Dreaded Troj/Rustok-N

View previous topic View next topic Go down

Solved Dreaded Troj/Rustok-N

Post by cody on 10th January 2009, 8:35 am

Sorry to bother with the same problem you've messed with before.. But I've tried lots of stuff to get rid of it.. Spyware Doctor, True Sword, Antivir....

I just don't know what to do anymore.. anything you could do would help loads.

My Hijack-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:59 AM, on 1/10/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\igfxext.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Acer\Downloads\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Palo Alto Software Update Manager 9.0.lnk = C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.line6.net
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12789 bytes



My MBAB-

Malwarebytes' Anti-Malware 1.32
Database version: 1637
Windows 6.0.6000

1/10/2009 3:34:03 AM
mbam-log-2009-01-10 (03-34-03).txt

Scan type: Quick Scan
Objects scanned: 50096
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

cody
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-01-10
OS OS : Vista
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Dreaded Troj/Rustok-N

Post by Belahzur on 10th January 2009, 2:13 pm

Hello.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Dreaded Troj/Rustok-N

Post by cody on 10th January 2009, 4:23 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

cody
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-01-10
OS OS : Vista
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Dreaded Troj/Rustok-N

Post by Belahzur on 10th January 2009, 4:25 pm

Okay, no rootkit there.
Lets take a look around.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Click No for Optional Scan.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Dreaded Troj/Rustok-N

Post by cody on 10th January 2009, 4:38 pm

DDS (Ver_09-01-07.01) - NTFSx86
Run by Acer at 11:36:20.89 on Sat 01/10/2009
Internet Explorer: 7.0.6000.16764 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3062.1824 [GMT -5:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\explorer.exe
C:\Users\Acer\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSEARCH PAGE = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:\progra~1\oovoot~1\OOVOOT~1.DLL
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:\progra~1\oovoot~1\OOVOOT~1.DLL
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Acer Tour Reminder]
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\acer\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Aim6]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [Acer Tour]
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SetPanel] c:\acer\apanel\APanel.cmd
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [eRecoveryService]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\paloal~1.lnk - c:\program files\common files\palo alto software\9.0\PAS9_Update.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: line6.net
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll

cody
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-01-10
OS OS : Vista
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Dreaded Troj/Rustok-N

Post by cody on 10th January 2009, 4:40 pm

================= FIREFOX ===================

FF - ProfilePath - c:\users\acer\appdata\roaming\mozilla\firefox\profiles\5dlxq1tg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\users\acer\appdata\roaming\mozilla\firefox\profiles\5dlxq1tg.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\acer\appdata\local\google\update\1.2.133.33\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-1-10 160792]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-12-18 43008]
R4 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-11-3 41456]
R4 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2008-11-3 233472]
S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\drivers\AVerA310USB.sys [2007-12-18 26368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-12-18 179712]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2007-12-18 42240]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20061025.029\IDSvix86.sys [2007-12-18 202872]
S3 L6UX2;Service - Line 6 UX2;c:\windows\system32\drivers\L6UX2.sys [2008-10-24 530560]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-10 356920]

=============== Created Last 30 ================

2009-01-10 03:14 --d----- c:\users\acer\appdata\roaming\Malwarebytes
2009-01-10 03:14 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-10 03:14 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 03:14 --d----- c:\programdata\Malwarebytes
2009-01-10 03:14 --d----- c:\progra~2\Malwarebytes
2009-01-10 03:14 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-10 02:47 --d----- c:\users\acer\appdata\roaming\True Sword
2009-01-10 02:46 --d----- c:\program files\True Sword 5
2009-01-10 02:09 160,792 a------- c:\windows\system32\drivers\pctfw2.sys
2009-01-10 02:09 a-d----- c:\programdata\TEMP
2009-01-10 02:09 --d----- c:\program files\common files\PC Tools
2009-01-10 02:09 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-01-10 02:09 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-01-10 02:09 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-01-10 02:09 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-01-10 02:08 --d----- c:\users\acer\appdata\roaming\PC Tools
2009-01-10 02:08 --d----- c:\programdata\PC Tools
2009-01-10 02:08 --d----- c:\program files\Spyware Doctor
2009-01-10 02:08 --d----- c:\progra~2\PC Tools
2009-01-04 12:10 --d----- c:\program files\Xilisoft
2009-01-01 03:23 --d----- c:\program files\CCleaner
2008-12-31 16:48 --d----- c:\programdata\Propellerhead Software
2008-12-31 16:48 --d----- c:\progra~2\Propellerhead Software
2008-12-31 16:48 --d----- c:\users\acer\appdata\roaming\Propellerhead Software
2008-12-31 16:09 --d----- c:\programdata\Sonoma Wire Works
2008-12-31 16:09 --d----- c:\progra~2\Sonoma Wire Works
2008-12-30 01:19 -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-12-30 01:18 --d----- c:\programdata\WLInstaller
2008-12-25 12:50 --d----- c:\users\acer\appdata\roaming\Ableton
2008-12-25 12:50 368,640 a------- c:\windows\system32\ReWire.dll
2008-12-25 12:50 233,472 a------- c:\windows\system32\REX Shared Library.dll
2008-12-25 10:29 --d----- c:\users\acer\appdata\roaming\Line 6
2008-12-25 09:51 --d----- c:\programdata\Line 6
2008-12-25 09:51 --d----- c:\program files\common files\Digidesign
2008-12-25 09:51 --d----- c:\progra~2\Line 6
2008-12-19 03:00 1,383,424 a------- c:\windows\system32\mshtml.tlb
2008-12-18 23:24 --d----- c:\programdata\Viewpoint
2008-12-18 23:24 --d----- c:\progra~2\Viewpoint
2008-12-18 23:24 --d----- c:\program files\Viewpoint
2008-12-18 23:24 --d----- c:\programdata\acccore
2008-12-18 23:24 --d----- c:\progra~2\acccore
2008-12-18 23:23 --d----- c:\programdata\AOL OCP
2008-12-18 23:23 --d----- c:\programdata\AOL
2008-12-18 23:23 --d----- c:\program files\common files\AOL
2008-12-18 23:23 --d----- c:\program files\AIM6
2008-12-18 23:23 354 a---h--- C:\IPH.PH
2008-12-17 00:14 --d----- c:\users\acer\Incomplete
2008-12-17 00:13 --d----- c:\users\acer\appdata\roaming\LimeWire
2008-12-17 00:13 --d----- c:\program files\LimeWire
2008-12-17 00:00 --d----- c:\program files\Audacity 1.3 Beta (Unicode)
2008-12-16 16:09 --d----- c:\users\acer\Graal
2008-12-16 16:09 --dsh--- c:\users\acer\appdata\roaming\.#
2008-12-16 12:29 --d----- c:\users\acer\appdata\roaming\ooVoo Details
2008-12-16 12:29 --d----- c:\users\acer\appdata\roaming\oovooToolbar
2008-12-16 12:29 --d----- c:\program files\oovooToolbar
2008-12-16 12:29 --d----- c:\program files\ooVoo
2008-12-13 12:16 --d----- c:\users\acer\appdata\roaming\Palo Alto Software
2008-12-13 12:15 --d----- c:\program files\common files\MSSoap
2008-12-13 12:15 --d----- c:\program files\common files\Intuit
2008-12-13 12:15 --d----- c:\programdata\Palo Alto Software
2008-12-13 12:15 --d----- c:\program files\common files\Palo Alto Software
2008-12-13 12:15 --d----- c:\progra~2\Palo Alto Software
2008-12-13 12:15 --d----- c:\program files\Palo Alto Software
2008-12-13 12:14 --d----- c:\programdata\PAS
2008-12-13 12:14 --d----- c:\progra~2\PAS
2008-12-12 16:16 --d----- c:\programdata\vsosdk
2008-12-12 16:16 --d----- c:\progra~2\vsosdk
2008-12-12 15:34 87,608 a------- c:\users\acer\appdata\roaming\inst.exe
2008-12-12 15:34 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2008-12-12 15:34 47,360 a------- c:\users\acer\appdata\roaming\pcouffin.sys
2008-12-12 15:34 --d----- c:\program files\DVDFab 5
2008-12-12 03:01 2,048 a------- c:\windows\system32\tzres.dll
2008-12-11 18:33 827,392 a------- c:\windows\system32\L6DriverControlPanel.cpl
2008-12-11 17:13 2,923,520 a------- c:\windows\explorer.exe

==================== Find3M ====================

2009-01-01 03:20 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-01 03:20 51,200 a------- c:\windows\inf\infpub.dat
2008-12-30 01:26 86,016 a------- c:\windows\inf\infstor.dat
2008-12-12 03:11 174 a--sh--- c:\program files\desktop.ini
2008-12-07 22:14 1,071,243,792 a------- c:\program files\MSSetupv62N.exe
2008-12-03 09:53 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-28 04:01 268,800 a------- c:\windows\system32\es.dll
2008-11-26 15:16 665,600 a------- c:\windows\inf\drvindex.dat
2008-11-26 13:31 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2008-11-26 13:31 272,896 a------- c:\windows\system32\polstore.dll
2008-11-26 13:31 61,440 a------- c:\windows\system32\winipsec.dll
2008-11-26 13:31 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2008-11-26 13:31 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-11-26 13:31 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2008-11-26 13:31 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2008-11-26 13:30 194,560 a------- c:\windows\system32\WebClnt.dll
2008-11-26 13:30 110,080 a------- c:\windows\system32\drivers\mrxdav.sys
2008-11-26 13:28 1,244,672 a------- c:\windows\system32\mcmde.dll
2008-11-26 13:28 428,032 a------- c:\windows\system32\EncDec.dll
2008-11-26 13:28 292,352 a------- c:\windows\system32\psisdecd.dll
2008-11-26 13:27 1,060,920 a------- c:\windows\system32\drivers\ntfs.sys
2008-11-26 13:27 41,984 a------- c:\windows\system32\drivers\monitor.sys
2008-11-26 13:26 211,456 a------- c:\windows\system32\drivers\mrxsmb10.sys
2008-11-26 13:25 303,616 a------- c:\windows\system32\wmpeffects.dll
2008-11-26 13:25 2,027,520 a------- c:\windows\system32\win32k.sys
2008-11-26 13:25 1,194,496 a------- c:\windows\system32\msxml3.dll
2008-11-26 13:25 2,048 a------- c:\windows\system32\msxml3r.dll
2008-11-26 13:23 109,624 a------- c:\windows\system32\drivers\ataport.sys
2008-11-26 13:23 45,112 a------- c:\windows\system32\drivers\pciidex.sys
2008-11-26 13:23 21,560 a------- c:\windows\system32\drivers\atapi.sys
2008-11-26 13:23 17,464 a------- c:\windows\system32\drivers\intelide.sys
2008-11-26 13:23 211,000 a------- c:\windows\system32\drivers\volsnap.sys
2008-11-26 13:23 154,624 a------- c:\windows\system32\drivers\nwifi.sys
2008-11-26 13:23 803,328 a------- c:\windows\system32\drivers\tcpip.sys
2008-11-26 13:23 216,632 a------- c:\windows\system32\drivers\netio.sys
2008-11-26 13:23 167,424 a------- c:\windows\system32\tcpipcfg.dll
2008-11-26 13:23 24,064 a------- c:\windows\system32\netcfg.exe
2008-11-26 13:23 22,016 a------- c:\windows\system32\netiougc.exe
2008-11-26 13:20 1,585,664 a------- c:\windows\system32\setupapi.dll
2008-11-26 13:19 223,232 a------- c:\windows\system32\WMASF.DLL
2008-11-26 13:19 9,728 a------- c:\windows\system32\LAPRXY.DLL
2008-11-26 13:19 2,048 a------- c:\windows\system32\asferror.dll
2008-11-26 13:19 290,304 a------- c:\windows\system32\drivers\srv.sys
2008-11-26 13:18 712,192 a------- c:\windows\system32\WindowsCodecs.dll
2008-11-26 13:18 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-11-26 13:18 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-11-26 13:18 441,856 a------- c:\windows\system32\win32spl.dll
2008-11-26 13:18 37,376 a------- c:\windows\system32\printcom.dll
2008-11-26 13:17 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2008-11-26 13:17 14,848 a------- c:\windows\system32\wshrm.dll
2008-11-26 13:17 11,776 a------- c:\windows\system32\sbunattend.exe
2008-11-26 13:17 83,968 a------- c:\windows\system32\dnsrslvr.dll
2008-11-26 13:17 24,576 a------- c:\windows\system32\dnscacheugc.exe
2008-11-26 13:16 130,048 a------- c:\windows\system32\drivers\srv2.sys
2008-11-26 13:16 101,888 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-11-26 13:16 84,992 a------- c:\windows\system32\drivers\srvnet.sys
2008-11-26 13:16 58,368 a------- c:\windows\system32\drivers\mrxsmb20.sys
2008-11-26 13:16 148,992 a------- c:\windows\system32\drivers\ks.sys
2008-11-26 13:16 737,792 a------- c:\windows\system32\inetcomm.dll
2008-11-26 13:16 84,480 a------- c:\windows\system32\INETRES.dll
2008-11-26 13:16 1,645,568 a------- c:\windows\system32\connect.dll
2008-11-26 13:15 1,327,104 a------- c:\windows\system32\quartz.dll
2008-11-26 13:14 3,505,208 a------- c:\windows\system32\ntkrnlpa.exe
2008-11-26 13:14 3,470,904 a------- c:\windows\system32\ntoskrnl.exe
2008-11-26 13:14 1,341,440 a------- c:\windows\system32\msxml6.dll
2008-11-26 13:13 2,048 a------- c:\windows\system32\msxml6r.dll
2008-11-26 12:33 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-11-26 12:32 83,456 a------- c:\windows\system32\wudriver.dll
2008-11-26 12:32 162,064 a------- c:\windows\system32\wuwebv.dll
2008-11-26 12:32 31,232 a------- c:\windows\system32\wuapp.exe
2008-11-03 21:31 319,456 a------- c:\windows\DIFxAPI.dll
2008-11-03 21:31 315,392 a------- c:\windows\HideWin.exe
2008-10-31 22:33 1,687,040 a------- c:\windows\system32\gameux.dll
2008-10-31 22:33 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-10-31 22:33 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2008-10-31 22:33 537,600 a------- c:\windows\apppatch\AcLayers.dll
2008-10-31 22:33 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2008-10-31 22:33 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-31 22:33 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-10-31 18:38 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-31 18:23 2,560 a------- c:\windows\apppatch\AcRes.dll
2008-10-24 17:29 167,936 a------- c:\windows\system32\l6ux2.dll
2008-10-21 00:16 297,472 a------- c:\windows\system32\gdi32.dll
2008-10-15 23:40 826,368 a------- c:\windows\system32\wininet.dll
2008-10-15 23:40 56,320 a------- c:\windows\system32\iesetup.dll
2008-10-15 23:40 26,624 a------- c:\windows\system32\ieUnatt.exe
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 11:37:06.38 ===============

cody
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-01-10
OS OS : Vista
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Dreaded Troj/Rustok-N

Post by Belahzur on 10th January 2009, 4:52 pm

I'm not seeing any signs of a rootkit here.
Still having problems?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Dreaded Troj/Rustok-N

Post by cody on 10th January 2009, 5:01 pm

It just decided it didn't want to be there anymore =\
Thanks a lot for whatever you did.. A appreciate it. =]

cody
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-01-10
OS OS : Vista
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Dreaded Troj/Rustok-N

Post by Belahzur on 10th January 2009, 5:07 pm

Please delete the avenger and DDS.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Dreaded Troj/Rustok-N

Post by cody on 10th January 2009, 5:23 pm

Will do, good sir. Thanks a lot for all you've done! =]

cody
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-01-10
OS OS : Vista
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Dreaded Troj/Rustok-N

Post by Doctor Inferno on 2nd March 2009, 10:03 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104620
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum