I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 19th January 2009, 7:21 pm

+ 2006-11-02 09:46:11 14,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6001.18000_none_175cb770bf6b8f77\netrap.dll
+ 2006-11-02 09:44:52 34,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-bth-user_31bf3856ad364e35_6.0.6001.18000_none_65193febd52e137a\bthudtask.exe
+ 2006-11-02 09:46:14 34,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-bth-user_31bf3856ad364e35_6.0.6001.18000_none_65193febd52e137a\wshbth.dll
+ 2006-11-02 09:46:02 41,984 ----a-w c:\windows\winsxs\x86_microsoft-windows-certutil_31bf3856ad364e35_6.0.6001.18000_none_b58507ed335c92cc\certenc.dll
+ 2006-11-02 09:46:03 7,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-base_31bf3856ad364e35_6.0.6001.18000_none_0dee367726857e43\comcat.dll
+ 2006-11-02 07:28:57 22,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-base_31bf3856ad364e35_6.0.6001.18000_none_0dee367726857e43\oleres.dll
+ 2006-11-02 09:46:02 23,552 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.0.6001.18000_none_59cabf11d4b18d8a\catsrvps.dll
+ 2006-09-18 21:27:45 61,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.0.6001.18000_none_59cabf11d4b18d8a\comempty.dat
+ 2006-11-02 09:46:11 7,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.0.6001.18000_none_59cabf11d4b18d8a\mtxex.dll
+ 2006-11-02 09:45:00 8,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.0.6001.18000_none_b0a7c3b54838915e\dcomcnfg.exe
+ 2006-09-18 21:27:12 19,429 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6001.18000_none_17df4ac2f2cf5440\msdtcvtr.bat
+ 2006-09-18 21:35:10 27,792 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\compobj.dll
+ 2006-11-02 09:39:39 3,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\iprop.dll
+ 2006-09-18 21:35:13 42,592 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\ole2.dll
+ 2006-09-18 21:35:14 169,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\ole2disp.dll
+ 2006-09-18 21:35:15 153,008 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\ole2nls.dll
+ 2006-09-18 21:35:15 4,208 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\storage.dll
+ 2006-09-18 21:35:15 177,856 ----a-w c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6001.18000_none_3f1ba507d2463833\typelib.dll
+ 2006-11-02 09:46:03 31,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-convert_31bf3856ad364e35_6.0.6001.18000_none_9cd54abba85233ff\cnvfat.dll
+ 2006-11-02 09:44:15 5,120 ----a-w c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6001.18000_none_255246473e514737\wmi.dll
+ 2006-11-02 09:44:59 19,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.0.6001.18000_none_87b9b7e028c74e65\cofire.exe
+ 2006-11-02 09:45:20 36,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.0.6001.18000_none_ed313ee5721aa9bc\IMJPUEX.EXE
+ 2006-11-02 09:46:05 11,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.0.6001.18000_none_3a8c422a9f3101c4\padrs404.dll
+ 2006-11-02 09:46:05 11,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.0.6001.18000_none_3a8c422a9f3101c4\padrs804.dll
+ 2006-11-02 09:46:13 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6001.18000_none_cedd4665f13650d7\w32topl.dll
+ 2006-11-02 09:46:05 4,608 ----a-w c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.0.6001.18000_none_e8019c5c974c4491\ksuser.dll
+ 2006-11-02 12:36:25 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6001.18000_none_b6798caa9a04157b\dfsrres.dll
+ 2006-11-02 09:46:03 10,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\dhcpcmonitor.dll
+ 2006-11-02 09:46:05 36,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-directshow-other_31bf3856ad364e35_6.0.6001.18000_none_0d5187f9e0ba9013\mciqtz32.dll
+ 2006-11-02 09:46:03 593,920 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-direct3d_31bf3856ad364e35_6.0.6001.18000_none_eb4e0e435578fd76\d3dramp.dll
+ 2006-11-02 09:46:03 11,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6001.18000_none_c24d6ca560c635f9\d3d8thk.dll
+ 2006-11-02 09:46:03 30,208 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.0.6001.18000_none_0505a2ecc0013ebd\ddrawex.dll
+ 2006-11-02 12:34:30 136,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.0.6001.18000_none_1d981a3c0baebdc7\dinput.dll
+ 2006-11-02 12:34:30 120,832 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.0.6001.18000_none_1d981a3c0baebdc7\gcdef.dll
+ 2006-11-02 12:34:30 36,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directinput_31bf3856ad364e35_6.0.6001.18000_none_1d981a3c0baebdc7\pid.dll
+ 2006-11-02 09:03:41 3,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnaddr.dll
+ 2006-11-02 09:46:04 56,832 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnathlp.dll
+ 2006-11-02 09:46:04 7,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnhpast.dll
+ 2006-11-02 09:46:04 7,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnhupnp.dll
+ 2006-11-02 09:03:41 3,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnlobby.dll
+ 2006-11-02 09:45:03 23,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnsvr.exe
+ 2006-11-02 09:39:16 536,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-diskmanagement_31bf3856ad364e35_6.0.6001.18000_none_0197b5b76fbd3f60\dmdskres.dll
+ 2006-11-02 09:46:03 23,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-diskmanagement_31bf3856ad364e35_6.0.6001.18000_none_0197b5b76fbd3f60\dmintf.dll
+ 2006-09-18 21:39:30 215,943 ----a-w c:\windows\winsxs\x86_microsoft-windows-dssec_31bf3856ad364e35_6.0.6001.18000_none_5a65d782fc87d29e\dssec.dat
+ 2009-01-10 07:06:35 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18000_none_3429e869d9fa322b\McrMgr.dll
+ 2006-11-02 12:35:32 21,504 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6001.18000_none_2fddb7218242099b\ehdebug.dll
+ 2006-11-02 12:35:33 16,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehssetup_31bf3856ad364e35_6.0.6001.18000_none_91c1b8b7b69b880e\ehssetup.dll
+ 2006-11-02 09:46:11 15,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-font-registrysettings_31bf3856ad364e35_6.0.6001.18000_none_95b1533bb11caa04\muifontsetup.dll
+ 2006-11-02 09:46:02 34,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\atmlib.dll
+ 2006-11-02 09:46:03 10,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\dciman32.dll
+ 2006-11-02 09:46:05 158,208 ----a-w c:\windows\winsxs\x86_microsoft-windows-htmlhelp-infotech_31bf3856ad364e35_6.0.6001.18000_none_f6a3ed1413ba3d1f\itircl.dll
+ 2006-11-02 09:45:13 14,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6001.18000_none_c855f6b284bc7b14\hh.exe
+ 2006-11-02 09:46:05 43,008 ----a-w c:\windows\winsxs\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6001.18000_none_c855f6b284bc7b14\hhsetup.dll

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 19th January 2009, 7:23 pm

+ 2006-11-02 09:46:05 58,368 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.0.6001.18000_none_fb2914a7fb7f05d4\IMTCDIC.dll
+ 2006-11-02 07:33:43 19,991,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.0.6001.18000_none_fb2914a7fb7f05d4\MSHWCHTR.dll
+ 2006-11-02 09:45:17 144,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045\iscsicli.exe
+ 2006-11-02 09:46:05 49,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045\iscsidsc.dll
+ 2006-11-02 12:36:18 120,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..integration-support_31bf3856ad364e35_6.0.6001.18000_none_2834ca37a387d4a3\idq.dll
+ 2006-11-02 06:58:59 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18000_none_15475676099210e3\tzres.dll
+ 2009-01-10 06:55:31 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18000_none_15475676099210e3\tzupd.exe
+ 2006-11-02 09:46:13 32,256 ----a-w c:\windows\winsxs\x86_microsoft-windows-icm-base_31bf3856ad364e35_6.0.6001.18000_none_22c7ea5489633945\WcsPlugInService.dll
+ 2006-11-02 09:44:59 84,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-icm-ui_31bf3856ad364e35_6.0.6001.18000_none_3a58b76aa0cf669e\colorcpl.exe
+ 2006-11-02 09:46:05 21,504 ----a-w c:\windows\winsxs\x86_microsoft-windows-icm-ui_31bf3856ad364e35_6.0.6001.18000_none_3a58b76aa0cf669e\icmui.dll
+ 2006-11-02 12:34:31 15,616 ----a-w c:\windows\winsxs\x86_microsoft-windows-identitycrl_31bf3856ad364e35_6.0.6001.18000_none_518dd3eb3e5e6f23\ppcrlconfig.dll
+ 2006-11-02 12:34:31 254,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-identitycrl_31bf3856ad364e35_6.0.6001.18000_none_518dd3eb3e5e6f23\ppcrlui.dll
+ 2006-11-02 09:39:30 161,792 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18000_none_ae3221cd06c5e98c\ieakui.dll
+ 2009-01-10 06:49:25 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.18000_none_fb9216576bbe8c39\ieapfltr.dat
+ 2006-11-02 07:33:30 48,128 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18000_none_f36d8680ba269c41\mshtmler.dll
+ 2006-11-02 09:45:13 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\ieUnatt.exe
+ 2006-11-02 09:46:05 16,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runoncessetup_31bf3856ad364e35_6.0.6001.18000_none_88eec871cb19b965\iessetup.dll
+ 2009-01-10 06:49:07 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18000_none_47a3aa598c843043\sqmapi.dll
+ 2009-01-10 06:49:13 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18000_none_64a26c9fae1f0949\ieui.dll
+ 2006-11-02 12:36:24 98,133 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_7e466ce97736febd\adsutil.vbs
+ 2006-11-02 12:36:24 4,346 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_7e466ce97736febd\clusftp.vbs
+ 2006-11-02 12:36:24 4,341 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_7e466ce97736febd\clusweb.vbs
+ 2006-11-02 12:36:24 41,401 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_7e466ce97736febd\IIsExt.vbs
+ 2006-11-02 12:36:24 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.0.6001.18000_none_8120d407b205fdca\iismui.dll
+ 2006-11-02 12:36:24 22,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.0.6001.18000_none_8120d407b205fdca\InetMgr6.exe
+ 2006-11-02 12:36:21 16,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-metabase_31bf3856ad364e35_6.0.6001.18000_none_3931f7d521f321a6\infoadmn.dll
+ 2006-11-02 12:36:21 9,728 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-metabase_31bf3856ad364e35_6.0.6001.18000_none_3931f7d521f321a6\infoctrs.dll
+ 2006-11-02 12:36:21 19,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-metabase_31bf3856ad364e35_6.0.6001.18000_none_3931f7d521f321a6\iscomlog.dll
+ 2006-11-02 12:36:21 7,680 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-metabase_31bf3856ad364e35_6.0.6001.18000_none_3931f7d521f321a6\rpcref.dll
+ 2006-11-02 12:36:19 8,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18000_none_10e972c4b4d2574c\iisrstap.dll
+ 2006-11-02 12:36:20 10,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18000_none_10e972c4b4d2574c\wamregps.dll
+ 2006-11-02 07:15:56 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6001.18000_none_037a7e2bb384bf01\msimsg.dll
+ 2006-11-02 08:33:06 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6001.18000_none_e9aa6488d9c10036\normaliz.dll
+ 2006-11-02 09:46:11 10,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-lpksetup_31bf3856ad364e35_6.0.6001.18000_none_215961096c78771c\MUILanguageCleanup.dll
+ 2006-11-02 09:46:09 323,584 ----a-w c:\windows\winsxs\x86_microsoft-windows-m..-components-jet2x3x_31bf3856ad364e35_6.0.6001.18000_none_e79f2d93ba6ffee6\msrd2x40.dll
+ 2006-11-02 12:35:27 8,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_6.0.6001.18000_none_e309c7bbe82e39d1\mqsvc.exe
+ 2006-11-02 09:46:06 413,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-m..onents-jetexchlotus_31bf3856ad364e35_6.0.6001.18000_none_c33bb5404d731490\msexch40.dll
+ 2006-11-02 12:35:09 3,295,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.0.6001.18000_none_ba7b16e99455464b\MIGUIImg.dll
+ 2006-11-02 12:35:09 82,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.0.6001.18000_none_ba7b16e99455464b\MIGUIRes.dll
+ 2006-11-02 12:34:36 24,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\DirectDB.dll
+ 2009-01-10 06:34:16 84,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18000_none_79b12a6a588ca469\INETRES.dll
+ 2006-11-02 12:34:36 2,836,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.18000_none_587ec186254a22ac\MSOERES.dll
+ 2006-11-02 07:28:10 39,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-mail-core_31bf3856ad364e35_6.0.6001.18000_none_e9286d318a269033\ACCTRES.dll
+ 2006-11-02 12:35:51 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18000_none_9c5f2f3c0cc1aa83\mferror.dll
+ 2009-01-10 06:35:22 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18000_none_9c5f2f3c0cc1aa83\mfpmp.exe
+ 2009-01-10 06:35:23 98,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18000_none_9c5f2f3c0cc1aa83\mfps.dll
+ 2009-01-10 06:35:23 53,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18000_none_9c5f2f3c0cc1aa83\rrinstaller.exe
+ 2006-11-02 12:35:54 16,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-ssetup_31bf3856ad364e35_6.0.6001.18000_none_13b1244660e5fd4e\wmssetup.dll
+ 2006-11-02 12:35:57 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6001.18000_none_a7b5f0a040680d4c\asferror.dll
+ 2006-11-02 12:35:57 9,728 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6001.18000_none_a7b5f0a040680d4c\LAPRXY.DLL
+ 2006-11-02 12:35:09 9,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-migrationengine_31bf3856ad364e35_6.0.6001.18000_none_58a7d7b2db3ffcd4\migres.dll
+ 2006-09-18 21:33:22 673,088 ----a-w c:\windows\winsxs\x86_microsoft-windows-mlang_31bf3856ad364e35_6.0.6001.18000_none_56df4b78e3fe4e3f\mlang.dat
+ 2006-11-02 12:36:06 150,016 ----a-w c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18000_none_f261ec400d1da6d8\MOVIEMK.exe
+ 2006-11-02 12:36:05 23,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18000_none_f261ec400d1da6d8\WMM2EXT.dll
+ 2006-11-02 09:40:16 145,920 ----a-w c:\windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6001.18000_none_c7427a4e786d74bc\msaudite.dll
+ 2006-11-02 12:35:28 13,824 ----a-w c:\windows\winsxs\x86_microsoft-windows-msmq-admin_31bf3856ad364e35_6.0.6001.18000_none_b74e019e3d6c64b6\mqcertui.dll
+ 2009-01-10 06:57:46 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18000_none_886e409a96d6223c\msxml3r.dll
+ 2009-01-10 06:32:20 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18000_none_886dfc4296d66f1f\msxml6r.dll
+ 2006-11-02 09:46:10 34,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.0.6001.18000_none_e1e971f061eb63bb\MSTTSCommon.dll
+ 2006-11-02 09:46:10 47,104 ----a-w c:\windows\winsxs\x86_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.0.6001.18000_none_e1e971f061eb63bb\MSTTSDecWrp.dll
+ 2006-11-02 09:46:10 8,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.0.6001.18000_none_e1e971f061eb63bb\MSTTSLoc.dll
+ 2009-01-10 07:11:32 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18000_none_440e77d1ec053e6c\FwRemoteSvr.dll
+ 2009-01-10 07:11:32 272,896 ----a-w c:\windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18000_none_440e77d1ec053e6c\polstore.dll
+ 2009-01-10 07:11:32 61,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18000_none_440e77d1ec053e6c\winipsec.dll
+ 2006-11-02 09:46:11 11,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-n..iagnosticsframework_31bf3856ad364e35_6.0.6001.18000_none_dc5ac24ae0ca36fc\ndproxystub.dll
+ 2006-11-02 12:34:31 268,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-nap-oobsha_31bf3856ad364e35_6.0.6001.18000_none_93e3b78243a9d8c2\msshavmsg.dll

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 19th January 2009, 7:24 pm

+ 2009-01-10 06:45:37 1,523,712 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0000.dll
+ 2009-01-10 06:45:36 2,599,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0001.dll
+ 2009-01-10 06:45:36 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0002.dll
+ 2009-01-10 06:45:35 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0003.dll
+ 2009-01-10 06:45:35 2,243,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0007.dll
+ 2009-01-10 06:45:34 4,875,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0009.dll
+ 2009-01-10 06:45:31 9,847,296 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData000a.dll
+ 2009-01-10 06:45:30 2,643,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData000c.dll
+ 2009-01-10 06:45:30 2,342,912 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData000d.dll
+ 2009-01-10 06:45:30 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData000f.dll
+ 2009-01-10 06:45:38 4,495,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0010.dll
+ 2009-01-10 06:45:38 2,657,280 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0011.dll
+ 2009-01-10 06:45:37 3,466,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0013.dll
+ 2009-01-10 06:45:37 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0018.dll
+ 2009-01-10 06:45:36 4,497,408 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0019.dll
+ 2009-01-10 06:45:32 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData001a.dll
+ 2009-01-10 06:45:32 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData001b.dll
+ 2009-01-10 06:45:31 4,495,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData001d.dll
+ 2009-01-10 06:45:39 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0020.dll
+ 2009-01-10 06:45:39 1,801,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0021.dll
+ 2009-01-10 06:45:39 1,801,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0022.dll
+ 2009-01-10 06:45:39 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0024.dll
+ 2009-01-10 06:45:38 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0026.dll
+ 2009-01-10 06:45:38 1,966,592 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0027.dll
+ 2009-01-10 06:45:32 1,801,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData002a.dll
+ 2009-01-10 06:45:40 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0039.dll
+ 2009-01-10 06:45:33 1,801,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData003e.dll
+ 2009-01-10 06:45:41 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0045.dll
+ 2009-01-10 06:45:41 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0046.dll
+ 2009-01-10 06:45:40 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0047.dll
+ 2009-01-10 06:45:40 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0049.dll
+ 2009-01-10 06:45:34 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData004a.dll
+ 2009-01-10 06:45:33 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData004b.dll
+ 2009-01-10 06:45:33 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData004c.dll
+ 2009-01-10 06:45:33 3,104,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData004e.dll
+ 2009-01-10 06:45:30 4,495,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0414.dll
+ 2009-01-10 06:45:29 4,495,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0416.dll
+ 2009-01-10 06:45:28 4,495,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0816.dll
+ 2009-01-10 06:45:28 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData081a.dll
+ 2009-01-10 06:45:27 1,965,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsData0c1a.dll
+ 2006-11-02 08:21:55 11,722,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0001.dll
+ 2006-11-02 08:22:34 4,164,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0002.dll
+ 2006-11-02 08:22:13 1,452,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0003.dll
+ 2006-11-02 08:22:07 12,038,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0007.dll
+ 2006-11-02 08:22:05 2,628,608 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0009.dll
+ 2006-11-02 08:22:11 9,892,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons000a.dll
+ 2006-11-02 08:22:06 6,237,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons000c.dll
+ 2006-11-02 08:22:09 1,722,368 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons000d.dll
+ 2006-11-02 08:22:17 5,654,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons000f.dll
+ 2006-11-02 08:22:18 4,175,872 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0010.dll
+ 2006-11-02 08:22:10 2,466,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0011.dll
+ 2006-11-02 08:21:58 4,981,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0013.dll
+ 2006-11-02 08:22:25 3,331,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0018.dll
+ 2006-11-02 08:22:26 6,781,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0019.dll
+ 2006-11-02 08:22:14 6,014,976 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons001a.dll
+ 2006-11-02 08:22:47 6,585,856 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons001b.dll
+ 2006-11-02 08:22:31 6,346,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons001d.dll
+ 2006-11-02 08:22:45 1,236,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0020.dll
+ 2006-11-02 08:22:12 2,136,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0021.dll
+ 2006-11-02 08:22:44 5,499,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0022.dll
+ 2006-11-02 08:22:49 7,964,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0024.dll
+ 2006-11-02 08:22:42 5,791,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0026.dll
+ 2006-11-02 08:22:19 6,224,896 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0027.dll
+ 2006-11-02 08:22:41 4,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons002a.dll
+ 2006-11-02 08:22:16 1,782,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0039.dll
+ 2006-11-02 08:22:20 4,045,824 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons003e.dll
+ 2006-11-02 08:22:33 1,793,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0045.dll
+ 2006-11-02 08:22:25 1,808,896 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0046.dll
+ 2006-11-02 08:22:15 1,411,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0047.dll
+ 2006-11-02 08:22:39 1,558,016 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0049.dll
+ 2006-11-02 08:22:39 3,419,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons004a.dll
+ 2006-11-02 08:22:36 1,702,912 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons004b.dll
+ 2006-11-02 08:22:46 4,093,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons004c.dll
+ 2006-11-02 08:22:37 1,972,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons004e.dll
+ 2006-11-02 08:22:21 4,616,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0414.dll
+ 2006-11-02 08:22:24 5,090,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0416.dll
+ 2006-11-02 08:22:22 5,031,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0816.dll

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 19th January 2009, 7:24 pm

+ 2006-11-02 08:22:29 7,042,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons081a.dll
+ 2006-11-02 08:22:27 6,917,120 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsLexicons0c1a.dll
+ 2006-11-02 08:21:54 5,071,872 ----a-w c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\NlsModels0011.dll
+ 2006-11-02 09:41:16 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.0.6001.18000_none_5232518072770fdb\neth.dll
+ 2006-11-02 09:46:14 11,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-netbios_31bf3856ad364e35_6.0.6001.18000_none_59e1b82a6b1f4ec0\wshnetbs.dll
+ 2006-09-19 11:41:49 2,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\bench_24.bin
+ 2006-09-19 11:41:49 4,280 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\bench_32.bin
+ 2006-09-19 11:41:49 9,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\bench_48.bin
+ 2006-09-19 11:41:49 2,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\house_24.bin
+ 2006-09-19 11:41:49 4,280 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\house_32.bin
+ 2006-09-19 11:41:49 9,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\house_48.bin
+ 2006-09-19 11:41:49 2,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\office_24.bin
+ 2006-09-19 11:41:49 4,280 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\office_32.bin
+ 2006-09-19 11:41:49 9,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\office_48.bin
+ 2006-11-02 09:46:02 24,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6001.18000_none_07e9f0db06159927\brdgcfg.dll
+ 2006-11-02 07:38:48 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6001.18000_none_07e9f0db06159927\bridgeres.dll
+ 2006-11-02 09:46:11 11,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-networkprofile_31bf3856ad364e35_6.0.6001.18000_none_789b515a7625c7d5\nlmsprep.dll
+ 2006-11-02 09:46:12 16,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-networkprofile_31bf3856ad364e35_6.0.6001.18000_none_789b515a7625c7d5\npmproxy.dll
+ 2006-11-02 12:36:04 51,712 ----a-w c:\windows\winsxs\x86_microsoft-windows-networkprojection_31bf3856ad364e35_6.0.6001.18000_none_e3c78331f0bd2d51\CRPPresentation.dll
+ 2006-11-02 12:36:04 89,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-networkprojection_31bf3856ad364e35_6.0.6001.18000_none_e3c78331f0bd2d51\NetProj.exe
+ 2006-11-02 07:38:59 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-networktopology_31bf3856ad364e35_6.0.6001.18000_none_d155f734fa7d6b4f\lltdres.dll
+ 2006-11-02 09:45:30 74,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6001.18000_none_11764b5450a917b3\newdev.exe
+ 2006-11-02 07:09:42 9,029 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ANSI.SYS
+ 2006-11-02 07:09:49 12,498 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\append.exe
+ 2006-11-02 07:10:16 10,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\COMM.drv
+ 2006-11-02 07:09:49 50,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\COMMAND.COM
+ 2006-11-02 07:10:28 32,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\COMMDLG.DLL
+ 2006-11-02 07:09:45 27,097 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\country.sys
+ 2006-09-18 21:43:37 27,200 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ctl3dv2.dll
+ 2006-11-02 07:10:32 39,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\DDEML.DLL
+ 2006-11-02 07:09:52 20,634 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\debug.exe
+ 2006-11-02 07:10:37 53,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\dosx.exe
+ 2006-11-02 07:10:29 28,112 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\DRWATSON.EXE
+ 2006-09-18 21:43:40 69,886 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\edit.com
+ 2006-11-02 07:09:50 12,642 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\edlin.exe
+ 2006-11-02 07:09:51 8,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\exe2bin.exe
+ 2006-11-02 07:10:13 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\GDI.EXE
+ 2006-11-02 07:09:59 19,694 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\GRAPHICS.COM
+ 2006-11-02 07:09:41 4,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\HIMEM.SYS
+ 2006-11-02 07:09:57 14,710 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\KB16.COM
+ 2006-11-02 07:09:44 42,809 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\KEY01.SYS
+ 2006-11-02 07:10:15 2,000 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\keyboard.drv
+ 2006-11-02 07:09:44 42,537 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\KEYBOARD.SYS
+ 2006-11-02 07:10:07 92,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\krnl386.exe
+ 2006-09-18 21:43:37 221,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\lanman.drv
+ 2006-09-18 21:43:37 9,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\lzexpand.dll
+ 2006-11-02 07:09:55 39,274 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\mem.exe
+ 2006-11-02 07:10:21 68,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\MMSYSTEM.DLL
+ 2006-11-02 07:10:18 2,032 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\mouse.drv
+ 2006-09-18 21:43:37 108,464 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\netapi.dll
+ 2006-11-02 07:09:56 7,052 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\nlsfunc.exe
+ 2006-11-02 07:09:29 27,866 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS.SYS
+ 2006-11-02 07:09:35 29,146 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS404.SYS
+ 2006-11-02 07:09:38 29,370 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS411.SYS
+ 2006-11-02 07:09:40 29,274 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS412.SYS
+ 2006-11-02 07:09:31 29,146 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTDOS804.SYS
+ 2006-11-02 07:09:20 33,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO.SYS
+ 2006-11-02 07:09:23 34,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO404.SYS
+ 2006-11-02 07:09:24 35,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO411.SYS
+ 2006-11-02 07:09:26 35,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO412.SYS
+ 2006-11-02 07:09:22 34,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\NTIO804.SYS
+ 2006-11-02 09:46:12 14,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ntvdmd.dll
+ 2006-09-18 21:43:37 82,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\olecli.dll
+ 2006-11-02 07:10:34 24,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\OLESVR.DLL
+ 2006-09-18 21:43:37 46,592 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\pmspl.dll
+ 2006-11-02 07:10:00 2,842 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\redir.exe
+ 2006-11-02 07:09:53 11,753 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\setver.exe
+ 2006-11-02 07:10:14 5,120 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\SHELL.DLL
+ 2006-11-02 07:10:16 1,744 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\sound.drv
+ 2006-09-18 21:43:37 18,896 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\sysedit.exe
+ 2006-11-02 07:10:14 3,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\system.drv
+ 2006-11-02 07:10:26 4,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\TIMER.DRV
+ 2006-11-02 07:10:25 13,888 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\TOOLHELP.DLL

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 19th January 2009, 7:25 pm

+ 2006-11-02 07:10:12 47,840 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\USER.EXE
+ 2006-09-18 21:43:37 9,008 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ver.dll
+ 2006-11-02 07:10:17 2,176 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\vga.drv
+ 2006-11-02 07:10:30 12,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WFWNET.DRV
+ 2006-11-02 07:10:35 9,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WIFEMAN.DLL
+ 2006-11-02 08:35:53 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\win.com
+ 2006-09-18 21:43:37 13,312 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\win87em.dll
+ 2006-09-18 21:43:37 256,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\winhelp.exe
+ 2006-11-02 07:10:35 5,120 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINNLS.DLL
+ 2006-11-02 07:10:22 2,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSOCK.DLL
+ 2006-11-02 07:10:18 2,112 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSPOOL.EXE
+ 2006-11-02 07:10:27 2,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WOWDEB.EXE
+ 2006-11-02 07:10:24 8,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WOWEXEC.EXE
+ 2008-12-08 23:22:10 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16787_none_f052600a6e8e5046\OESpamFilter.dat
+ 2008-12-08 23:23:32 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20972_none_f0e1cd3587a85293\OESpamFilter.dat
+ 2008-12-09 23:54:42 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18182_none_f2339d3e6bb96284\OESpamFilter.dat
+ 2008-12-09 23:55:37 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22327_none_f3031ce984a1d682\OESpamFilter.dat
+ 2006-11-02 09:45:33 60,416 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.0.6001.18000_none_d6543f9ff5ec4aec\printui.exe
+ 2006-11-02 09:45:02 17,408 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\diskperf.exe
+ 2006-11-02 09:45:35 37,376 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\relog.exe
+ 2006-11-02 09:45:49 39,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\typeperf.exe
+ 2009-01-10 06:39:40 37,888 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18000_none_39733ab970ea03f2\printcom.dll
+ 2006-11-02 09:46:12 39,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfctrs.dll
+ 2006-11-02 09:46:12 31,744 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfdisk.dll
+ 2006-11-02 09:46:12 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfos.dll
+ 2006-11-02 09:46:12 35,840 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfproc.dll
+ 2006-11-02 09:45:31 61,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6001.18000_none_f0037a3c7d6c36a4\ntprint.exe
+ 2006-11-02 09:45:32 7,680 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\plasrv.exe
+ 2006-11-02 12:36:18 20,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.0.6001.18000_none_b403a1813dce9905\lprmon.dll
+ 2006-11-02 12:36:18 11,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.0.6001.18000_none_b403a1813dce9905\lprmonui.dll
+ 2006-11-02 12:35:39 1,486,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..topeeradhocmeetings_31bf3856ad364e35_6.0.6001.18000_none_aa47d5c4002219b8\WinCollabRes.dll
+ 2009-01-10 06:43:31 30,674 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\perfc.dat
+ 2009-01-10 06:43:31 30,674 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\perfd.dat
+ 2009-01-10 06:43:31 287,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\perfh.dat
+ 2009-01-10 06:43:31 287,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\perfi.dat
+ 2006-11-02 09:42:44 17,408 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\prflbmsg.dll
+ 2006-11-02 12:35:38 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpperf.dll
+ 2006-11-02 09:45:32 13,312 ----a-w c:\windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.0.6001.18000_none_a931a5078fdac855\PATHPING.EXE
+ 2006-11-02 09:45:49 12,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.0.6001.18000_none_a931a5078fdac855\TRACERT.EXE
+ 2006-11-02 09:46:12 15,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18000_none_ae4b689057a4a1e3\pacerprf.dll
+ 2006-11-02 09:46:13 33,280 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18000_none_ae4b689057a4a1e3\traffic.dll
+ 2006-11-02 09:46:14 13,824 ----a-w c:\windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18000_none_ae4b689057a4a1e3\wshqos.dll
+ 2006-11-02 12:36:25 7,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\mll_hp.dll
+ 2006-11-02 12:36:25 17,408 ----a-w c:\windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmsevt.dll
+ 2006-11-02 12:36:25 43,008 ----a-w c:\windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\rsm.exe
+ 2006-11-02 12:36:25 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\rsmmllsv.exe
+ 2006-11-02 12:36:25 22,016 ----a-w c:\windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\rsmsink.exe
+ 2006-11-02 12:36:25 54,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\rsmui.exe
+ 2006-11-02 09:46:12 10,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasadhlp.dll
+ 2006-11-02 09:45:34 16,896 ----a-w c:\windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasautou.exe
+ 2006-11-02 09:46:12 32,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6001.18000_none_0de067e17a6f4519\rasmxs.dll
+ 2006-11-02 09:46:12 22,016 ----a-w c:\windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.0.6001.18000_none_0de067e17a6f4519\rasser.dll
+ 2006-11-02 09:45:34 16,896 ----a-w c:\windows\winsxs\x86_microsoft-windows-rasclienttools_31bf3856ad364e35_6.0.6001.18000_none_6f46cfc8a8b142a0\rasdial.exe
+ 2006-11-02 09:46:12 36,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6001.18000_none_0d159410ea7a8f9d\rtutils.dll

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 19th January 2009, 7:25 pm

+ 2006-11-02 09:46:02 13,824 ----a-w c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\clb.dll
+ 2006-11-02 09:45:35 9,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedt32.exe
+ 2006-11-02 12:35:24 40,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.0.6001.18000_none_3758172c01e5ce47\racpldlg.dll
+ 2006-11-02 09:45:37 14,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-restartmanager_31bf3856ad364e35_6.0.6001.18000_none_803567cb241e9c20\RmClient.exe
+ 2009-01-10 06:39:32 14,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18000_none_547dcc3187eaff70\wshrm.dll
+ 2006-11-02 09:46:03 10,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_6.0.6001.18000_none_17d3c60709ecb009\dfrgifps.dll
+ 2006-11-02 12:35:38 12,555,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..inboxgames-shanghai_31bf3856ad364e35_6.0.6001.18000_none_c0a3fbb5ef29fe27\Mahjong.dll
+ 2006-11-02 12:35:37 29,001,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.0.6001.18000_none_74d4a1cd7e673a2e\Chess.dll
+ 2006-11-02 12:35:35 4,305,408 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..oxgames-minesweeper_31bf3856ad364e35_6.0.6001.18000_none_a2611d5c392f48a1\MineSweeper.dll
+ 2006-11-02 12:35:36 28,665,856 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.0.6001.18000_none_062b7e7afe71e492\PurblePlace.dll
+ 2006-11-02 12:35:35 8,384,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.0.6001.18000_none_062b7e7afe71e492\PurblePlace2.dll
+ 2006-11-02 09:46:12 42,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.0.6001.18000_none_4849149a305ec4a4\pstorec.dll
+ 2006-11-02 09:46:12 23,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.0.6001.18000_none_4849149a305ec4a4\pstorsvc.dll
+ 2006-11-02 09:46:14 8,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-session0viewer_31bf3856ad364e35_6.0.6001.18000_none_e1e6e80246adfe72\WlS0WndH.dll
+ 2006-11-02 09:43:11 2,928,640 ----a-w c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6001.18000_none_322c7e4ead424897\W32UIImg.dll
+ 2006-11-02 09:46:13 4,608 ----a-w c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_a735c34c5c31a578\sfc.dll
+ 2006-11-02 12:35:15 66,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6001.18000_none_cedcabbd26a81ad6\sbdrop.dll
+ 2006-11-02 09:46:12 66,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-smartcardsubsystem_31bf3856ad364e35_6.0.6001.18000_none_17fd3fa469f2e862\SCardDlg.dll
+ 2008-12-16 03:14:37 290,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16789_none_d7c3afd4f985c7a2\srv.sys
+ 2008-12-16 03:07:02 290,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20976_none_d8551d94129dfc9d\srv.sys
+ 2008-12-16 02:42:39 288,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18185_none_d9a5ed52f6aff337\srv.sys
+ 2008-12-16 01:53:56 288,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22331_none_da619a780fa89f17\srv.sys
+ 2006-11-02 09:46:13 9,728 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver_31bf3856ad364e35_6.0.6001.18000_none_f8f4e8f8eadb7d91\sscore.dll
+ 2006-11-02 09:45:46 12,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-snmp-trap-service_31bf3856ad364e35_6.0.6001.18000_none_cf8afedd3f67da88\snmptrap.exe
+ 2006-11-02 12:34:32 16,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.0.6001.18000_none_1c09f00b4bcc9fbc\SpeechUXPS.DLL
+ 2006-11-02 09:46:13 151,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-sqlliteoledb_31bf3856ad364e35_6.0.6001.18000_none_be7f06c980d3ea88\sqlceoledb30.dll
+ 2006-11-02 09:39:30 3,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_6.0.6001.18000_none_ea70eae59b4e2b12\icmp.dll
+ 2006-11-02 07:39:56 1,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\penchs.dll
+ 2006-11-02 07:39:56 1,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\pencht.dll
+ 2006-11-02 07:39:56 1,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\penjpn.dll
+ 2006-11-02 07:39:56 1,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\penkor.dll
+ 2006-11-02 07:39:56 1,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\penusa.dll
+ 2006-11-02 09:45:32 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\pipanel.exe
+ 2006-11-02 07:39:56 1,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\pipres.dll
+ 2006-11-02 07:39:56 1,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\skchobj.dll
+ 2006-11-02 07:39:56 1,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\skchui.dll
+ 2006-11-02 12:35:47 19,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6001.18000_none_4264ef6a4d057d2c\jnwmon.dll
+ 2006-11-02 12:35:47 22,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6001.18000_none_4264ef6a4d057d2c\jnwppr.dll
+ 2006-11-02 12:35:47 47,104 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6001.18000_none_4264ef6a4d057d2c\PDIALOG.exe
+ 2006-11-02 12:35:44 1,495,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..krecognition.zh-chs_31bf3856ad364e35_6.0.6001.18000_none_fd484d54658ae209\chslm.lex.bin
+ 2006-11-02 12:35:44 10,335,843 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..krecognition.zh-chs_31bf3856ad364e35_6.0.6001.18000_none_fd484d54658ae209\chslm.wdic2.bin
+ 2006-11-02 12:35:44 21,963,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..krecognition.zh-chs_31bf3856ad364e35_6.0.6001.18000_none_fd484d54658ae209\mshwchsr.dll
+ 2006-11-02 12:35:46 2,187,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..krecognition.zh-cht_31bf3856ad364e35_6.0.6001.18000_none_fd48368c658afbaa\chtlm.lex.bin
+ 2006-11-02 12:35:45 11,300,913 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..krecognition.zh-cht_31bf3856ad364e35_6.0.6001.18000_none_fd48368c658afbaa\chtlm.wdic2.bin
+ 2006-11-02 12:35:45 19,991,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..krecognition.zh-cht_31bf3856ad364e35_6.0.6001.18000_none_fd48368c658afbaa\mshwchtr.dll
+ 2006-11-02 12:35:47 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.0.6001.18000_none_3fac12f5c6543548\IPSEventLogMsg.dll
+ 2006-11-02 12:35:47 19,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.0.6001.18000_none_3fac12f5c6543548\TabIpsps.dll
+ 2006-11-02 12:35:48 19,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6001.18000_none_4d983a117ea4cea6\jnwmon.dll
+ 2006-11-02 12:35:48 22,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..ournalnotewriterqfe_31bf3856ad364e35_6.0.6001.18000_none_4d983a117ea4cea6\jnwppr.dll
+ 2006-11-02 12:35:24 68,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..platform-input-core_31bf3856ad364e35_6.0.6001.18000_none_d1104c78dccde5fe\TabSvc.dll
+ 2006-11-02 12:35:24 2,073,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..platform-input-core_31bf3856ad364e35_6.0.6001.18000_none_d1104c78dccde5fe\TouchX.dll

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 19th January 2009, 7:26 pm

+ 2006-11-02 12:35:40 13,577,657 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..reinkrecognition.ja_31bf3856ad364e35_6.0.6001.18000_none_03ed68ae2c4994ef\dicjp.bin
+ 2006-11-02 12:35:41 8,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..reinkrecognition.ja_31bf3856ad364e35_6.0.6001.18000_none_03ed68ae2c4994ef\dicjp.dll
+ 2006-11-02 12:35:40 21,462,016 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..reinkrecognition.ja_31bf3856ad364e35_6.0.6001.18000_none_03ed68ae2c4994ef\mshwjpnr.dll
+ 2006-11-02 12:35:41 21,827,584 ----a-w c:\windows\winsxs\x86_microsoft-windows-t..reinkrecognition.ko_31bf3856ad364e35_6.0.6001.18000_none_03ed2a082c4a1514\mshwkorr.dll
+ 2006-11-02 12:35:47 114,688 ----a-w c:\windows\winsxs\x86_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.0.6001.18000_none_118f15c677824d1e\TipBand.dll
+ 2006-11-02 12:35:47 1,149,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.0.6001.18000_none_118f15c677824d1e\TipRes.dll
+ 2006-11-02 12:35:48 47,104 ----a-w c:\windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6001.18000_none_17b18851a49835e5\NBMapTIP.dll
+ 2006-11-02 12:35:43 149,504 ----a-w c:\windows\winsxs\x86_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.0.6001.18000_none_d1b1affa515cd235\tabskb.dll
+ 2006-11-02 09:46:13 858,112 ----a-w c:\windows\winsxs\x86_microsoft-windows-tapi3_31bf3856ad364e35_6.0.6001.18000_none_6148b1ca8f906dbb\tapi3.dll
+ 2006-11-02 09:46:13 9,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-tapisetup_31bf3856ad364e35_6.0.6001.18000_none_69f32ac39b2a05e1\TapiSysprep.dll
+ 2006-11-02 09:45:48 10,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-tapisetup_31bf3856ad364e35_6.0.6001.18000_none_69f32ac39b2a05e1\TapiUnattend.exe
+ 2006-11-02 09:44:50 19,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\ARP.EXE
+ 2006-11-02 09:45:07 10,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\finger.exe
+ 2006-11-02 09:45:13 8,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\HOSTNAME.EXE
+ 2006-11-02 09:45:25 11,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\MRINFO.EXE
+ 2006-11-02 09:45:30 27,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\NETSTAT.EXE
+ 2006-11-02 09:45:49 9,728 ----a-w c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\TCPSVCS.EXE
+ 2006-11-02 12:35:38 57,856 ----a-w c:\windows\winsxs\x86_microsoft-windows-telnet-server_31bf3856ad364e35_6.0.6001.18000_none_9307dcf14f15ce10\tlntadmn.exe

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 19th January 2009, 7:26 pm

+ 2006-11-02 09:46:13 40,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.0.6001.18000_none_777d16eedf412426\tpmcompc.dll
+ 2006-11-02 09:46:13 34,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.0.6001.18000_none_f501a18e1eaabcb9\uicom.dll
+ 2006-11-02 09:46:13 16,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-unimodem-core_31bf3856ad364e35_6.0.6001.18000_none_949832cbd48def6a\uniplat.dll
+ 2006-11-02 09:46:13 41,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.0.6001.18000_none_c1e834753483fdcf\udhisapi.dll
+ 2006-11-02 09:46:13 37,888 ----a-w c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.0.6001.18000_none_7fc972ebd13849b5\ssdpapi.dll
+ 2006-11-02 09:46:02 65,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18000_none_9231f0ab88c213e9\avicap32.dll
+ 2006-11-02 09:46:05 82,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18000_none_9231f0ab88c213e9\mciavi32.dll
+ 2006-11-02 09:46:10 12,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18000_none_9231f0ab88c213e9\msrle32.dll
+ 2006-11-02 12:34:41 198,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_32943b11b3535c07\sti.dll
+ 2006-11-02 12:34:41 12,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_32943b11b3535c07\wiatrace.dll
+ 2006-11-02 09:45:51 516,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.18000_none_42a95d80d7929e62\wab.exe
+ 2006-11-02 09:46:13 33,280 ----a-w c:\windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.18000_none_42a95d80d7929e62\wabfind.dll
+ 2006-11-02 09:45:51 66,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.18000_none_42a95d80d7929e62\wabmig.exe
+ 2006-11-02 07:28:12 1,098,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.0.6001.18000_none_55236d7549c923f0\wab32res.dll
+ 2006-11-02 09:46:13 41,984 ----a-w c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.0.6001.18000_none_55236d7549c923f0\wabimp.dll
+ 2006-11-02 09:46:14 10,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wmsgapi.dll
+ 2006-11-02 09:46:13 15,360 ----a-w c:\windows\winsxs\x86_microsoft-windows-winlogon-sysntfy_31bf3856ad364e35_6.0.6001.18000_none_5572f3220fb3454e\sysntfy.dll
+ 2006-11-02 09:46:14 9,728 ----a-w c:\windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_6.0.6001.18000_none_1636766731a74faf\winrssrv.dll
+ 2006-11-02 09:43:00 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.0.6001.18000_none_e36536a91186bed0\rnr20.dll
+ 2006-11-02 09:46:13 36,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-wmi-consumers_31bf3856ad364e35_6.0.6001.18000_none_4ad2276858e160c5\SMTPCons.dll
+ 2006-11-02 07:14:23 6,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\WinMgmtR.dll
+ 2006-11-02 07:15:27 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\WmiApRes.dll
+ 2006-11-02 09:46:05 35,840 ----a-w c:\windows\winsxs\x86_microsoft-windows-wmi-krnlprov-provider_31bf3856ad364e35_6.0.6001.18000_none_e3b0c3fff516edba\KrnlProv.dll
+ 2006-11-02 09:46:05 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-wmi-management-snapins_31bf3856ad364e35_6.0.6001.18000_none_9be5ddb8baf2bc00\MMFUtil.dll
+ 2006-11-02 09:46:14 43,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-wmi-time-provider_31bf3856ad364e35_6.0.6001.18000_none_ed321ab4287c62df\wmitimep.dll
+ 2006-11-02 09:46:14 39,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_6.0.6001.18000_none_c6cb05b6765124d9\wmipdfs.dll
+ 2006-11-02 09:46:14 43,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_6.0.6001.18000_none_c6cb05b6765124d9\WMIPSESS.dll
+ 2006-11-02 12:35:58 31,744 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-legacywmdmapi_31bf3856ad364e35_6.0.6001.18000_none_59aa91436faa8e2e\wmdmlog.dll
+ 2006-11-02 12:35:58 36,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-legacywmdmapi_31bf3856ad364e35_6.0.6001.18000_none_59aa91436faa8e2e\wmdmps.dll
+ 2009-01-10 07:10:01 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18000_none_4b00c645ec09f02d\PortableDeviceClassExtension.dll
+ 2009-01-10 07:10:01 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18000_none_4b00c645ec09f02d\PortableDeviceTypes.dll
+ 2006-11-02 09:46:12 32,768 ----a-w c:\windows\winsxs\x86_microsoft.windows.h...sdhost-driverclass_31bf3856ad364e35_6.0.6001.18000_none_c2f17878c82f85ef\sdhcinst.dll
+ 2006-11-02 09:46:02 39,936 ----a-w c:\windows\winsxs\x86_microsoft.windows.h..uetooth-driverclass_31bf3856ad364e35_6.0.6001.18000_none_84e4ea4562dcf212\bthserv.dll
+ 2006-11-02 12:41:20 1,327,104 ----a-w c:\windows\winsxs\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.0.6001.18000_en-us_40f01b7c96c997a3\AuthFWSnapIn.Resources.dll
+ 2006-11-02 09:46:48 274,432 ----a-w c:\windows\winsxs\x86_networking-mpssvc-admin_31bf3856ad364e35_6.0.6001.18000_none_a5522df381cef60a\AuthFWWizFwk.dll
+ 2006-11-02 09:45:10 263,680 ----a-w c:\windows\winsxs\x86_networking-mpssvc_31bf3856ad364e35_6.0.6001.18000_none_0a7986d9b92aa27a\FirewallSettings.exe
+ 2006-11-02 12:34:32 16,488 ----a-w c:\windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpAsDesc.dll
+ 2006-11-02 12:34:32 11,368 ----a-w c:\windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpLics.dll
+ 2006-11-02 12:34:32 653,928 ----a-w c:\windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpRes.dll
+ 2006-11-02 06:29:53 18,271 ----a-w c:\windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_6.0.6001.18000_none_9784d4f858e3c74e\StructuredQuerySchemaTrivial.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-01-09 1232896]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 53248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 18:26 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1980A3A3-72DB-4E3F-9F05-2191AA5DB79A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0816D0DF-B54B-4F22-AD54-EF92FB51704A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{00D323C8-E223-4115-B226-39A64557D821}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{516FF797-A0CA-43D6-A288-6A38B1835483}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F67C3699-D469-4522-851C-F156159CCFE6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D2100068-A81F-4DFA-A023-89A8E6C91F13}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AE100143-A4AF-4F19-A255-1F87AACED5C4}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BC772F8E-19BD-44C7-9AE8-77DBB2AEC02E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090113.002\IDSvix86.sys [2009-01-15 270384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-15 99376]
R3 KeyScrambler;KeyScrambler;c:\windows\System32\drivers\keyscrambler.sys [2009-01-01 113896]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2007-08-01 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2007-08-01 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [2007-08-01 31104]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2007-01-09 38200]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-08-01 812544]
R4 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-01 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-08-01 79736]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\rafdrutm.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\rafdrutm.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-01-19 11:05:45
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-19 11:07:46
ComboFix-quarantined-files.txt 2009-01-19 19:07:44
ComboFix2.txt 2009-01-14 05:57:50
ComboFix3.txt 2009-01-12 07:57:41
ComboFix4.txt 2009-01-06 05:25:56
ComboFix5.txt 2009-01-19 19:02:16

Pre-Run: 212,437,590,016 bytes free
Post-Run: 212,408,815,616 bytes free

813 --- E O F --- 2009-01-14 11:02:59

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 19th January 2009, 7:39 pm

Hopefully that has taken care of the last two items MBAM found, try windows updates now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 19th January 2009, 7:43 pm

no =/ i still cant do updates........and spybot is still finding it.
error code : 80244019

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved this is spybot log

Post by AARG12 on 19th January 2009, 7:45 pm

Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #1 (Undefined) (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer=208.67.220.220,208.67.222.222

Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #2 (Undefined) (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer=208.67.220.220,208.67.222.222

User abort!: Scan was not completed successfully. ()



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2009-01-01 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2008-11-04 Includes\Adware.sbi (*)
2008-12-29 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2009-01-06 Includes\Dialer.sbi (*)
2009-01-06 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2009-01-05 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2008-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2009-01-06 Includes\MalwareC.sbi (*)
2008-12-15 Includes\PUPS.sbi (*)
2009-01-06 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-29 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-12-10 Includes\Spyware.sbi (*)
2009-01-06 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2009-01-05 Includes\Trojans.sbi (*)
2009-01-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows Vista (Build: 6000) (6.0.6000)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB929729)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 40048
MD5: 66D4456C920E21BD2188F8CC33680DF5

Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint\Apoint.exe
file: C:\Program Files\Apoint\Apoint.exe
size: 118784
MD5: 6FC8ECA367679C2AEBBA09A416B4C18D

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 115816
MD5: 25BE770865658CB79100117112819A7C

Located: HK_LM:Run, HotKeysCmds
command: C:\Windows\system32\hkcmd.exe
file: C:\Windows\system32\hkcmd.exe
size: 154136
MD5: 161E3038BFE9AD04B9F35F7E83AFD20E

Located: HK_LM:Run, IgfxTray
command: C:\Windows\system32\igfxtray.exe
file: C:\Windows\system32\igfxtray.exe
size: 137752
MD5: 0ADD73DDAAD83314B0F32453B83F7F9C

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 290088
MD5: E6A4E341E4304B34AA280D3E73818C90

Located: HK_LM:Run, Persistence
command: C:\Windows\system32\igfxpers.exe
file: C:\Windows\system32\igfxpers.exe
size: 133656
MD5: 39AFBBC65BF0469946EBA8C0C2884B76

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 9C9B6807425CEF840C117654D8B033D1

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345

Located: HK_LM:Run, Symantec PIF AlertEng
command: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
file: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
size: 583048
MD5: 2D1389E05A807D956829F44BD4B60389

Located: HK_LM:Run, VAIO Center Access Bar
command: "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
file: c:\program files\sony\VAIO Center Access Bar\VCAB.exe
size: 53248
MD5: 15168B31FDCD5D90EFE641CBD243608A

Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-712910195-2065108488-2920947175-1002...
command: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
size: 5724184
MD5: A8972A2F9A744DD5EE0BFE429D767F1C

Located: HK_CU:Run, Sidebar
where: S-1-5-21-712910195-2065108488-2920947175-1002...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-712910195-2065108488-2920947175-1002...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, VESWinlogon
command: VESWinlogon.dll
file: VESWinlogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx
AcroIEhelper.dll
info link: [You must be registered and logged in to see this link.]
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2006 22:08:42
Date (last access): 8/1/2007 18:44:58
Date (last write): 10/22/2006 22:08:42
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\
Long name: NppBHO.dll
Short name:
Date (created): 2/18/2007 20:22:56
Date (last access): 12/14/2008 21:08:24
Date (last write): 2/18/2007 20:22:56
Filesize: 97960
Attributes: readonly archive
MD5: FE48BB4C64B6D42EB637732D9D2962E4
CRC32: 9D5C5BBE
Version: 2007.1.7.4

{2B9F5787-88A5-4945-90E7-C4B18563BC5E} (QFX Software KeyScrambler)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: QFX Software KeyScrambler
CLSID name: CKeyScramblerBHO Object
Path: C:\Program Files\KeyScrambler\
Long name: KeyScramblerIE.dll
Short name: KEYSCR~1.DLL
Date (created): 1/1/2009 21:16:02
Date (last access): 1/1/2009 21:16:02
Date (last write): 6/1/2008 23:24:58
Filesize: 808936
Attributes: archive
MD5: 0D29B9DA7774E34DB6E84C159A16FFF8
CRC32: 2486FAA4
Version: 2.1.0.1

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: [You must be registered and logged in to see this link.]
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 1/5/2009 20:37:56
Date (last access): 1/5/2009 20:37:56
Date (last write): 9/15/2008 14:25:44
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 12/15/2008 22:03:32
Date (last access): 12/15/2008 22:03:32
Date (last write): 12/15/2008 22:03:32
Filesize: 320920
Attributes: archive
MD5: 35E6FB6E6003BD54A5D69C9C1C762192
CRC32: 9699660C
Version: 6.0.110.3

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 12/15/2008 22:03:30
Date (last access): 12/15/2008 22:03:30
Date (last write): 12/15/2008 22:03:30
Filesize: 34816
Attributes: archive
MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
CRC32: D7C13FB2
Version: 6.0.110.3

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 19th January 2009, 7:46 pm

--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: [You must be registered and logged in to see this link.]
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/15/2008 22:03:30
Date (last access): 12/15/2008 22:03:30
Date (last write): 12/15/2008 22:03:30
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ()
DPF name:
CLSID name:
Installer:
Codebase:

{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0
Installer:
Codebase: [You must be registered and logged in to see this link.]
description:
classification: Legitimate
known filename: npjpi160.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/15/2008 22:03:30
Date (last access): 12/15/2008 22:03:30
Date (last write): 12/15/2008 22:03:30
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: [You must be registered and logged in to see this link.]
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/15/2008 22:03:30
Date (last access): 12/15/2008 22:03:30
Date (last write): 12/15/2008 22:03:30
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: [You must be registered and logged in to see this link.]
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/15/2008 22:03:32
Date (last access): 12/15/2008 22:03:32
Date (last write): 12/15/2008 22:03:32
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3

{D0C0F75C-683A-4390-A791-1ACFD5599AB8} ()
DPF name:
CLSID name:
Installer:
Codebase:

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 19th January 2009, 7:46 pm

--- Process list ---
PID: 1848 (1040) C:\Windows\system32\Dwm.exe
size: 83456
MD5: E87B968F3D49117445893EB0503FE34F
PID: 1876 (1828) C:\Windows\Explorer.EXE
size: 2923520
MD5: 37440D09DEAE0B672A04DCCF7ABF06BE
PID: 300 (1052) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 480 (1052) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 600 (1876) C:\Windows\System32\hkcmd.exe
size: 154136
MD5: 161E3038BFE9AD04B9F35F7E83AFD20E
PID: 796 (1876) C:\Windows\System32\igfxpers.exe
size: 133656
MD5: 39AFBBC65BF0469946EBA8C0C2884B76
PID: 1384 (1876) C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345
PID: 1508 (1876) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 115816
MD5: 25BE770865658CB79100117112819A7C
PID: 1608 (1876) C:\Program Files\iTunes\iTunesHelper.exe
size: 290088
MD5: E6A4E341E4304B34AA280D3E73818C90
PID: 1872 (1876) C:\Program Files\Apoint\Apoint.exe
size: 118784
MD5: 6FC8ECA367679C2AEBBA09A416B4C18D
PID: 620 (1876) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6
PID: 1976 (1876) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 5724184
MD5: A8972A2F9A744DD5EE0BFE429D767F1C
PID: 272 (1876) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6
PID: 3256 ( 820) C:\Windows\system32\igfxsrvc.exe
size: 252440
MD5: 0B0161799AAB35ABC3C42590E65491CC
PID: 3684 ( 480) C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
size: 551032
MD5: 661EC6D57E040003CAB8AC0280B36940
PID: 3728 ( 480) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
size: 469112
MD5: AF334CA84536E743D6AEF32548223403
PID: 4036 (1872) C:\Program Files\Apoint\ApMsgFwd.exe
size: 50736
MD5: 42370C1DE2B83844B253478DB8A907D5
PID: 3632 (1748) C:\Program Files\Apoint\Apntex.exe
size: 40960
MD5: 99A7B10500920E5CC79B700927B18BC1
PID: 4004 (1876) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 3924 ( 820) C:\Windows\System32\mobsync.exe
size: 95232
MD5: 9C632DC0F1B6D79B05F46A4A5349CEF4
PID: 5828 (5816) C:\Program Files\Internet Explorer\IEUser.exe
size: 301568
MD5: CC3BC04443E65FEB28B5A043420610BA
PID: 4856 (1876) C:\Program Files\Mozilla Firefox\firefox.exe
size: 307704
MD5: 8DA0A66CB74FCBB393038E37E0F691BA
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 392 ( 4) smss.exe
size: 62976
PID: 520 ( 508) csrss.exe
size: 7680
PID: 560 ( 508) wininit.exe
size: 95744
PID: 568 ( 552) csrss.exe
size: 7680
PID: 604 ( 560) services.exe
size: 279552
PID: 624 ( 560) lsass.exe
size: 7680
PID: 636 ( 560) lsm.exe
size: 210944
PID: 732 ( 552) winlogon.exe
size: 308224
PID: 820 ( 604) svchost.exe
size: 22016
PID: 876 ( 604) svchost.exe
size: 22016
PID: 908 ( 604) svchost.exe
size: 22016
PID: 1016 ( 604) svchost.exe
size: 22016
PID: 1040 ( 604) svchost.exe
size: 22016
PID: 1052 ( 604) svchost.exe
size: 22016
PID: 1160 (1016) audiodg.exe
size: 88064
PID: 1192 ( 604) SLsvc.exe
size: 2605568
PID: 1232 ( 604) svchost.exe
size: 22016
PID: 1396 ( 604) svchost.exe
size: 22016
PID: 1568 ( 604) ccSvcHst.exe
PID: 1928 ( 604) spoolsv.exe
size: 124928
PID: 1952 ( 604) svchost.exe
size: 22016
PID: 244 ( 604) AppleMobileDeviceService.exe
PID: 1108 ( 604) mDNSResponder.exe
PID: 1500 ( 604) svchost.exe
size: 22016
PID: 2056 ( 604) iviRegMgr.exe
PID: 2172 ( 604) svchost.exe
size: 22016
PID: 2212 ( 604) stacsv.exe
size: 94208
PID: 2312 ( 604) svchost.exe
size: 22016
PID: 2436 ( 604) VESMgr.exe
PID: 2500 ( 604) VCSW.exe
PID: 2584 ( 604) svchost.exe
size: 22016
PID: 2616 ( 604) SearchIndexer.exe
size: 287744
PID: 2720 ( 604) XAudio.exe
PID: 2744 ( 604) VzCdbSvc.exe
PID: 2772 (1040) WUDFHost.exe
size: 143360
PID: 2828 ( 604) VzFw.exe
PID: 3320 (2436) VESMgrSub.exe
PID: 3480 ( 820) igfxext.exe
size: 166424
PID: 3508 ( 820) igfxsrvc.exe
size: 252440
PID: 3676 (1052) taskeng.exe
size: 166400
PID: 1832 (3320) SPMgr.exe
PID: 3348 ( 604) iPodService.exe
PID: 4208 ( 604) TrustedInstaller.exe
PID: 1664 ( 820) WmiPrvSE.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 1/19/2009 11:43:50

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
[You must be registered and logged in to see this link.]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
[You must be registered and logged in to see this link.]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
[You must be registered and logged in to see this link.]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
[You must be registered and logged in to see this link.]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
[You must be registered and logged in to see this link.]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
[You must be registered and logged in to see this link.]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchAssistant
[You must be registered and logged in to see this link.]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
[You must be registered and logged in to see this link.]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
[You must be registered and logged in to see this link.]


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll

Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FAECE2F7-4527-429B-AF36-B0C020A0926C}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FAECE2F7-4527-429B-AF36-B0C020A0926C}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3190096-33E1-494F-8233-2FE9ECE13E18}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F3190096-33E1-494F-8233-2FE9ECE13E18}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{FAECE2F7-4527-429B-AF36-B0C020A0926C}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{FAECE2F7-4527-429B-AF36-B0C020A0926C}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F3190096-33E1-494F-8233-2FE9ECE13E18}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F3190096-33E1-494F-8233-2FE9ECE13E18}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 3: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 4: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 5: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 6: Bluetooth Namespace
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace

Namespace Provider 7: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 19th January 2009, 7:51 pm

Malwarebytes' Anti-Malware 1.32
Database version: 1643
Windows 6.0.6000

1/19/2009 11:51:09
mbam-log-2009-01-19 (11-51-09).txt

Scan type: Quick Scan
Objects scanned: 49297
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f3190096-33e1-494f-8233-2fe9ece13e18}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.178 85.255.112.102 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by AARG12 on 19th January 2009, 7:53 pm

right now since i ran both of those, its clean and i can do updates i have learned, but once the comp is restarted. the trojans are still there. and i have to rerun both the programs to delete them once again.

AARG12
Intermediate
Intermediate

Posts Posts : 65
Joined Joined : 2008-12-31
Gender Gender : Male
OS OS : Windows Vista
Points Points : 28980
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 19th January 2009, 7:55 pm

Hold on, I'm gonna go back to my colleagues. That IP isn't part of the wareout, it's openDNS, I don't why Spybot detects it, but it's not malicious.

I honestly think it's something in your network that blocks it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Belahzur on 19th January 2009, 8:05 pm

Back again, just been reading a Vista forum on this infection.

The infection isn't on your machine, it's on your router.
Instead of hijacking the machines DNS, they hijack the router, so the machine is clean, but the router is infected.
THAT is why it returns.

You may need to call up your internet provider and talk with them to reset your router to defaults and set the settings back to them.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I NEED HELP WITH Troj/Rustok-N i cant get rid of it!!!

Post by Doctor Inferno on 2nd May 2009, 6:34 am

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104610
# Likes # Likes : 0

View user profile

Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum