 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-01-12 07:03:21 5,966 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-712910195-2065108488-2920947175-1002_UserData.bin
+ 2009-01-12 21:16:04 6,018 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-712910195-2065108488-2920947175-1002_UserData.bin
- 2009-01-12 07:03:21 67,228 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-12 21:16:04 67,228 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-12 07:03:20 34,156 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-12 21:16:03 34,220 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-14 02:04:09 91,249 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-01-09 1232896]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 53248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 18:26 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1980A3A3-72DB-4E3F-9F05-2191AA5DB79A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0816D0DF-B54B-4F22-AD54-EF92FB51704A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{00D323C8-E223-4115-B226-39A64557D821}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{516FF797-A0CA-43D6-A288-6A38B1835483}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F67C3699-D469-4522-851C-F156159CCFE6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D2100068-A81F-4DFA-A023-89A8E6C91F13}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AE100143-A4AF-4F19-A255-1F87AACED5C4}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BC772F8E-19BD-44C7-9AE8-77DBB2AEC02E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090102.001\IDSvix86.sys [2009-01-09 270384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-15 99376]
R3 KeyScrambler;KeyScrambler;c:\windows\System32\drivers\keyscrambler.sys [2009-01-01 113896]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2007-08-01 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2007-08-01 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [2007-08-01 31104]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2007-01-09 38200]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-08-01 812544]
R4 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-01 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-08-01 79736]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\rafdrutm.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\rafdrutm.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-01-13 21:55:38
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-13 21:57:49
ComboFix-quarantined-files.txt 2009-01-14 05:57:47
ComboFix2.txt 2009-01-12 07:57:41
ComboFix3.txt 2009-01-06 05:25:56
ComboFix4.txt 2009-01-05 02:16:28
ComboFix5.txt 2009-01-14 05:51:34

Pre-Run: 218,168,745,984 bytes free
Post-Run: 218,141,712,384 bytes free

333 --- E O F --- 2009-01-12 06:35:31

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Wed Jan 14, 2009 2:07 pm

Hmmm.
I wonder if that did it.
Still having problems?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Wed Jan 14, 2009 8:34 pm

i still cannot uPDte but now spybot only finds two trojans instead of four and malware sometimes finds two sometimes it doesnt instead of the six or foud it used it. but when i do erase them without restarting i can do updates but once i restart its back to the same. i think that it has to do with my internet connection because when thats restarted too the viruses comeback

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Wed Jan 14, 2009 8:48 pm

Okay, do this:
Do a spybot scan, remove everything it found.

DO NOT reboot yet.
Press Start > Run
Type in:
cmd
Press enter
Type in:
ipconfig /release
Press enter. (your net connection will die for now, but this next command fixes it)
Then type in:
ipconfig /renew
Press enter.
Then type in:
ipconfig /flushdns

Then close the command prompt.
Reboot now.
Does Spybot still find anything now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Fri Jan 16, 2009 2:22 am

when i do the ipconfig /release it says the required operation requires elevation

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Fri Jan 16, 2009 4:51 pm

Darn Vista.
Press Start > All Programs > Accessories > Command Prompt > right click > "Run as administrator"


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Sat Jan 17, 2009 12:30 am

it says this when i try:

windows ip configuration
no operation can be performed on Local Area Connection while it has its media disconnected

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Sat Jan 17, 2009 12:54 am

I'm gonna get in touch with my colleagues and see if we can come up with anything.
While I'm doing that, you said after that CF run, the number of stuff that Spybot found has dropped, can you post a log of what Spybot is still finding?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Sun Jan 18, 2009 4:02 am

Sorry idk how to find the log for the findings!! can you help me?

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Sun Jan 18, 2009 4:54 am

This is all i can find :
Malwarebytes' Anti-Malware 1.32
Database version: 1643
Windows 6.0.6000

1/17/2009 20:53:47
mbam-log-2009-01-17 (20-53-47).txt

Scan type: Quick Scan
Objects scanned: 49053
Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Sun Jan 18, 2009 1:20 pm

Okay, we'll use combofix again.
Delete combofix you have and download a new copy.

Now open a new notepad file.
Input this into the notepad file:

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
"DhcpNameServer"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}]
"DhcpNameServer"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:14 pm

ComboFix 09-01-19.01 - Angel 2009-01-19 11:03:27.7 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1143 [GMT -8:00]
Running from: c:\users\Angel\Downloads\ComboFix.exe
Command switches used :: c:\users\Angel\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: Norton 360 *enabled*
* Created a new restore point
.

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:16 pm

((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-16 22:54 . 2009-01-16 22:54 d-------- c:\program files\Microsoft Silverlight
2009-01-13 18:04 . 2008-12-15 19:14 290,304 --a------ c:\windows\System32\drivers\srv.sys
2009-01-11 21:00 . 2009-01-11 21:00 268,800 --a------ c:\windows\System32\es.dll
2009-01-11 18:11 . 2009-01-11 18:11 691 --a------ c:\users\Angel\AppData\Roaming\GetValue.vbs
2009-01-11 18:11 . 2009-01-11 18:11 35 --a------ c:\users\Angel\AppData\Roaming\SetValue.bat
2009-01-09 23:11 . 2009-01-09 23:11 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2009-01-09 23:11 . 2009-01-09 23:11 272,896 --a------ c:\windows\System32\polstore.dll
2009-01-09 23:11 . 2009-01-09 23:11 61,440 --a------ c:\windows\System32\winipsec.dll
2009-01-09 23:11 . 2009-01-09 23:11 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2009-01-09 23:09 . 2009-01-09 23:09 1,655,289 --a------ c:\windows\System32\wlan.tmf
2009-01-09 23:08 . 2009-01-09 23:08 194,560 --a------ c:\windows\System32\WebClnt.dll
2009-01-09 23:08 . 2009-01-09 23:08 110,080 --a------ c:\windows\System32\drivers\mrxdav.sys
2009-01-09 23:06 . 2009-01-09 23:06 1,244,672 --a------ c:\windows\System32\mcmde.dll
2009-01-09 23:06 . 2009-01-09 23:06 428,032 --a------ c:\windows\System32\EncDec.dll
2009-01-09 23:06 . 2009-01-09 23:06 292,352 --a------ c:\windows\System32\psisdecd.dll
2009-01-09 23:06 . 2009-01-09 23:06 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-01-09 23:06 . 2009-01-09 23:06 177,152 --a------ c:\windows\System32\mpg2splt.ax
2009-01-09 23:06 . 2009-01-09 23:06 80,896 --a------ c:\windows\System32\MSNP.ax
2009-01-09 23:06 . 2009-01-09 23:06 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2009-01-09 23:06 . 2009-01-09 23:06 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2009-01-09 23:05 . 2009-01-09 23:05 297,472 --a------ c:\windows\System32\gdi32.dll
2009-01-09 23:04 . 2009-01-09 23:04 1,060,920 --a------ c:\windows\System32\drivers\ntfs.sys
2009-01-09 23:04 . 2009-01-09 23:04 41,984 --a------ c:\windows\System32\drivers\monitor.sys
2009-01-09 23:01 . 2009-01-09 23:01 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-01-09 23:00 . 2009-01-09 23:00 374,456 --a------ c:\windows\System32\mcupdate_GenuineIntel.dll
2009-01-09 23:00 . 2009-01-09 23:00 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-01-09 22:59 . 2009-01-09 22:59 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-09 22:59 . 2009-01-09 22:59 1,687,040 --a------ c:\windows\System32\gameux.dll
2009-01-09 22:59 . 2009-01-09 22:59 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-01-09 22:58 . 2009-01-09 22:58 2,027,520 --a------ c:\windows\System32\win32k.sys
2009-01-09 22:58 . 2009-01-09 22:58 303,616 --a------ c:\windows\System32\wmpeffects.dll
2009-01-09 22:57 . 2009-01-09 22:57 8,147,968 --a------ c:\windows\System32\wmploc.DLL
2009-01-09 22:57 . 2009-01-09 22:57 1,194,496 --a------ c:\windows\System32\msxml3.dll
2009-01-09 22:57 . 2009-01-09 22:57 356,864 --a------ c:\windows\System32\MediaMetadataHandler.dll
2009-01-09 22:57 . 2009-01-09 22:57 7,680 --a------ c:\windows\System32\spwmp.dll
2009-01-09 22:57 . 2009-01-09 22:57 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-01-09 22:57 . 2009-01-09 22:57 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-01-09 22:57 . 2009-01-09 22:57 2,048 --a------ c:\windows\System32\msxml3r.dll
2009-01-09 22:56 . 2009-01-09 22:56 396,800 --a------ c:\windows\System32\MPSSVC.dll
2009-01-09 22:56 . 2009-01-09 22:56 392,192 --a------ c:\windows\System32\FirewallAPI.dll
2009-01-09 22:56 . 2009-01-09 22:56 178,688 --a------ c:\windows\System32\iphlpsvc.dll
2009-01-09 22:56 . 2009-01-09 22:56 86,016 --a------ c:\windows\System32\icfupgd.dll
2009-01-09 22:56 . 2009-01-09 22:56 63,488 --a------ c:\windows\System32\drivers\mpsdrv.sys
2009-01-09 22:56 . 2009-01-09 22:56 61,952 --a------ c:\windows\System32\cmifw.dll
2009-01-09 22:56 . 2009-01-09 22:56 23,040 --a------ c:\windows\System32\drivers\tunnel.sys
2009-01-09 22:56 . 2009-01-09 22:56 16,896 --a------ c:\windows\System32\wfapigp.dll
2009-01-09 22:56 . 2009-01-09 22:56 15,360 --a------ c:\windows\System32\drivers\TUNMP.SYS
2009-01-09 22:55 . 2009-01-09 22:55 2,048 --a------ c:\windows\System32\tzres.dll
2009-01-09 22:51 . 2009-01-09 22:51 2,923,520 --a------ c:\windows\explorer.exe
2009-01-09 22:51 . 2009-01-09 22:51 211,000 --a------ c:\windows\System32\drivers\volsnap.sys
2009-01-09 22:51 . 2009-01-09 22:51 154,624 --a------ c:\windows\System32\drivers\nwifi.sys
2009-01-09 22:51 . 2009-01-09 22:51 109,624 --a------ c:\windows\System32\drivers\ataport.sys
2009-01-09 22:51 . 2009-01-09 22:51 45,112 --a------ c:\windows\System32\drivers\pciidex.sys
2009-01-09 22:51 . 2009-01-09 22:51 21,560 --a------ c:\windows\System32\drivers\atapi.sys
2009-01-09 22:51 . 2009-01-09 22:51 17,464 --a------ c:\windows\System32\drivers\intelide.sys
2009-01-09 22:48 . 2009-01-09 22:48 803,328 --a------ c:\windows\System32\drivers\tcpip.sys
2009-01-09 22:48 . 2009-01-09 22:48 216,632 --a------ c:\windows\System32\drivers\netio.sys
2009-01-09 22:48 . 2009-01-09 22:48 167,424 --a------ c:\windows\System32\tcpipcfg.dll
2009-01-09 22:48 . 2009-01-09 22:48 24,064 --a------ c:\windows\System32\netcfg.exe
2009-01-09 22:48 . 2009-01-09 22:48 22,016 --a------ c:\windows\System32\netiougc.exe
2009-01-09 22:47 . 2009-01-09 22:47 7,964,672 --a------ c:\windows\System32\NlsLexicons0024.dll
2009-01-09 22:47 . 2009-01-09 22:47 6,224,896 --a------ c:\windows\System32\NlsLexicons0027.dll
2009-01-09 22:47 . 2009-01-09 22:47 5,791,232 --a------ c:\windows\System32\NlsLexicons0026.dll
2009-01-09 22:47 . 2009-01-09 22:47 5,499,904 --a------ c:\windows\System32\NlsLexicons0022.dll
2009-01-09 22:47 . 2009-01-09 22:47 4,175,872 --a------ c:\windows\System32\NlsLexicons0010.dll
2009-01-09 22:47 . 2009-01-09 22:47 2,136,064 --a------ c:\windows\System32\NlsLexicons0021.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,808,896 --a------ c:\windows\System32\NlsLexicons0046.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,793,536 --a------ c:\windows\System32\NlsLexicons0045.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,782,272 --a------ c:\windows\System32\NlsLexicons0039.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,558,016 --a------ c:\windows\System32\NlsLexicons0049.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,411,072 --a------ c:\windows\System32\NlsLexicons0047.dll
2009-01-09 22:47 . 2009-01-09 22:47 1,236,992 --a------ c:\windows\System32\NlsLexicons0020.dll
2009-01-09 22:44 . 2009-01-09 22:44 1,585,664 --a------ c:\windows\System32\setupapi.dll
2009-01-09 22:42 . 2009-01-09 22:42 223,232 --a------ c:\windows\System32\WMASF.DLL
2009-01-09 22:42 . 2009-01-09 22:42 9,728 --a------ c:\windows\System32\LAPRXY.DLL
2009-01-09 22:42 . 2009-01-09 22:42 2,048 --a------ c:\windows\System32\asferror.dll
2009-01-09 22:41 . 2009-01-09 22:41 2,605,568 --a------ c:\windows\System32\SLsvc.exe
2009-01-09 22:41 . 2009-01-09 22:41 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2009-01-09 22:41 . 2009-01-09 22:41 566,784 --a------ c:\windows\System32\SLCommDlg.dll
2009-01-09 22:41 . 2009-01-09 22:41 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2009-01-09 22:41 . 2009-01-09 22:41 351,232 --a------ c:\windows\System32\SLUI.exe
2009-01-09 22:41 . 2009-01-09 22:41 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2009-01-09 22:41 . 2009-01-09 22:41 268,288 --a------ c:\windows\System32\mcbuilder.exe
2009-01-09 22:41 . 2009-01-09 22:41 223,232 --a------ c:\windows\System32\SLC.dll
2009-01-09 22:41 . 2009-01-09 22:41 186,368 --a------ c:\windows\System32\SLLUA.exe
2009-01-09 22:41 . 2009-01-09 22:41 57,856 --a------ c:\windows\System32\SLUINotify.dll
2009-01-09 22:41 . 2009-01-09 22:41 39,936 --a------ c:\windows\System32\slcinst.dll
2009-01-09 22:41 . 2009-01-09 22:41 33,280 --a------ c:\windows\System32\slwmi.dll
2009-01-09 22:40 . 2009-01-09 22:40 1,984,512 --a------ c:\windows\System32\authui.dll
2009-01-09 22:40 . 2009-01-09 22:40 269,824 --a------ c:\windows\System32\schannel.dll
2009-01-09 22:40 . 2009-01-09 22:40 220,160 --a------ c:\windows\System32\ntprint.dll
2009-01-09 22:40 . 2009-01-09 22:40 123,904 --a------ c:\windows\System32\msvfw32.dll
2009-01-09 22:40 . 2009-01-09 22:40 120,320 --a------ c:\windows\System32\dhcpcsvc6.dll
2009-01-09 22:40 . 2009-01-09 22:40 88,576 --a------ c:\windows\System32\avifil32.dll

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:17 pm

2009-01-09 22:40 . 2009-01-09 22:40 82,944 --a------ c:\windows\System32\mciavi32.dll
2009-01-09 22:40 . 2009-01-09 22:40 65,024 --a------ c:\windows\System32\avicap32.dll
2009-01-09 22:40 . 2009-01-09 22:40 61,440 --a------ c:\windows\System32\ntprint.exe
2009-01-09 22:40 . 2009-01-09 22:40 10,240 --a------ c:\windows\System32\dhcpcmonitor.dll
2009-01-09 22:39 . 2009-01-09 22:39 8,138,240 --a------ c:\windows\System32\ssBranded.scr
2009-01-09 22:39 . 2009-01-09 22:39 441,856 --a------ c:\windows\System32\win32spl.dll
2009-01-09 22:39 . 2009-01-09 22:39 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2009-01-09 22:39 . 2009-01-09 22:39 83,968 --a------ c:\windows\System32\dnsrslvr.dll
2009-01-09 22:39 . 2009-01-09 22:39 69,632 --a------ c:\windows\System32\sendmail.dll
2009-01-09 22:39 . 2009-01-09 22:39 37,376 --a------ c:\windows\System32\printcom.dll
2009-01-09 22:39 . 2009-01-09 22:39 31,232 --a------ c:\windows\System32\msvidc32.dll
2009-01-09 22:39 . 2009-01-09 22:39 24,576 --a------ c:\windows\System32\dnscacheugc.exe
2009-01-09 22:39 . 2009-01-09 22:39 14,848 --a------ c:\windows\System32\wshrm.dll
2009-01-09 22:39 . 2009-01-09 22:39 12,800 --a------ c:\windows\System32\msrle32.dll
2009-01-09 22:39 . 2009-01-09 22:39 11,776 --a------ c:\windows\System32\sbunattend.exe
2009-01-09 22:34 . 2009-01-09 22:34 1,645,568 --a------ c:\windows\System32\connect.dll
2009-01-09 22:34 . 2009-01-09 22:34 737,792 --a------ c:\windows\System32\inetcomm.dll
2009-01-09 22:34 . 2009-01-09 22:34 84,480 --a------ c:\windows\System32\INETRES.dll
2009-01-09 22:33 . 2009-01-09 22:33 1,327,104 --a------ c:\windows\System32\quartz.dll
2009-01-09 22:32 . 2009-01-09 22:32 3,505,208 --a------ c:\windows\System32\ntkrnlpa.exe
2009-01-09 22:32 . 2009-01-09 22:32 3,470,904 --a------ c:\windows\System32\ntoskrnl.exe
2009-01-09 22:32 . 2009-01-09 22:32 1,341,440 --a------ c:\windows\System32\msxml6.dll
2009-01-09 22:32 . 2009-01-09 22:32 2,048 --a------ c:\windows\System32\msxml6r.dll
2009-01-09 22:31 . 2009-01-09 22:31 750,080 --a------ c:\windows\System32\qmgr.dll
2009-01-07 20:11 . 2009-01-07 20:11 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2009-01-07 20:11 . 2009-01-07 20:11 1,524,736 --a------ c:\windows\System32\wucltux.dll
2009-01-07 20:11 . 2009-01-07 20:11 561,688 --a------ c:\windows\System32\wuapi.dll
2009-01-07 20:11 . 2009-01-07 20:11 83,456 --a------ c:\windows\System32\wudriver.dll
2009-01-07 20:11 . 2009-01-07 20:11 51,224 --a------ c:\windows\System32\wuauclt.exe
2009-01-07 20:11 . 2009-01-07 20:11 43,544 --a------ c:\windows\System32\wups2.dll
2009-01-07 20:11 . 2009-01-07 20:11 34,328 --a------ c:\windows\System32\wups.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 11:02 --------- d-----w c:\program files\Windows Mail
2009-01-14 08:37 --------- d-----w c:\programdata\Sony Corporation
2009-01-10 08:30 174 --sha-w c:\program files\desktop.ini
2009-01-10 08:23 --------- d-----w c:\program files\Windows Sidebar
2009-01-10 08:23 --------- d-----w c:\program files\Windows Calendar
2009-01-10 08:21 --------- d-----w c:\program files\Apoint
2009-01-10 07:12 --------- d-----w c:\programdata\Microsoft Help
2009-01-10 07:09 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2009-01-10 07:09 67,584 ----a-w c:\windows\System32\wlanhlp.dll
2009-01-10 07:09 542,720 ----a-w c:\windows\System32\sysmain.dll
2009-01-10 07:09 502,784 ----a-w c:\windows\System32\wlansvc.dll
2009-01-10 07:09 47,104 ----a-w c:\windows\System32\wlanapi.dll
2009-01-10 07:09 297,984 ----a-w c:\windows\System32\wlansec.dll
2009-01-10 07:09 290,816 ----a-w c:\windows\System32\wlanmsm.dll
2009-01-10 07:09 28,344 ----a-w c:\windows\system32\drivers\battc.sys
2009-01-10 07:09 258,232 ----a-w c:\windows\system32\drivers\acpi.sys
2009-01-10 07:09 24,064 ----a-w c:\windows\System32\wtsapi32.dll
2009-01-10 07:09 20,920 ----a-w c:\windows\system32\drivers\compbatt.sys
2009-01-10 07:09 14,208 ----a-w c:\windows\system32\drivers\CmBatt.sys
2009-01-10 06:59 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-10 06:59 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-10 06:59 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-10 06:59 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-10 06:59 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-10 06:59 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-10 06:49 826,368 ----a-w c:\windows\System32\wininet.dll
2009-01-10 06:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2009-01-10 06:49 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-10 06:43 944,184 ----a-w c:\windows\System32\winload.exe
2009-01-10 06:35 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2009-01-10 06:35 98,816 ----a-w c:\windows\System32\mfps.dll
2009-01-10 06:35 94,720 ----a-w c:\windows\System32\logagent.exe
2009-01-10 06:35 84,992 ----a-w c:\windows\system32\drivers\srvnet.sys
2009-01-10 06:35 788,992 ----a-w c:\windows\System32\rpcrt4.dll
2009-01-10 06:35 58,368 ----a-w c:\windows\system32\drivers\mrxsmb20.sys
2009-01-10 06:35 52,736 ----a-w c:\windows\System32\rrinstaller.exe
2009-01-10 06:35 24,576 ----a-w c:\windows\System32\mfpmp.exe
2009-01-10 06:35 2,855,424 ----a-w c:\windows\System32\mf.dll
2009-01-10 06:35 2,048 ----a-w c:\windows\System32\mferror.dll
2009-01-10 06:35 148,992 ----a-w c:\windows\system32\drivers\ks.sys
2009-01-10 06:35 130,048 ----a-w c:\windows\system32\drivers\srv2.sys
2009-01-10 06:35 101,888 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2009-01-08 03:24 --------- d-----w c:\programdata\Symantec
2009-01-06 02:18 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-06 02:18 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 02:18 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-06 02:18 --------- d-----w c:\program files\Symantec
2009-01-02 03:58 --------- d-----w c:\program files\Common Files\Sony Shared
2009-01-02 03:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 03:57 --------- d-----w c:\program files\Sony
2008-12-31 06:49 --------- d-----w c:\program files\Common Files\AOL
2008-12-23 21:58 --------- d-----w c:\program files\Norton 360
2008-12-23 07:18 --------- d-----w c:\programdata\Intuit
2008-12-23 07:18 --------- d-----w c:\program files\Common Files\Intuit
2008-12-16 06:03 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-16 06:03 --------- d-----w c:\program files\Java
2008-12-16 05:29 --------- d-----w c:\users\Angel\AppData\Roaming\Symantec
2008-12-16 05:19 --------- d-----w c:\users\Angel\AppData\Roaming\Corel
2008-12-16 04:44 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-16 04:43 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-16 04:38 --------- d-----w c:\users\Angel\AppData\Roaming\Sony Corporation
2008-12-15 06:24 --------- d-sh--w c:\programdata\Templates
2008-12-15 06:24 --------- d-sh--w c:\programdata\Start Menu
2008-12-15 06:24 --------- d-sh--w c:\programdata\Favorites
2008-12-15 06:24 --------- d-sh--w c:\programdata\Documents
2008-12-15 06:24 --------- d-sh--w c:\programdata\Desktop
2008-12-15 06:24 --------- d-sh--w c:\programdata\Application Data
2008-12-15 05:19 0 ---ha-r c:\windows\system32\drivers\Sony_VGN-FZ240E.mrk
2008-12-15 04:55 --------- d-----w c:\program files\InterVideo
2008-12-15 04:55 --------- d-----w c:\program files\Common Files\InterVideo
2008-12-15 04:50 132,608 ----a-w c:\windows\system32\drivers\usbvideo.sys
2008-12-15 04:46 1,132,112 ----a-w c:\users\All Users\pswi_preloaded.exe
2008-12-15 04:46 1,132,112 ----a-w c:\programdata\pswi_preloaded.exe
2008-12-15 04:46 --------- d-----w c:\programdata\Corel
2008-12-15 04:46 --------- d-----w c:\program files\Corel
2008-12-15 04:45 --------- d-----w c:\program files\Common Files\Corel
2008-12-15 04:44 --------- d-----w c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-12-15 04:44 --------- d-----w c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2008-12-15 04:43 --------- d-----w c:\program files\Microsoft.NET
2008-12-15 04:38 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-15 04:38 --------- d-----w c:\program files\ArcSoft
2008-12-15 04:32 --------- d-----w c:\program files\Intuit
2008-12-15 04:32 --------- d-----w c:\program files\Common Files\supportsoft
2008-12-15 04:30 --------- d-----w c:\programdata\COMMON FILES
2008-12-15 04:24 --------- d-----w c:\program files\Microsoft Works

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:19 pm

.
((((((((((((((((((((((((((((( snapshot_2009-01-13_21.56.03.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-12 21:14:06 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-19 18:47:44 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-12 21:14:06 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-19 18:47:44 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-12 21:15:42 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-19 18:49:24 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-01-12 21:15:37 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-19 18:49:30 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-01-14 03:30:51 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-19 18:49:34 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-14 03:30:51 163,840 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-19 18:49:34 163,840 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-14 03:30:51 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-19 18:49:34 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-14 05:53:02 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-01-19 19:03:01 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-12-09 23:24:38 17,593,280 ----a-w c:\windows\System32\mrt.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\System32\mrt.exe
- 2009-01-12 21:20:41 107,714 ----a-w c:\windows\System32\perfc009.dat
+ 2009-01-19 19:00:44 107,714 ----a-w c:\windows\System32\perfc009.dat
- 2009-01-12 21:20:41 626,976 ----a-w c:\windows\System32\perfh009.dat
+ 2009-01-19 19:00:44 626,976 ----a-w c:\windows\System32\perfh009.dat
- 2009-01-14 02:03:48 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-01-17 07:18:09 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-01-12 21:16:04 6,018 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-712910195-2065108488-2920947175-1002_UserData.bin
+ 2009-01-19 18:49:48 6,516 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-712910195-2065108488-2920947175-1002_UserData.bin
- 2009-01-12 21:16:04 67,228 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-19 18:49:48 67,502 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-12 21:16:03 34,220 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-19 18:49:46 34,526 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:20 pm

- 2009-01-14 02:04:09 91,249 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-01-17 04:55:01 126,270,543 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2006-11-02 12:35:28 77,824 ----a-w c:\windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6001.18000_none_fdcbbc4906dd2f5d\ehiExtens.dll
+ 2009-01-10 06:44:37 19,456 ----a-w c:\windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18000_none_7244c43bbb913795\bthenum.sys
+ 2006-11-02 09:46:02 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\aelupsvc.dll
+ 2006-11-02 09:45:39 20,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\sdbinst.exe
+ 2006-11-02 09:46:13 111,104 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\shimeng.dll
+ 2006-11-02 07:11:38 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18000_none_0c223829f24c6bcd\AcRes.dll
+ 2006-11-02 09:46:02 38,912 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\acppage.dll
+ 2006-11-02 07:11:39 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\acprgwiz.dll
+ 2006-11-02 09:45:32 8,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\pcaelv.exe
+ 2006-11-02 09:45:32 7,680 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\pcalua.exe
+ 2006-11-02 09:45:32 14,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\pcaui.exe
+ 2006-11-02 12:34:33 30,208 ----a-w c:\windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dmband.dll
+ 2006-11-02 12:34:33 62,976 ----a-w c:\windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dmcompos.dll
+ 2006-11-02 12:34:33 105,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dmstyle.dll
+ 2006-11-02 12:34:33 20,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dswave.dll
+ 2006-11-02 09:46:05 52,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc804108fe1a6\mmci.dll
+ 2006-11-02 09:46:05 12,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc804108fe1a6\mmcico.dll
+ 2006-11-02 09:46:13 185,856 ----a-w c:\windows\winsxs\x86_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_6.0.6001.18000_none_c62871670779ffa4\SndVolSSO.dll
+ 2006-11-02 09:41:17 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6001.18000_none_175cb770bf6b8f77\netmsg.dll

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:21 pm

+ 2006-11-02 09:46:11 14,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6001.18000_none_175cb770bf6b8f77\netrap.dll
+ 2006-11-02 09:44:52 34,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-bth-user_31bf3856ad364e35_6.0.6001.18000_none_65193febd52e137a\bthudtask.exe
+ 2006-11-02 09:46:14 34,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-bth-user_31bf3856ad364e35_6.0.6001.18000_none_65193febd52e137a\wshbth.dll
+ 2006-11-02 09:46:02 41,984 ----a-w c:\windows\winsxs\x86_microsoft-windows-certutil_31bf3856ad364e35_6.0.6001.18000_none_b58507ed335c92cc\certenc.dll
+ 2006-11-02 09:46:03 7,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-base_31bf3856ad364e35_6.0.6001.18000_none_0dee367726857e43\comcat.dll
+ 2006-11-02 07:28:57 22,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-base_31bf3856ad364e35_6.0.6001.18000_none_0dee367726857e43\oleres.dll
+ 2006-11-02 09:46:02 23,552 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.0.6001.18000_none_59cabf11d4b18d8a\catsrvps.dll
+ 2006-09-18 21:27:45 61,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.0.6001.18000_none_59cabf11d4b18d8a\comempty.dat
+ 2006-11-02 09:46:11 7,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.0.6001.18000_none_59cabf11d4b18d8a\mtxex.dll
+ 2006-11-02 09:45:00 8,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.0.6001.18000_none_b0a7c3b54838915e\dcomcnfg.exe
+ 2006-09-18 21:27:12 19,429 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6001.18000_none_17df4ac2f2cf5440\msdtcvtr.bat
+ 2006-09-18 21:35:10 27,792 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\compobj.dll
+ 2006-11-02 09:39:39 3,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\iprop.dll
+ 2006-09-18 21:35:13 42,592 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\ole2.dll
+ 2006-09-18 21:35:14 169,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\ole2disp.dll
+ 2006-09-18 21:35:15 153,008 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\ole2nls.dll
+ 2006-09-18 21:35:15 4,208 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\storage.dll
+ 2006-09-18 21:35:15 177,856 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\typelib.dll
+ 2006-11-02 09:46:03 31,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-convert_31bf3856ad364e35_6.0.6001.18000_none_9cd54abba85233ff\cnvfat.dll
+ 2006-11-02 09:44:15 5,120 ----a-w c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6001.18000_none_255246473e514737\wmi.dll
+ 2006-11-02 09:44:59 19,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.0.6001.18000_none_87b9b7e028c74e65\cofire.exe
+ 2006-11-02 09:45:20 36,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.0.6001.18000_none_ed313ee5721aa9bc\IMJPUEX.EXE
+ 2006-11-02 09:46:05 11,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.0.6001.18000_none_3a8c422a9f3101c4\padrs404.dll
+ 2006-11-02 09:46:05 11,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.0.6001.18000_none_3a8c422a9f3101c4\padrs804.dll
+ 2006-11-02 09:46:13 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6001.18000_none_cedd4665f13650d7\w32topl.dll
+ 2006-11-02 09:46:05 4,608 ----a-w c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.0.6001.18000_none_e8019c5c974c4491\ksuser.dll
+ 2006-11-02 12:36:25 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6001.18000_none_b6798caa9a04157b\dfsrres.dll
+ 2006-11-02 09:46:03 10,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\dhcpcmonitor.dll
+ 2006-11-02 09:46:05 36,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-directshow-other_31bf3856ad364e35_6.0.6001.18000_none_0d5187f9e0ba9013\mciqtz32.dll
+ 2006-11-02 09:46:03 593,920 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-direct3d_31bf3856ad364e35_6.0.6001.18000_none_eb4e0e435578fd76\d3dramp.dll
+ 2006-11-02 09:46:03 11,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6001.18000_none_c24d6ca560c635f9\d3d8thk.dll
+ 2006-11-02 09:46:03 30,208 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.0.6001.18000_none_0505a2ecc0013ebd\ddrawex.dll
+ 2006-11-02 12:34:30 136,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.0.6001.18000_none_1d981a3c0baebdc7\dinput.dll
+ 2006-11-02 12:34:30 120,832 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.0.6001.18000_none_1d981a3c0baebdc7\gcdef.dll
+ 2006-11-02 12:34:30 36,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.0.6001.18000_none_1d981a3c0baebdc7\pid.dll
+ 2006-11-02 09:03:41 3,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnaddr.dll
+ 2006-11-02 09:46:04 56,832 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnathlp.dll
+ 2006-11-02 09:46:04 7,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnhpast.dll
+ 2006-11-02 09:46:04 7,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnhupnp.dll
+ 2006-11-02 09:03:41 3,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnlobby.dll
+ 2006-11-02 09:45:03 23,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnsvr.exe
+ 2006-11-02 09:39:16 536,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-diskmanagement_31bf3856ad364e35_6.0.6001.18000_none_0197b5b76fbd3f60\dmdskres.dll
+ 2006-11-02 09:46:03 23,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-diskmanagement_31bf3856ad364e35_6.0.6001.18000_none_0197b5b76fbd3f60\dmintf.dll
+ 2006-09-18 21:39:30 215,943 ----a-w c:\windows\winsxs\x86_microsoft-windows-dssec_31bf3856ad364e35_6.0.6001.18000_none_5a65d782fc87d29e\dssec.dat
+ 2009-01-10 07:06:35 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18000_none_3429e869d9fa322b\McrMgr.dll
+ 2006-11-02 12:35:32 21,504 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6001.18000_none_2fddb7218242099b\ehdebug.dll
+ 2006-11-02 12:35:33 16,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehssetup_31bf3856ad364e35_6.0.6001.18000_none_91c1b8b7b69b880e\ehssetup.dll
+ 2006-11-02 09:46:11 15,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-font-registrysettings_31bf3856ad364e35_6.0.6001.18000_none_95b1533bb11caa04\muifontsetup.dll
+ 2006-11-02 09:46:02 34,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\atmlib.dll
+ 2006-11-02 09:46:03 10,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\dciman32.dll
+ 2006-11-02 09:46:05 158,208 ----a-w c:\windows\winsxs\x86_microsoft-windows-htmlhelp-infotech_31bf3856ad364e35_6.0.6001.18000_none_f6a3ed1413ba3d1f\itircl.dll
+ 2006-11-02 09:45:13 14,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6001.18000_none_c855f6b284bc7b14\hh.exe
+ 2006-11-02 09:46:05 43,008 ----a-w c:\windows\winsxs\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6001.18000_none_c855f6b284bc7b14\hhsetup.dll

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:23 pm

+ 2006-11-02 09:46:05 58,368 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.0.6001.18000_none_fb2914a7fb7f05d4\IMTCDIC.dll
+ 2006-11-02 07:33:43 19,991,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.0.6001.18000_none_fb2914a7fb7f05d4\MSHWCHTR.dll
+ 2006-11-02 09:45:17 144,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045\iscsicli.exe
+ 2006-11-02 09:46:05 49,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045\iscsidsc.dll
+ 2006-11-02 12:36:18 120,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..integration-support_31bf3856ad364e35_6.0.6001.18000_none_2834ca37a387d4a3\idq.dll
+ 2006-11-02 06:58:59 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18000_none_15475676099210e3\tzres.dll
+ 2009-01-10 06:55:31 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18000_none_15475676099210e3\tzupd.exe
+ 2006-11-02 09:46:13 32,256 ----a-w c:\windows\winsxs\x86_microsoft-windows-icm-base_31bf3856ad364e35_6.0.6001.18000_none_22c7ea5489633945\WcsPlugInService.dll
+ 2006-11-02 09:44:59 84,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-icm-ui_31bf3856ad364e35_6.0.6001.18000_none_3a58b76aa0cf669e\colorcpl.exe
+ 2006-11-02 09:46:05 21,504 ----a-w c:\windows\winsxs\x86_microsoft-windows-icm-ui_31bf3856ad364e35_6.0.6001.18000_none_3a58b76aa0cf669e\icmui.dll
+ 2006-11-02 12:34:31 15,616 ----a-w c:\windows\winsxs\x86_microsoft-windows-identitycrl_31bf3856ad364e35_6.0.6001.18000_none_518dd3eb3e5e6f23\ppcrlconfig.dll
+ 2006-11-02 12:34:31 254,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-identitycrl_31bf3856ad364e35_6.0.6001.18000_none_518dd3eb3e5e6f23\ppcrlui.dll
+ 2006-11-02 09:39:30 161,792 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18000_none_ae3221cd06c5e98c\ieakui.dll
+ 2009-01-10 06:49:25 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.18000_none_fb9216576bbe8c39\ieapfltr.dat
+ 2006-11-02 07:33:30 48,128 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18000_none_f36d8680ba269c41\mshtmler.dll
+ 2006-11-02 09:45:13 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\ieUnatt.exe
+ 2006-11-02 09:46:05 16,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runoncessetup_31bf3856ad364e35_6.0.6001.18000_none_88eec871cb19b965\iessetup.dll
+ 2009-01-10 06:49:07 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18000_none_47a3aa598c843043\sqmapi.dll
+ 2009-01-10 06:49:13 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18000_none_64a26c9fae1f0949\ieui.dll
+ 2006-11-02 12:36:24 98,133 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_7e466ce97736febd\adsutil.vbs
+ 2006-11-02 12:36:24 4,346 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_7e466ce97736febd\clusftp.vbs
+ 2006-11-02 12:36:24 4,341 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_7e466ce97736febd\clusweb.vbs
+ 2006-11-02 12:36:24 41,401 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_7e466ce97736febd\IIsExt.vbs
+ 2006-11-02 12:36:24 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.0.6001.18000_none_8120d407b205fdca\iismui.dll
+ 2006-11-02 12:36:24 22,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.0.6001.18000_none_8120d407b205fdca\InetMgr6.exe
+ 2006-11-02 12:36:21 16,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-metabase_31bf3856ad364e35_6.0.6001.18000_none_3931f7d521f321a6\infoadmn.dll
+ 2006-11-02 12:36:21 9,728 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-metabase_31bf3856ad364e35_6.0.6001.18000_none_3931f7d521f321a6\infoctrs.dll
+ 2006-11-02 12:36:21 19,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-metabase_31bf3856ad364e35_6.0.6001.18000_none_3931f7d521f321a6\iscomlog.dll
+ 2006-11-02 12:36:21 7,680 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-metabase_31bf3856ad364e35_6.0.6001.18000_none_3931f7d521f321a6\rpcref.dll
+ 2006-11-02 12:36:19 8,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18000_none_10e972c4b4d2574c\iisrstap.dll
+ 2006-11-02 12:36:20 10,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18000_none_10e972c4b4d2574c\wamregps.dll
+ 2006-11-02 07:15:56 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6001.18000_none_037a7e2bb384bf01\msimsg.dll
+ 2006-11-02 08:33:06 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6001.18000_none_e9aa6488d9c10036\normaliz.dll
+ 2006-11-02 09:46:11 10,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-lpksetup_31bf3856ad364e35_6.0.6001.18000_none_215961096c78771c\MUILanguageCleanup.dll
+ 2006-11-02 09:46:09 323,584 ----a-w c:\windows\winsxs\x86_microsoft-windows-m..-components-jet2x3x_31bf3856ad364e35_6.0.6001.18000_none_e79f2d93ba6ffee6\msrd2x40.dll
+ 2006-11-02 12:35:27 8,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_6.0.6001.18000_none_e309c7bbe82e39d1\mqsvc.exe
+ 2006-11-02 09:46:06 413,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-m..onents-jetexchlotus_31bf3856ad364e35_6.0.6001.18000_none_c33bb5404d731490\msexch40.dll
+ 2006-11-02 12:35:09 3,295,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.0.6001.18000_none_ba7b16e99455464b\MIGUIImg.dll
+ 2006-11-02 12:35:09 82,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.0.6001.18000_none_ba7b16e99455464b\MIGUIRes.dll
+ 2006-11-02 12:34:36 24,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\DirectDB.dll
+ 2009-01-10 06:34:16 84,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18000_none_79b12a6a588ca469\INETRES.dll
+ 2006-11-02 12:34:36 2,836,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.18000_none_587ec186254a22ac\MSOERES.dll
+ 2006-11-02 07:28:10 39,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-mail-core_31bf3856ad364e35_6.0.6001.18000_none_e9286d318a269033\ACCTRES.dll
+ 2006-11-02 12:35:51 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18000_none_9c5f2f3c0cc1aa83\mferror.dll
+ 2009-01-10 06:35:22 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18000_none_9c5f2f3c0cc1aa83\mfpmp.exe
+ 2009-01-10 06:35:23 98,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18000_none_9c5f2f3c0cc1aa83\mfps.dll
+ 2009-01-10 06:35:23 53,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18000_none_9c5f2f3c0cc1aa83\rrinstaller.exe
+ 2006-11-02 12:35:54 16,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-ssetup_31bf3856ad364e35_6.0.6001.18000_none_13b1244660e5fd4e\wmssetup.dll
+ 2006-11-02 12:35:57 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6001.18000_none_a7b5f0a040680d4c\asferror.dll
+ 2006-11-02 12:35:57 9,728 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6001.18000_none_a7b5f0a040680d4c\LAPRXY.DLL
+ 2006-11-02 12:35:09 9,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-migrationengine_31bf3856ad364e35_6.0.6001.18000_none_58a7d7b2db3ffcd4\migres.dll
+ 2006-09-18 21:33:22 673,088 ----a-w c:\windows\winsxs\x86_microsoft-windows-mlang_31bf3856ad364e35_6.0.6001.18000_none_56df4b78e3fe4e3f\mlang.dat
+ 2006-11-02 12:36:06 150,016 ----a-w c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18000_none_f261ec400d1da6d8\MOVIEMK.exe
+ 2006-11-02 12:36:05 23,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18000_none_f261ec400d1da6d8\WMM2EXT.dll
+ 2006-11-02 09:40:16 145,920 ----a-w c:\windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6001.18000_none_c7427a4e786d74bc\msaudite.dll
+ 2006-11-02 12:35:28 13,824 ----a-w c:\windows\winsxs\x86_microsoft-windows-msmq-admin_31bf3856ad364e35_6.0.6001.18000_none_b74e019e3d6c64b6\mqcertui.dll
+ 2009-01-10 06:57:46 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18000_none_886e409a96d6223c\msxml3r.dll
+ 2009-01-10 06:32:20 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18000_none_886dfc4296d66f1f\msxml6r.dll
+ 2006-11-02 09:46:10 34,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.0.6001.18000_none_e1e971f061eb63bb\MSTTSCommon.dll
+ 2006-11-02 09:46:10 47,104 ----a-w c:\windows\winsxs\x86_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.0.6001.18000_none_e1e971f061eb63bb\MSTTSDecWrp.dll
+ 2006-11-02 09:46:10 8,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.0.6001.18000_none_e1e971f061eb63bb\MSTTSLoc.dll
+ 2009-01-10 07:11:32 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18000_none_440e77d1ec053e6c\FwRemoteSvr.dll
+ 2009-01-10 07:11:32 272,896 ----a-w c:\windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18000_none_440e77d1ec053e6c\polstore.dll
+ 2009-01-10 07:11:32 61,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18000_none_440e77d1ec053e6c\winipsec.dll
+ 2006-11-02 09:46:11 11,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-n..iagnosticsframework_31bf3856ad364e35_6.0.6001.18000_none_dc5ac24ae0ca36fc\ndproxystub.dll
+ 2006-11-02 12:34:31 268,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-nap-oobsha_31bf3856ad364e35_6.0.6001.18000_none_93e3b78243a9d8c2\msshavmsg.dll

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:24 pm

+ 2009-01-10 06:45:37 1,523,712 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0000.dll
+ 2009-01-10 06:45:36 2,599,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0001.dll
+ 2009-01-10 06:45:36 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0002.dll
+ 2009-01-10 06:45:35 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0003.dll
+ 2009-01-10 06:45:35 2,243,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0007.dll
+ 2009-01-10 06:45:34 4,875,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0009.dll
+ 2009-01-10 06:45:31 9,847,296 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData000a.dll
+ 2009-01-10 06:45:30 2,643,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData000c.dll
+ 2009-01-10 06:45:30 2,342,912 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData000d.dll
+ 2009-01-10 06:45:30 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData000f.dll
+ 2009-01-10 06:45:38 4,495,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0010.dll
+ 2009-01-10 06:45:38 2,657,280 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0011.dll
+ 2009-01-10 06:45:37 3,466,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0013.dll
+ 2009-01-10 06:45:37 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0018.dll
+ 2009-01-10 06:45:36 4,497,408 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0019.dll
+ 2009-01-10 06:45:32 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData001a.dll
+ 2009-01-10 06:45:32 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData001b.dll
+ 2009-01-10 06:45:31 4,495,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData001d.dll
+ 2009-01-10 06:45:39 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0020.dll
+ 2009-01-10 06:45:39 1,801,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0021.dll
+ 2009-01-10 06:45:39 1,801,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0022.dll
+ 2009-01-10 06:45:39 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0024.dll
+ 2009-01-10 06:45:38 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0026.dll
+ 2009-01-10 06:45:38 1,966,592 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0027.dll
+ 2009-01-10 06:45:32 1,801,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData002a.dll
+ 2009-01-10 06:45:40 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0039.dll
+ 2009-01-10 06:45:33 1,801,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData003e.dll
+ 2009-01-10 06:45:41 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0045.dll
+ 2009-01-10 06:45:41 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0046.dll
+ 2009-01-10 06:45:40 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0047.dll
+ 2009-01-10 06:45:40 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0049.dll
+ 2009-01-10 06:45:34 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData004a.dll
+ 2009-01-10 06:45:33 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData004b.dll
+ 2009-01-10 06:45:33 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData004c.dll
+ 2009-01-10 06:45:33 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData004e.dll
+ 2009-01-10 06:45:30 4,495,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0414.dll
+ 2009-01-10 06:45:29 4,495,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0416.dll
+ 2009-01-10 06:45:28 4,495,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0816.dll
+ 2009-01-10 06:45:28 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData081a.dll
+ 2009-01-10 06:45:27 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0c1a.dll
+ 2006-11-02 08:21:55 11,722,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0001.dll
+ 2006-11-02 08:22:34 4,164,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0002.dll
+ 2006-11-02 08:22:13 1,452,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0003.dll
+ 2006-11-02 08:22:07 12,038,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0007.dll
+ 2006-11-02 08:22:05 2,628,608 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0009.dll
+ 2006-11-02 08:22:11 9,892,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons000a.dll
+ 2006-11-02 08:22:06 6,237,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons000c.dll
+ 2006-11-02 08:22:09 1,722,368 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons000d.dll
+ 2006-11-02 08:22:17 5,654,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons000f.dll
+ 2006-11-02 08:22:18 4,175,872 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0010.dll
+ 2006-11-02 08:22:10 2,466,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0011.dll
+ 2006-11-02 08:21:58 4,981,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0013.dll
+ 2006-11-02 08:22:25 3,331,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0018.dll
+ 2006-11-02 08:22:26 6,781,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0019.dll
+ 2006-11-02 08:22:14 6,014,976 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons001a.dll
+ 2006-11-02 08:22:47 6,585,856 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons001b.dll
+ 2006-11-02 08:22:31 6,346,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons001d.dll
+ 2006-11-02 08:22:45 1,236,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0020.dll
+ 2006-11-02 08:22:12 2,136,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0021.dll
+ 2006-11-02 08:22:44 5,499,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0022.dll
+ 2006-11-02 08:22:49 7,964,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0024.dll
+ 2006-11-02 08:22:42 5,791,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0026.dll
+ 2006-11-02 08:22:19 6,224,896 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0027.dll
+ 2006-11-02 08:22:41 4,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons002a.dll
+ 2006-11-02 08:22:16 1,782,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0039.dll
+ 2006-11-02 08:22:20 4,045,824 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons003e.dll
+ 2006-11-02 08:22:33 1,793,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0045.dll
+ 2006-11-02 08:22:25 1,808,896 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0046.dll
+ 2006-11-02 08:22:15 1,411,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0047.dll
+ 2006-11-02 08:22:39 1,558,016 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0049.dll
+ 2006-11-02 08:22:39 3,419,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons004a.dll
+ 2006-11-02 08:22:36 1,702,912 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons004b.dll
+ 2006-11-02 08:22:46 4,093,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons004c.dll
+ 2006-11-02 08:22:37 1,972,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons004e.dll
+ 2006-11-02 08:22:21 4,616,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0414.dll
+ 2006-11-02 08:22:24 5,090,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0416.dll
+ 2006-11-02 08:22:22 5,031,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0816.dll

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:24 pm

+ 2006-11-02 08:22:29 7,042,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons081a.dll
+ 2006-11-02 08:22:27 6,917,120 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0c1a.dll
+ 2006-11-02 08:21:54 5,071,872 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsModels0011.dll
+ 2006-11-02 09:41:16 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.0.6001.18000_none_5232518072770fdb\neth.dll
+ 2006-11-02 09:46:14 11,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-netbios_31bf3856ad364e35_6.0.6001.18000_none_59e1b82a6b1f4ec0\wshnetbs.dll
+ 2006-09-19 11:41:49 2,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\bench_24.bin
+ 2006-09-19 11:41:49 4,280 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\bench_32.bin
+ 2006-09-19 11:41:49 9,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\bench_48.bin
+ 2006-09-19 11:41:49 2,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\house_24.bin
+ 2006-09-19 11:41:49 4,280 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\house_32.bin
+ 2006-09-19 11:41:49 9,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\house_48.bin
+ 2006-09-19 11:41:49 2,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\office_24.bin
+ 2006-09-19 11:41:49 4,280 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\office_32.bin
+ 2006-09-19 11:41:49 9,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\office_48.bin
+ 2006-11-02 09:46:02 24,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6001.18000_none_07e9f0db06159927\brdgcfg.dll
+ 2006-11-02 07:38:48 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6001.18000_none_07e9f0db06159927\bridgeres.dll
+ 2006-11-02 09:46:11 11,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-networkprofile_31bf3856ad364e35_6.0.6001.18000_none_789b515a7625c7d5\nlmsprep.dll
+ 2006-11-02 09:46:12 16,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-networkprofile_31bf3856ad364e35_6.0.6001.18000_none_789b515a7625c7d5\npmproxy.dll
+ 2006-11-02 12:36:04 51,712 ----a-w c:\windows\winsxs\x86_microsoft-windows-networkprojection_31bf3856ad364e35_6.0.6001.18000_none_e3c78331f0bd2d51\CRPPresentation.dll
+ 2006-11-02 12:36:04 89,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-networkprojection_31bf3856ad364e35_6.0.6001.18000_none_e3c78331f0bd2d51\NetProj.exe
+ 2006-11-02 07:38:59 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-networktopology_31bf3856ad364e35_6.0.6001.18000_none_d155f734fa7d6b4f\lltdres.dll
+ 2006-11-02 09:45:30 74,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6001.18000_none_11764b5450a917b3\newdev.exe
+ 2006-11-02 07:09:42 9,029 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ANSI.SYS
+ 2006-11-02 07:09:49 12,498 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\append.exe
+ 2006-11-02 07:10:16 10,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\COMM.drv
+ 2006-11-02 07:09:49 50,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\COMMAND.COM
+ 2006-11-02 07:10:28 32,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\COMMDLG.DLL
+ 2006-11-02 07:09:45 27,097 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\country.sys
+ 2006-09-18 21:43:37 27,200 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ctl3dv2.dll
+ 2006-11-02 07:10:32 39,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\DDEML.DLL
+ 2006-11-02 07:09:52 20,634 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\debug.exe
+ 2006-11-02 07:10:37 53,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\dosx.exe
+ 2006-11-02 07:10:29 28,112 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\DRWATSON.EXE
+ 2006-09-18 21:43:40 69,886 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\edit.com
+ 2006-11-02 07:09:50 12,642 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\edlin.exe
+ 2006-11-02 07:09:51 8,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\exe2bin.exe
+ 2006-11-02 07:10:13 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\GDI.EXE
+ 2006-11-02 07:09:59 19,694 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\GRAPHICS.COM
+ 2006-11-02 07:09:41 4,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\HIMEM.SYS
+ 2006-11-02 07:09:57 14,710 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\KB16.COM
+ 2006-11-02 07:09:44 42,809 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\KEY01.SYS
+ 2006-11-02 07:10:15 2,000 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\keyboard.drv
+ 2006-11-02 07:09:44 42,537 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\KEYBOARD.SYS
+ 2006-11-02 07:10:07 92,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\krnl386.exe
+ 2006-09-18 21:43:37 221,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\lanman.drv
+ 2006-09-18 21:43:37 9,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\lzexpand.dll
+ 2006-11-02 07:09:55 39,274 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\mem.exe
+ 2006-11-02 07:10:21 68,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\MMSYSTEM.DLL
+ 2006-11-02 07:10:18 2,032 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\mouse.drv
+ 2006-09-18 21:43:37 108,464 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\netapi.dll
+ 2006-11-02 07:09:56 7,052 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\nlsfunc.exe
+ 2006-11-02 07:09:29 27,866 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS.SYS
+ 2006-11-02 07:09:35 29,146 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS404.SYS
+ 2006-11-02 07:09:38 29,370 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS411.SYS
+ 2006-11-02 07:09:40 29,274 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS412.SYS
+ 2006-11-02 07:09:31 29,146 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS804.SYS
+ 2006-11-02 07:09:20 33,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO.SYS
+ 2006-11-02 07:09:23 34,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO404.SYS
+ 2006-11-02 07:09:24 35,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO411.SYS
+ 2006-11-02 07:09:26 35,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO412.SYS
+ 2006-11-02 07:09:22 34,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO804.SYS
+ 2006-11-02 09:46:12 14,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ntvdmd.dll
+ 2006-09-18 21:43:37 82,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\olecli.dll
+ 2006-11-02 07:10:34 24,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\OLESVR.DLL
+ 2006-09-18 21:43:37 46,592 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\pmspl.dll
+ 2006-11-02 07:10:00 2,842 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\redir.exe
+ 2006-11-02 07:09:53 11,753 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\setver.exe
+ 2006-11-02 07:10:14 5,120 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\SHELL.DLL
+ 2006-11-02 07:10:16 1,744 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\sound.drv
+ 2006-09-18 21:43:37 18,896 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\sysedit.exe
+ 2006-11-02 07:10:14 3,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\system.drv
+ 2006-11-02 07:10:26 4,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\TIMER.DRV
+ 2006-11-02 07:10:25 13,888 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\TOOLHELP.DLL

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:25 pm

+ 2006-11-02 07:10:12 47,840 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\USER.EXE
+ 2006-09-18 21:43:37 9,008 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ver.dll
+ 2006-11-02 07:10:17 2,176 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\vga.drv
+ 2006-11-02 07:10:30 12,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WFWNET.DRV
+ 2006-11-02 07:10:35 9,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WIFEMAN.DLL
+ 2006-11-02 08:35:53 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\win.com
+ 2006-09-18 21:43:37 13,312 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\win87em.dll
+ 2006-09-18 21:43:37 256,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\winhelp.exe
+ 2006-11-02 07:10:35 5,120 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINNLS.DLL
+ 2006-11-02 07:10:22 2,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSOCK.DLL
+ 2006-11-02 07:10:18 2,112 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSPOOL.EXE
+ 2006-11-02 07:10:27 2,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WOWDEB.EXE
+ 2006-11-02 07:10:24 8,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WOWEXEC.EXE
+ 2008-12-08 23:22:10 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16787_none_f052600a6e8e5046\OESpamFilter.dat
+ 2008-12-08 23:23:32 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20972_none_f0e1cd3587a85293\OESpamFilter.dat
+ 2008-12-09 23:54:42 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18182_none_f2339d3e6bb96284\OESpamFilter.dat
+ 2008-12-09 23:55:37 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22327_none_f3031ce984a1d682\OESpamFilter.dat
+ 2006-11-02 09:45:33 60,416 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.0.6001.18000_none_d6543f9ff5ec4aec\printui.exe
+ 2006-11-02 09:45:02 17,408 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\diskperf.exe
+ 2006-11-02 09:45:35 37,376 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\relog.exe
+ 2006-11-02 09:45:49 39,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\typeperf.exe
+ 2009-01-10 06:39:40 37,888 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18000_none_39733ab970ea03f2\printcom.dll
+ 2006-11-02 09:46:12 39,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfctrs.dll
+ 2006-11-02 09:46:12 31,744 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfdisk.dll
+ 2006-11-02 09:46:12 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfos.dll
+ 2006-11-02 09:46:12 35,840 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfproc.dll
+ 2006-11-02 09:45:31 61,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6001.18000_none_f0037a3c7d6c36a4\ntprint.exe
+ 2006-11-02 09:45:32 7,680 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\plasrv.exe
+ 2006-11-02 12:36:18 20,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.0.6001.18000_none_b403a1813dce9905\lprmon.dll
+ 2006-11-02 12:36:18 11,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.0.6001.18000_none_b403a1813dce9905\lprmonui.dll
+ 2006-11-02 12:35:39 1,486,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..topeeradhocmeetings_31bf3856ad364e35_6.0.6001.18000_none_aa47d5c4002219b8\WinCollabRes.dll
+ 2009-01-10 06:43:31 30,674 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\perfc.dat
+ 2009-01-10 06:43:31 30,674 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\perfd.dat
+ 2009-01-10 06:43:31 287,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\perfh.dat
+ 2009-01-10 06:43:31 287,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\perfi.dat
+ 2006-11-02 09:42:44 17,408 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\prflbmsg.dll
+ 2006-11-02 12:35:38 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpperf.dll
+ 2006-11-02 09:45:32 13,312 ----a-w c:\windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.0.6001.18000_none_a931a5078fdac855\PATHPING.EXE
+ 2006-11-02 09:45:49 12,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.0.6001.18000_none_a931a5078fdac855\TRACERT.EXE
+ 2006-11-02 09:46:12 15,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18000_none_ae4b689057a4a1e3\pacerprf.dll
+ 2006-11-02 09:46:13 33,280 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18000_none_ae4b689057a4a1e3\traffic.dll
+ 2006-11-02 09:46:14 13,824 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18000_none_ae4b689057a4a1e3\wshqos.dll
+ 2006-11-02 12:36:25 7,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\mll_hp.dll
+ 2006-11-02 12:36:25 17,408 ----a-w c:\windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmsevt.dll
+ 2006-11-02 12:36:25 43,008 ----a-w c:\windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\rsm.exe
+ 2006-11-02 12:36:25 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\rsmmllsv.exe
+ 2006-11-02 12:36:25 22,016 ----a-w c:\windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\rsmsink.exe
+ 2006-11-02 12:36:25 54,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\rsmui.exe
+ 2006-11-02 09:46:12 10,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasadhlp.dll
+ 2006-11-02 09:45:34 16,896 ----a-w c:\windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasautou.exe
+ 2006-11-02 09:46:12 32,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6001.18000_none_0de067e17a6f4519\rasmxs.dll
+ 2006-11-02 09:46:12 22,016 ----a-w c:\windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6001.18000_none_0de067e17a6f4519\rasser.dll
+ 2006-11-02 09:45:34 16,896 ----a-w c:\windows\winsxs\x86_microsoft-windows-rasclienttools_31bf3856ad364e35_6.0.6001.18000_none_6f46cfc8a8b142a0\rasdial.exe
+ 2006-11-02 09:46:12 36,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6001.18000_none_0d159410ea7a8f9d\rtutils.dll

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:25 pm

+ 2006-11-02 09:46:02 13,824 ----a-w c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\clb.dll
+ 2006-11-02 09:45:35 9,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedt32.exe
+ 2006-11-02 12:35:24 40,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.0.6001.18000_none_3758172c01e5ce47\racpldlg.dll
+ 2006-11-02 09:45:37 14,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-restartmanager_31bf3856ad364e35_6.0.6001.18000_none_803567cb241e9c20\RmClient.exe
+ 2009-01-10 06:39:32 14,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18000_none_547dcc3187eaff70\wshrm.dll
+ 2006-11-02 09:46:03 10,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_6.0.6001.18000_none_17d3c60709ecb009\dfrgifps.dll
+ 2006-11-02 12:35:38 12,555,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..inboxgames-shanghai_31bf3856ad364e35_6.0.6001.18000_none_c0a3fbb5ef29fe27\Mahjong.dll
+ 2006-11-02 12:35:37 29,001,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.0.6001.18000_none_74d4a1cd7e673a2e\Chess.dll
+ 2006-11-02 12:35:35 4,305,408 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..oxgames-minesweeper_31bf3856ad364e35_6.0.6001.18000_none_a2611d5c392f48a1\MineSweeper.dll
+ 2006-11-02 12:35:36 28,665,856 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.0.6001.18000_none_062b7e7afe71e492\PurblePlace.dll
+ 2006-11-02 12:35:35 8,384,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.0.6001.18000_none_062b7e7afe71e492\PurblePlace2.dll
+ 2006-11-02 09:46:12 42,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.0.6001.18000_none_4849149a305ec4a4\pstorec.dll
+ 2006-11-02 09:46:12 23,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.0.6001.18000_none_4849149a305ec4a4\pstorsvc.dll
+ 2006-11-02 09:46:14 8,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-session0viewer_31bf3856ad364e35_6.0.6001.18000_none_e1e6e80246adfe72\WlS0WndH.dll
+ 2006-11-02 09:43:11 2,928,640 ----a-w c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6001.18000_none_322c7e4ead424897\W32UIImg.dll
+ 2006-11-02 09:46:13 4,608 ----a-w c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_a735c34c5c31a578\sfc.dll
+ 2006-11-02 12:35:15 66,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6001.18000_none_cedcabbd26a81ad6\sbdrop.dll
+ 2006-11-02 09:46:12 66,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-smartcardsubsystem_31bf3856ad364e35_6.0.6001.18000_none_17fd3fa469f2e862\SCardDlg.dll
+ 2008-12-16 03:14:37 290,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16789_none_d7c3afd4f985c7a2\srv.sys
+ 2008-12-16 03:07:02 290,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20976_none_d8551d94129dfc9d\srv.sys
+ 2008-12-16 02:42:39 288,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18185_none_d9a5ed52f6aff337\srv.sys
+ 2008-12-16 01:53:56 288,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22331_none_da619a780fa89f17\srv.sys
+ 2006-11-02 09:46:13 9,728 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver_31bf3856ad364e35_6.0.6001.18000_none_f8f4e8f8eadb7d91\sscore.dll
+ 2006-11-02 09:45:46 12,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-snmp-trap-service_31bf3856ad364e35_6.0.6001.18000_none_cf8afedd3f67da88\snmptrap.exe
+ 2006-11-02 12:34:32 16,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.0.6001.18000_none_1c09f00b4bcc9fbc\SpeechUXPS.DLL
+ 2006-11-02 09:46:13 151,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-sqlliteoledb_31bf3856ad364e35_6.0.6001.18000_none_be7f06c980d3ea88\sqlceoledb30.dll
+ 2006-11-02 09:39:30 3,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_6.0.6001.18000_none_ea70eae59b4e2b12\icmp.dll
+ 2006-11-02 07:39:56 1,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\penchs.dll
+ 2006-11-02 07:39:56 1,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\pencht.dll
+ 2006-11-02 07:39:56 1,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\penjpn.dll
+ 2006-11-02 07:39:56 1,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\penkor.dll
+ 2006-11-02 07:39:56 1,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\penusa.dll
+ 2006-11-02 09:45:32 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\pipanel.exe
+ 2006-11-02 07:39:56 1,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\pipres.dll
+ 2006-11-02 07:39:56 1,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\skchobj.dll
+ 2006-11-02 07:39:56 1,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\skchui.dll
+ 2006-11-02 12:35:47 19,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6001.18000_none_4264ef6a4d057d2c\jnwmon.dll
+ 2006-11-02 12:35:47 22,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6001.18000_none_4264ef6a4d057d2c\jnwppr.dll
+ 2006-11-02 12:35:47 47,104 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6001.18000_none_4264ef6a4d057d2c\PDIALOG.exe
+ 2006-11-02 12:35:44 1,495,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..krecognition.zh-chs_31bf3856ad364e35_6.0.6001.18000_none_fd484d54658ae209\chslm.lex.bin
+ 2006-11-02 12:35:44 10,335,843 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..krecognition.zh-chs_31bf3856ad364e35_6.0.6001.18000_none_fd484d54658ae209\chslm.wdic2.bin
+ 2006-11-02 12:35:44 21,963,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..krecognition.zh-chs_31bf3856ad364e35_6.0.6001.18000_none_fd484d54658ae209\mshwchsr.dll
+ 2006-11-02 12:35:46 2,187,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..krecognition.zh-cht_31bf3856ad364e35_6.0.6001.18000_none_fd48368c658afbaa\chtlm.lex.bin
+ 2006-11-02 12:35:45 11,300,913 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..krecognition.zh-cht_31bf3856ad364e35_6.0.6001.18000_none_fd48368c658afbaa\chtlm.wdic2.bin
+ 2006-11-02 12:35:45 19,991,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..krecognition.zh-cht_31bf3856ad364e35_6.0.6001.18000_none_fd48368c658afbaa\mshwchtr.dll
+ 2006-11-02 12:35:47 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.0.6001.18000_none_3fac12f5c6543548\IPSEventLogMsg.dll
+ 2006-11-02 12:35:47 19,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.0.6001.18000_none_3fac12f5c6543548\TabIpsps.dll
+ 2006-11-02 12:35:48 19,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6001.18000_none_4d983a117ea4cea6\jnwmon.dll
+ 2006-11-02 12:35:48 22,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6001.18000_none_4d983a117ea4cea6\jnwppr.dll
+ 2006-11-02 12:35:24 68,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..platform-input-core_31bf3856ad364e35_6.0.6001.18000_none_d1104c78dccde5fe\TabSvc.dll
+ 2006-11-02 12:35:24 2,073,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..platform-input-core_31bf3856ad364e35_6.0.6001.18000_none_d1104c78dccde5fe\TouchX.dll

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:26 pm

+ 2006-11-02 12:35:40 13,577,657 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..reinkrecognition.ja_31bf3856ad364e35_6.0.6001.18000_none_03ed68ae2c4994ef\dicjp.bin
+ 2006-11-02 12:35:41 8,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..reinkrecognition.ja_31bf3856ad364e35_6.0.6001.18000_none_03ed68ae2c4994ef\dicjp.dll
+ 2006-11-02 12:35:40 21,462,016 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..reinkrecognition.ja_31bf3856ad364e35_6.0.6001.18000_none_03ed68ae2c4994ef\mshwjpnr.dll
+ 2006-11-02 12:35:41 21,827,584 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..reinkrecognition.ko_31bf3856ad364e35_6.0.6001.18000_none_03ed2a082c4a1514\mshwkorr.dll
+ 2006-11-02 12:35:47 114,688 ----a-w c:\windows\winsxs\x86_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.0.6001.18000_none_118f15c677824d1e\TipBand.dll
+ 2006-11-02 12:35:47 1,149,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.0.6001.18000_none_118f15c677824d1e\TipRes.dll
+ 2006-11-02 12:35:48 47,104 ----a-w c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6001.18000_none_17b18851a49835e5\NBMapTIP.dll
+ 2006-11-02 12:35:43 149,504 ----a-w c:\windows\winsxs\x86_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.0.6001.18000_none_d1b1affa515cd235\tabskb.dll
+ 2006-11-02 09:46:13 858,112 ----a-w c:\windows\winsxs\x86_microsoft-windows-tapi3_31bf3856ad364e35_6.0.6001.18000_none_6148b1ca8f906dbb\tapi3.dll
+ 2006-11-02 09:46:13 9,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-tapisetup_31bf3856ad364e35_6.0.6001.18000_none_69f32ac39b2a05e1\TapiSysprep.dll
+ 2006-11-02 09:45:48 10,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-tapisetup_31bf3856ad364e35_6.0.6001.18000_none_69f32ac39b2a05e1\TapiUnattend.exe
+ 2006-11-02 09:44:50 19,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\ARP.EXE
+ 2006-11-02 09:45:07 10,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\finger.exe
+ 2006-11-02 09:45:13 8,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\HOSTNAME.EXE
+ 2006-11-02 09:45:25 11,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\MRINFO.EXE
+ 2006-11-02 09:45:30 27,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\NETSTAT.EXE
+ 2006-11-02 09:45:49 9,728 ----a-w c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\TCPSVCS.EXE
+ 2006-11-02 12:35:38 57,856 ----a-w c:\windows\winsxs\x86_microsoft-windows-telnet-server_31bf3856ad364e35_6.0.6001.18000_none_9307dcf14f15ce10\tlntadmn.exe

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:26 pm

+ 2006-11-02 09:46:13 40,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.0.6001.18000_none_777d16eedf412426\tpmcompc.dll
+ 2006-11-02 09:46:13 34,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.0.6001.18000_none_f501a18e1eaabcb9\uicom.dll
+ 2006-11-02 09:46:13 16,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-unimodem-core_31bf3856ad364e35_6.0.6001.18000_none_949832cbd48def6a\uniplat.dll
+ 2006-11-02 09:46:13 41,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.0.6001.18000_none_c1e834753483fdcf\udhisapi.dll
+ 2006-11-02 09:46:13 37,888 ----a-w c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.0.6001.18000_none_7fc972ebd13849b5\ssdpapi.dll
+ 2006-11-02 09:46:02 65,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18000_none_9231f0ab88c213e9\avicap32.dll
+ 2006-11-02 09:46:05 82,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18000_none_9231f0ab88c213e9\mciavi32.dll
+ 2006-11-02 09:46:10 12,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18000_none_9231f0ab88c213e9\msrle32.dll
+ 2006-11-02 12:34:41 198,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_32943b11b3535c07\sti.dll
+ 2006-11-02 12:34:41 12,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_32943b11b3535c07\wiatrace.dll
+ 2006-11-02 09:45:51 516,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.18000_none_42a95d80d7929e62\wab.exe
+ 2006-11-02 09:46:13 33,280 ----a-w c:\windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.18000_none_42a95d80d7929e62\wabfind.dll
+ 2006-11-02 09:45:51 66,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.18000_none_42a95d80d7929e62\wabmig.exe
+ 2006-11-02 07:28:12 1,098,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.0.6001.18000_none_55236d7549c923f0\wab32res.dll
+ 2006-11-02 09:46:13 41,984 ----a-w c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.0.6001.18000_none_55236d7549c923f0\wabimp.dll
+ 2006-11-02 09:46:14 10,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wmsgapi.dll
+ 2006-11-02 09:46:13 15,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-winlogon-sysntfy_31bf3856ad364e35_6.0.6001.18000_none_5572f3220fb3454e\sysntfy.dll
+ 2006-11-02 09:46:14 9,728 ----a-w c:\windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_6.0.6001.18000_none_1636766731a74faf\winrssrv.dll
+ 2006-11-02 09:43:00 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.0.6001.18000_none_e36536a91186bed0\rnr20.dll
+ 2006-11-02 09:46:13 36,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-wmi-consumers_31bf3856ad364e35_6.0.6001.18000_none_4ad2276858e160c5\SMTPCons.dll
+ 2006-11-02 07:14:23 6,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\WinMgmtR.dll
+ 2006-11-02 07:15:27 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\WmiApRes.dll
+ 2006-11-02 09:46:05 35,840 ----a-w c:\windows\winsxs\x86_microsoft-windows-wmi-krnlprov-provider_31bf3856ad364e35_6.0.6001.18000_none_e3b0c3fff516edba\KrnlProv.dll
+ 2006-11-02 09:46:05 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-wmi-management-snapins_31bf3856ad364e35_6.0.6001.18000_none_9be5ddb8baf2bc00\MMFUtil.dll
+ 2006-11-02 09:46:14 43,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-wmi-time-provider_31bf3856ad364e35_6.0.6001.18000_none_ed321ab4287c62df\wmitimep.dll
+ 2006-11-02 09:46:14 39,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_6.0.6001.18000_none_c6cb05b6765124d9\wmipdfs.dll
+ 2006-11-02 09:46:14 43,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_6.0.6001.18000_none_c6cb05b6765124d9\WMIPSESS.dll
+ 2006-11-02 12:35:58 31,744 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-legacywmdmapi_31bf3856ad364e35_6.0.6001.18000_none_59aa91436faa8e2e\wmdmlog.dll
+ 2006-11-02 12:35:58 36,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-legacywmdmapi_31bf3856ad364e35_6.0.6001.18000_none_59aa91436faa8e2e\wmdmps.dll
+ 2009-01-10 07:10:01 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18000_none_4b00c645ec09f02d\PortableDeviceClassExtension.dll
+ 2009-01-10 07:10:01 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18000_none_4b00c645ec09f02d\PortableDeviceTypes.dll
+ 2006-11-02 09:46:12 32,768 ----a-w c:\windows\winsxs\x86_microsoft.windows.h...sdhost-driverclass_31bf3856ad364e35_6.0.6001.18000_none_c2f17878c82f85ef\sdhcinst.dll
+ 2006-11-02 09:46:02 39,936 ----a-w c:\windows\winsxs\x86_microsoft.windows.h..uetooth-driverclass_31bf3856ad364e35_6.0.6001.18000_none_84e4ea4562dcf212\bthserv.dll
+ 2006-11-02 12:41:20 1,327,104 ----a-w c:\windows\winsxs\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.0.6001.18000_en-us_40f01b7c96c997a3\AuthFWSnapIn.Resources.dll
+ 2006-11-02 09:46:48 274,432 ----a-w c:\windows\winsxs\x86_networking-mpssvc-admin_31bf3856ad364e35_6.0.6001.18000_none_a5522df381cef60a\AuthFWWizFwk.dll
+ 2006-11-02 09:45:10 263,680 ----a-w c:\windows\winsxs\x86_networking-mpssvc_31bf3856ad364e35_6.0.6001.18000_none_0a7986d9b92aa27a\FirewallSettings.exe
+ 2006-11-02 12:34:32 16,488 ----a-w c:\windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpAsDesc.dll
+ 2006-11-02 12:34:32 11,368 ----a-w c:\windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpLics.dll
+ 2006-11-02 12:34:32 653,928 ----a-w c:\windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpRes.dll
+ 2006-11-02 06:29:53 18,271 ----a-w c:\windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_6.0.6001.18000_none_9784d4f858e3c74e\StructuredQuerySchemaTrivial.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-01-09 1232896]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 53248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 18:26 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1980A3A3-72DB-4E3F-9F05-2191AA5DB79A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0816D0DF-B54B-4F22-AD54-EF92FB51704A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{00D323C8-E223-4115-B226-39A64557D821}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{516FF797-A0CA-43D6-A288-6A38B1835483}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F67C3699-D469-4522-851C-F156159CCFE6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D2100068-A81F-4DFA-A023-89A8E6C91F13}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AE100143-A4AF-4F19-A255-1F87AACED5C4}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BC772F8E-19BD-44C7-9AE8-77DBB2AEC02E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090113.002\IDSvix86.sys [2009-01-15 270384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-15 99376]
R3 KeyScrambler;KeyScrambler;c:\windows\System32\drivers\keyscrambler.sys [2009-01-01 113896]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2007-08-01 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2007-08-01 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [2007-08-01 31104]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2007-01-09 38200]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-08-01 812544]
R4 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-01 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-08-01 79736]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\rafdrutm.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\rafdrutm.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-01-19 11:05:45
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-19 11:07:46
ComboFix-quarantined-files.txt 2009-01-19 19:07:44
ComboFix2.txt 2009-01-14 05:57:50
ComboFix3.txt 2009-01-12 07:57:41
ComboFix4.txt 2009-01-06 05:25:56
ComboFix5.txt 2009-01-19 19:02:16

Pre-Run: 212,437,590,016 bytes free
Post-Run: 212,408,815,616 bytes free

813 --- E O F --- 2009-01-14 11:02:59

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Mon Jan 19, 2009 7:39 pm

Hopefully that has taken care of the last two items MBAM found, try windows updates now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:43 pm

no =/ i still cant do updates........and spybot is still finding it.
error code : 80244019

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved this is spybot log

Post by AARG12 on Mon Jan 19, 2009 7:45 pm

Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #1 (Undefined) (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer=208.67.220.220,208.67.222.222

Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #2 (Undefined) (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer=208.67.220.220,208.67.222.222

User abort!: Scan was not completed successfully. ()



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2009-01-01 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2008-11-04 Includes\Adware.sbi (*)
2008-12-29 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2009-01-06 Includes\Dialer.sbi (*)
2009-01-06 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2009-01-05 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2008-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2009-01-06 Includes\MalwareC.sbi (*)
2008-12-15 Includes\PUPS.sbi (*)
2009-01-06 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-29 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-12-10 Includes\Spyware.sbi (*)
2009-01-06 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2009-01-05 Includes\Trojans.sbi (*)
2009-01-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows Vista (Build: 6000) (6.0.6000)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB929729)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 40048
MD5: 66D4456C920E21BD2188F8CC33680DF5

Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint\Apoint.exe
file: C:\Program Files\Apoint\Apoint.exe
size: 118784
MD5: 6FC8ECA367679C2AEBBA09A416B4C18D

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 115816
MD5: 25BE770865658CB79100117112819A7C

Located: HK_LM:Run, HotKeysCmds
command: C:\Windows\system32\hkcmd.exe
file: C:\Windows\system32\hkcmd.exe
size: 154136
MD5: 161E3038BFE9AD04B9F35F7E83AFD20E

Located: HK_LM:Run, IgfxTray
command: C:\Windows\system32\igfxtray.exe
file: C:\Windows\system32\igfxtray.exe
size: 137752
MD5: 0ADD73DDAAD83314B0F32453B83F7F9C

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 290088
MD5: E6A4E341E4304B34AA280D3E73818C90

Located: HK_LM:Run, Persistence
command: C:\Windows\system32\igfxpers.exe
file: C:\Windows\system32\igfxpers.exe
size: 133656
MD5: 39AFBBC65BF0469946EBA8C0C2884B76

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 9C9B6807425CEF840C117654D8B033D1

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345

Located: HK_LM:Run, Symantec PIF AlertEng
command: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
file: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
size: 583048
MD5: 2D1389E05A807D956829F44BD4B60389

Located: HK_LM:Run, VAIO Center Access Bar
command: "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
file: c:\program files\sony\VAIO Center Access Bar\VCAB.exe
size: 53248
MD5: 15168B31FDCD5D90EFE641CBD243608A

Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-712910195-2065108488-2920947175-1002...
command: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
size: 5724184
MD5: A8972A2F9A744DD5EE0BFE429D767F1C

Located: HK_CU:Run, Sidebar
where: S-1-5-21-712910195-2065108488-2920947175-1002...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-712910195-2065108488-2920947175-1002...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, VESWinlogon
command: VESWinlogon.dll
file: VESWinlogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx
AcroIEhelper.dll
info link: [You must be registered and logged in to see this link.]
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2006 22:08:42
Date (last access): 8/1/2007 18:44:58
Date (last write): 10/22/2006 22:08:42
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\
Long name: NppBHO.dll
Short name:
Date (created): 2/18/2007 20:22:56
Date (last access): 12/14/2008 21:08:24
Date (last write): 2/18/2007 20:22:56
Filesize: 97960
Attributes: readonly archive
MD5: FE48BB4C64B6D42EB637732D9D2962E4
CRC32: 9D5C5BBE
Version: 2007.1.7.4

{2B9F5787-88A5-4945-90E7-C4B18563BC5E} (QFX Software KeyScrambler)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: QFX Software KeyScrambler
CLSID name: CKeyScramblerBHO Object
Path: C:\Program Files\KeyScrambler\
Long name: KeyScramblerIE.dll
Short name: KEYSCR~1.DLL
Date (created): 1/1/2009 21:16:02
Date (last access): 1/1/2009 21:16:02
Date (last write): 6/1/2008 23:24:58
Filesize: 808936
Attributes: archive
MD5: 0D29B9DA7774E34DB6E84C159A16FFF8
CRC32: 2486FAA4
Version: 2.1.0.1

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: [You must be registered and logged in to see this link.]
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 1/5/2009 20:37:56
Date (last access): 1/5/2009 20:37:56
Date (last write): 9/15/2008 14:25:44
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 12/15/2008 22:03:32
Date (last access): 12/15/2008 22:03:32
Date (last write): 12/15/2008 22:03:32
Filesize: 320920
Attributes: archive
MD5: 35E6FB6E6003BD54A5D69C9C1C762192
CRC32: 9699660C
Version: 6.0.110.3

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 12/15/2008 22:03:30
Date (last access): 12/15/2008 22:03:30
Date (last write): 12/15/2008 22:03:30
Filesize: 34816
Attributes: archive
MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
CRC32: D7C13FB2
Version: 6.0.110.3

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:46 pm

--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: [You must be registered and logged in to see this link.]
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/15/2008 22:03:30
Date (last access): 12/15/2008 22:03:30
Date (last write): 12/15/2008 22:03:30
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ()
DPF name:
CLSID name:
Installer:
Codebase:

{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0
Installer:
Codebase: [You must be registered and logged in to see this link.]
description:
classification: Legitimate
known filename: npjpi160.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/15/2008 22:03:30
Date (last access): 12/15/2008 22:03:30
Date (last write): 12/15/2008 22:03:30
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: [You must be registered and logged in to see this link.]
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/15/2008 22:03:30
Date (last access): 12/15/2008 22:03:30
Date (last write): 12/15/2008 22:03:30
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: [You must be registered and logged in to see this link.]
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/15/2008 22:03:32
Date (last access): 12/15/2008 22:03:32
Date (last write): 12/15/2008 22:03:32
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3

{D0C0F75C-683A-4390-A791-1ACFD5599AB8} ()
DPF name:
CLSID name:
Installer:
Codebase:

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:46 pm

--- Process list ---
PID: 1848 (1040) C:\Windows\system32\Dwm.exe
size: 83456
MD5: E87B968F3D49117445893EB0503FE34F
PID: 1876 (1828) C:\Windows\Explorer.EXE
size: 2923520
MD5: 37440D09DEAE0B672A04DCCF7ABF06BE
PID: 300 (1052) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 480 (1052) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 600 (1876) C:\Windows\System32\hkcmd.exe
size: 154136
MD5: 161E3038BFE9AD04B9F35F7E83AFD20E
PID: 796 (1876) C:\Windows\System32\igfxpers.exe
size: 133656
MD5: 39AFBBC65BF0469946EBA8C0C2884B76
PID: 1384 (1876) C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345
PID: 1508 (1876) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 115816
MD5: 25BE770865658CB79100117112819A7C
PID: 1608 (1876) C:\Program Files\iTunes\iTunesHelper.exe
size: 290088
MD5: E6A4E341E4304B34AA280D3E73818C90
PID: 1872 (1876) C:\Program Files\Apoint\Apoint.exe
size: 118784
MD5: 6FC8ECA367679C2AEBBA09A416B4C18D
PID: 620 (1876) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6
PID: 1976 (1876) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 5724184
MD5: A8972A2F9A744DD5EE0BFE429D767F1C
PID: 272 (1876) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6
PID: 3256 ( 820) C:\Windows\system32\igfxsrvc.exe
size: 252440
MD5: 0B0161799AAB35ABC3C42590E65491CC
PID: 3684 ( 480) C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
size: 551032
MD5: 661EC6D57E040003CAB8AC0280B36940
PID: 3728 ( 480) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
size: 469112
MD5: AF334CA84536E743D6AEF32548223403
PID: 4036 (1872) C:\Program Files\Apoint\ApMsgFwd.exe
size: 50736
MD5: 42370C1DE2B83844B253478DB8A907D5
PID: 3632 (1748) C:\Program Files\Apoint\Apntex.exe
size: 40960
MD5: 99A7B10500920E5CC79B700927B18BC1
PID: 4004 (1876) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 3924 ( 820) C:\Windows\System32\mobsync.exe
size: 95232
MD5: 9C632DC0F1B6D79B05F46A4A5349CEF4
PID: 5828 (5816) C:\Program Files\Internet Explorer\IEUser.exe
size: 301568
MD5: CC3BC04443E65FEB28B5A043420610BA
PID: 4856 (1876) C:\Program Files\Mozilla Firefox\firefox.exe
size: 307704
MD5: 8DA0A66CB74FCBB393038E37E0F691BA
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 392 ( 4) smss.exe
size: 62976
PID: 520 ( 508) csrss.exe
size: 7680
PID: 560 ( 508) wininit.exe
size: 95744
PID: 568 ( 552) csrss.exe
size: 7680
PID: 604 ( 560) services.exe
size: 279552
PID: 624 ( 560) lsass.exe
size: 7680
PID: 636 ( 560) lsm.exe
size: 210944
PID: 732 ( 552) winlogon.exe
size: 308224
PID: 820 ( 604) svchost.exe
size: 22016
PID: 876 ( 604) svchost.exe
size: 22016
PID: 908 ( 604) svchost.exe
size: 22016
PID: 1016 ( 604) svchost.exe
size: 22016
PID: 1040 ( 604) svchost.exe
size: 22016
PID: 1052 ( 604) svchost.exe
size: 22016
PID: 1160 (1016) audiodg.exe
size: 88064
PID: 1192 ( 604) SLsvc.exe
size: 2605568
PID: 1232 ( 604) svchost.exe
size: 22016
PID: 1396 ( 604) svchost.exe
size: 22016
PID: 1568 ( 604) ccSvcHst.exe
PID: 1928 ( 604) spoolsv.exe
size: 124928
PID: 1952 ( 604) svchost.exe
size: 22016
PID: 244 ( 604) AppleMobileDeviceService.exe
PID: 1108 ( 604) mDNSResponder.exe
PID: 1500 ( 604) svchost.exe
size: 22016
PID: 2056 ( 604) iviRegMgr.exe
PID: 2172 ( 604) svchost.exe
size: 22016
PID: 2212 ( 604) stacsv.exe
size: 94208
PID: 2312 ( 604) svchost.exe
size: 22016
PID: 2436 ( 604) VESMgr.exe
PID: 2500 ( 604) VCSW.exe
PID: 2584 ( 604) svchost.exe
size: 22016
PID: 2616 ( 604) SearchIndexer.exe
size: 287744
PID: 2720 ( 604) XAudio.exe
PID: 2744 ( 604) VzCdbSvc.exe
PID: 2772 (1040) WUDFHost.exe
size: 143360
PID: 2828 ( 604) VzFw.exe
PID: 3320 (2436) VESMgrSub.exe
PID: 3480 ( 820) igfxext.exe
size: 166424
PID: 3508 ( 820) igfxsrvc.exe
size: 252440
PID: 3676 (1052) taskeng.exe
size: 166400
PID: 1832 (3320) SPMgr.exe
PID: 3348 ( 604) iPodService.exe
PID: 4208 ( 604) TrustedInstaller.exe
PID: 1664 ( 820) WmiPrvSE.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 1/19/2009 11:43:50

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
[You must be registered and logged in to see this link.]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
[You must be registered and logged in to see this link.]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
[You must be registered and logged in to see this link.]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
[You must be registered and logged in to see this link.]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
[You must be registered and logged in to see this link.]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
[You must be registered and logged in to see this link.]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchAssistant
[You must be registered and logged in to see this link.]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
[You must be registered and logged in to see this link.]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
[You must be registered and logged in to see this link.]


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll

Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FAECE2F7-4527-429B-AF36-B0C020A0926C}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FAECE2F7-4527-429B-AF36-B0C020A0926C}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3190096-33E1-494F-8233-2FE9ECE13E18}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3190096-33E1-494F-8233-2FE9ECE13E18}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{FAECE2F7-4527-429B-AF36-B0C020A0926C}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{FAECE2F7-4527-429B-AF36-B0C020A0926C}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F3190096-33E1-494F-8233-2FE9ECE13E18}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F3190096-33E1-494F-8233-2FE9ECE13E18}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 3: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 4: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 5: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 6: Bluetooth Namespace
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace

Namespace Provider 7: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:51 pm

Malwarebytes' Anti-Malware 1.32
Database version: 1643
Windows 6.0.6000

1/19/2009 11:51:09
mbam-log-2009-01-19 (11-51-09).txt

Scan type: Quick Scan
Objects scanned: 49297
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on Mon Jan 19, 2009 7:53 pm

right now since i ran both of those, its clean and i can do updates i have learned, but once the comp is restarted. the trojans are still there. and i have to rerun both the programs to delete them once again.

AARG12
Intermediate
Intermediate

Status :
Online
Offline

Posts : 65
Joined : 2008-12-31
Gender : Male
OS : Windows Vista

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Mon Jan 19, 2009 7:55 pm

Hold on, I'm gonna go back to my colleagues. That IP isn't part of the wareout, it's openDNS, I don't why Spybot detects it, but it's not malicious.

I honestly think it's something in your network that blocks it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on Mon Jan 19, 2009 8:05 pm

Back again, just been reading a Vista forum on this infection.

The infection isn't on your machine, it's on your router.
Instead of hijacking the machines DNS, they hijack the router, so the machine is clean, but the router is infected.
THAT is why it returns.

You may need to call up your internet provider and talk with them to reset your router to defaults and set the settings back to them.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Doctor Inferno on Sat May 02, 2009 6:34 am

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Status :
Online
Offline

Posts : 12017
Joined : 2007-12-26
Gender : Male
OS : Windows 7 Home Premium and Ultimate X64

View user profile

Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum