WiredWX Hobby Weather ToolsLog in

 


descriptionSolvedTroj/Rustok-N

more_horiz
Same story as everyone else, certain websites tell me something like "Your computer (IP: xx.xxx.xx.xxx) generates an attacking DOS requests at our servers caused by the spyware/virus named 'Troj/Rustok-N" I have read and gone through all the other topics concerning Troj/Rustok-N, but I still need help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:48 PM, on 1/3/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Live\Messenger\livecall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5474
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5474
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5474
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\Windows\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AntiMalwareProMFCT] C:\Program Files\AntiMalwarePro\AntiMalwarePro.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

descriptionSolvedRe: Troj/Rustok-N

more_horiz
Hello.


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKCU\..\Run: [AntiMalwareProMFCT] C:\Program Files\AntiMalwarePro\AntiMalwarePro.exe


  • Press "Fix Checked"
  • Close Hijack This.


Delete this folder in bold:
C:\Program Files\AntiMalwarePro

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionSolvedRe: Troj/Rustok-N

more_horiz
Malwarebytes' Anti-Malware 1.31
Database version: 1604
Windows 6.0.6000

1/3/2009 7:16:25 PM
mbam-log-2009-01-03 (19-16-25).txt

Scan type: Quick Scan
Objects scanned: 47153
Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Spyware.Passwords) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Spyware.Passwords) -> Delete on reboot.
C:\WINDOWS\System32\msqpdxfxxnhtmg.dll (Trojan.TDSS) -> Delete on reboot.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\drivers\msqpdxdhhbwntm.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\drivers\msqpdxjiedgcmp.sys (Trojan.Agent) -> Quarantined and deleted successfully.

descriptionSolvedRe: Troj/Rustok-N

more_horiz
Okay, lets see what remains.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
    Link 3
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Click No for Optional Scan.
  • Save the report to your Desktop.
  • Copy and paste the report back here.

descriptionSolvedRe: Troj/Rustok-N

more_horiz
DDS (Version 1.1.0) - NTFSx86
Run by Astrobiologist at 21:56:11.79 on Sat 01/03/2009
Internet Explorer: 7.0.6000.16764
Microsoft®️ Windows Vista™️ Home Premium 6.0.6000.0.1252.1.1033.18.2046.1076 [GMT -5:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Astrobiologist\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5474
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5474
uInternet Settings,ProxyOverride =
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5474
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [BigFix] c:\program files\bigfix\bigfix.exe /atstartup
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mRunOnce: [NSSInstallation] c:\windows\system32\adobe\shockwave 11\nssstub.exe /RunOnce
mPolicies-system: EnableLUA = 0 (0x0)
IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\astrob~1\appdata\roaming\mozilla\firefox\profiles\3i4ninds.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbda.sys [2007-5-28 147328]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2009-01-03 21:25 --d----- c:\program files\common files\Symantec Shared
2009-01-03 21:25 --d----- c:\program files\Norton Security Scan
2009-01-03 19:19 0 a------- c:\windows\system32\MSVolume.dll
2009-01-03 19:09 --d----- c:\users\astrob~1\appdata\roaming\Malwarebytes
2009-01-03 19:09 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-03 19:08 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 19:08 --d----- c:\programdata\Malwarebytes
2009-01-03 19:08 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-03 19:08 --d----- c:\progra~2\Malwarebytes
2009-01-03 16:21 --d----- c:\windows\nvtmpinst
2009-01-03 06:25 --d----- c:\windows\system32\Adobe
2009-01-01 20:55 --d----- c:\program files\Lavalys
2009-01-01 00:43 --d----- c:\windows\system32\AGEIA
2009-01-01 00:29 --d----- c:\windows\nvidia icons
2009-01-01 00:20 --d----- C:\NVIDIA
2009-01-01 00:03 3,863,497 a------- c:\windows\system32\nvlddmkm.sy_
2008-12-31 23:44 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-12-31 22:57 --d----- c:\program files\DriverCleanerDotNET
2008-12-31 22:10 --d----- c:\programdata\Avira
2008-12-31 22:10 --d----- c:\program files\Avira
2008-12-31 22:10 --d----- c:\progra~2\Avira
2008-12-31 21:19 --d----- c:\program files\Trend Micro
2008-12-31 20:50 --d----- C:\sav_install
2008-12-31 15:09 --d----- c:\program files\PowerISO
2008-12-30 12:39 31 a------- c:\users\astrobiologist\jagex_runescape_preferences.dat
2008-12-30 12:38 --d----- c:\windows\.jagex_cache_32
2008-12-29 19:32 --d----- c:\programdata\Media Center Programs
2008-12-29 19:32 --d----- c:\progra~2\Media Center Programs
2008-12-29 19:23 25 a------- c:\windows\cdplayer.ini
2008-12-28 23:21 --d----- c:\programdata\Pinnacle Studio Ultimate
2008-12-28 23:21 --d----- c:\progra~2\Pinnacle Studio Ultimate
2008-12-28 23:19 --d----- c:\programdata\Studio 12
2008-12-28 23:19 --d----- c:\programdata\Pinnacle Studio Plus
2008-12-28 23:19 --d----- c:\program files\Pinnacle
2008-12-28 23:19 --d----- c:\program files\common files\Yahoo!
2008-12-28 23:19 --d----- c:\progra~2\Studio 12
2008-12-28 23:19 --d----- c:\progra~2\Pinnacle Studio Plus
2008-12-28 23:15 --d----- c:\programdata\Pinnacle
2008-12-27 22:33 --d----- c:\users\astrob~1\appdata\roaming\.purple
2008-12-27 22:33 --d----- c:\program files\Pidgin
2008-12-27 22:33 --d----- c:\program files\common files\GTK
2008-12-27 18:39 --d----- c:\programdata\PC Drivers HeadQuarters
2008-12-27 18:39 --d----- c:\progra~2\PC Drivers HeadQuarters
2008-12-27 18:39 --d----- c:\program files\PC Drivers HeadQuarters
2008-12-27 02:37 56 a---h--- c:\windows\system32\ezsidmv.dat
2008-12-27 02:36 --d----- c:\program files\Skype
2008-12-27 02:36 --d----- c:\programdata\Skype
2008-12-27 00:58 --d----- c:\program files\Lavasoft
2008-12-27 00:58 --d----- c:\programdata\Lavasoft
2008-12-27 00:28 --d----- c:\program files\Ventrilo
2008-12-27 00:28 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-27 00:23 208,469,513 a------- c:\windows\MEMORY.DMP
2008-12-26 23:57 255 ---shr-- C:\autorun.inf
2008-12-26 23:30 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2008-12-26 23:30 61,440 a------- c:\windows\system32\winipsec.dll
2008-12-26 23:30 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2008-12-26 23:30 272,896 a------- c:\windows\system32\polstore.dll
2008-12-26 23:28 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-12-26 23:28 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2008-12-26 23:28 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2008-12-26 23:28 205,824 a------- c:\windows\system32\msoeacct.dll
2008-12-26 23:28 87,040 a------- c:\windows\system32\msoert2.dll
2008-12-26 23:28 39,424 a------- c:\windows\system32\ACCTRES.dll
2008-12-26 23:26 194,560 a------- c:\windows\system32\WebClnt.dll
2008-12-26 23:26 110,080 a------- c:\windows\system32\drivers\mrxdav.sys
2008-12-26 23:24 1,244,672 a------- c:\windows\system32\mcmde.dll
2008-12-26 23:24 428,032 a------- c:\windows\system32\EncDec.dll
2008-12-26 23:24 292,352 a------- c:\windows\system32\psisdecd.dll
2008-12-26 23:24 217,088 a------- c:\windows\system32\psisrndr.ax
2008-12-26 23:24 177,152 a------- c:\windows\system32\mpg2splt.ax
2008-12-26 23:24 80,896 a------- c:\windows\system32\MSNP.ax
2008-12-26 23:24 68,608 a------- c:\windows\system32\Mpeg2Data.ax
2008-12-26 23:24 57,856 a------- c:\windows\system32\MSDvbNP.ax
2008-12-26 23:24 376,320 a------- c:\windows\system32\winsrv.dll
2008-12-26 23:24 49,664 a------- c:\windows\system32\csrsrv.dll
2008-12-26 23:22 297,472 a------- c:\windows\system32\gdi32.dll
2008-12-26 23:21 1,060,920 a------- c:\windows\system32\drivers\ntfs.sys
2008-12-26 23:21 41,984 a------- c:\windows\system32\drivers\monitor.sys
2008-12-26 23:19 211,456 a------- c:\windows\system32\drivers\mrxsmb10.sys
2008-12-26 23:18 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-26 23:18 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-26 23:18 1,687,040 a------- c:\windows\system32\gameux.dll
2008-12-26 23:17 303,616 a------- c:\windows\system32\wmpeffects.dll
2008-12-26 23:16 2,027,520 a------- c:\windows\system32\win32k.sys
2008-12-26 23:15 1,194,496 a------- c:\windows\system32\msxml3.dll
2008-12-26 23:15 2,048 a------- c:\windows\system32\msxml3r.dll
2008-12-26 23:14 414,208 a------- c:\windows\system32\msscp.dll
2008-12-26 23:14 8,147,968 a------- c:\windows\system32\wmploc.DLL
2008-12-26 23:14 7,680 a------- c:\windows\system32\spwmp.dll
2008-12-26 23:14 4,096 a------- c:\windows\system32\dxmasf.dll
2008-12-26 23:14 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2008-12-26 23:14 4,096 a------- c:\windows\system32\msdxm.ocx
2008-12-26 23:13 396,800 a------- c:\windows\system32\MPSSVC.dll
2008-12-26 23:13 392,192 a------- c:\windows\system32\FirewallAPI.dll
2008-12-26 23:13 63,488 a------- c:\windows\system32\drivers\mpsdrv.sys
2008-12-26 23:13 178,688 a------- c:\windows\system32\iphlpsvc.dll
2008-12-26 23:13 86,016 a------- c:\windows\system32\icfupgd.dll
2008-12-26 23:13 61,952 a------- c:\windows\system32\cmifw.dll
2008-12-26 23:13 23,040 a------- c:\windows\system32\drivers\tunnel.sys
2008-12-26 23:13 16,896 a------- c:\windows\system32\wfapigp.dll
2008-12-26 23:13 15,360 a------- c:\windows\system32\drivers\TUNMP.SYS
2008-12-26 23:08 45,112 a------- c:\windows\system32\drivers\pciidex.sys
2008-12-26 23:08 21,560 a------- c:\windows\system32\drivers\atapi.sys
2008-12-26 23:08 15,928 a------- c:\windows\system32\drivers\pciide.sys
2008-12-26 23:08 211,000 a------- c:\windows\system32\drivers\volsnap.sys
2008-12-26 23:08 154,624 a------- c:\windows\system32\drivers\nwifi.sys
2008-12-26 23:08 109,624 a------- c:\windows\system32\drivers\ataport.sys
2008-12-26 23:08 2,923,520 a------- c:\windows\explorer.exe
2008-12-26 23:05 803,328 a------- c:\windows\system32\drivers\tcpip.sys
2008-12-26 23:05 216,632 a------- c:\windows\system32\drivers\netio.sys
2008-12-26 23:05 167,424 a------- c:\windows\system32\tcpipcfg.dll
2008-12-26 23:05 24,064 a------- c:\windows\system32\netcfg.exe
2008-12-26 23:05 22,016 a------- c:\windows\system32\netiougc.exe
2008-12-26 23:02 1,585,664 a------- c:\windows\system32\setupapi.dll
2008-12-26 23:00 223,232 a------- c:\windows\system32\WMASF.DLL
2008-12-26 23:00 9,728 a------- c:\windows\system32\LAPRXY.DLL
2008-12-26 23:00 2,048 a------- c:\windows\system32\asferror.dll
2008-12-26 23:00 290,304 a------- c:\windows\system32\drivers\srv.sys
2008-12-26 23:00 566,784 a------- c:\windows\system32\SLCommDlg.dll
2008-12-26 23:00 268,288 a------- c:\windows\system32\mcbuilder.exe
2008-12-26 23:00 223,232 a------- c:\windows\system32\SLC.dll

descriptionSolvedRe: Troj/Rustok-N

more_horiz
2008-12-26 23:00 33,280 a------- c:\windows\system32\slwmi.dll
2008-12-26 23:00 2,605,568 a------- c:\windows\system32\SLsvc.exe
2008-12-26 23:00 351,232 a------- c:\windows\system32\SLUI.exe
2008-12-26 23:00 186,368 a------- c:\windows\system32\SLLUA.exe
2008-12-26 23:00 57,856 a------- c:\windows\system32\SLUINotify.dll
2008-12-26 23:00 39,936 a------- c:\windows\system32\slcinst.dll
2008-12-26 22:59 712,192 a------- c:\windows\system32\WindowsCodecs.dll
2008-12-26 22:59 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-12-26 22:59 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-12-26 22:57 11,776 a------- c:\windows\system32\sbunattend.exe
2008-12-26 22:56 1,327,104 a------- c:\windows\system32\quartz.dll
2008-12-26 22:44 1,383,424 a------- c:\windows\system32\mshtml.tlb
2008-12-26 22:42 2,048 a------- c:\windows\system32\tzres.dll
2008-12-26 22:40 53,760 a------- c:\windows\system32\drivers\hdaudbus.sys
2008-12-26 22:38 788,992 a------- c:\windows\system32\rpcrt4.dll
2008-12-26 22:37 737,792 a------- c:\windows\system32\inetcomm.dll
2008-12-26 22:37 84,480 a------- c:\windows\system32\INETRES.dll
2008-12-26 22:35 1,645,568 a------- c:\windows\system32\connect.dll
2008-12-26 22:34 152,576 a------- c:\windows\system32\imagehlp.dll
2008-12-26 22:34 12,800 a------- c:\windows\system32\drivers\fs_rec.sys
2008-12-26 22:34 5,120 a------- c:\windows\system32\wmi.dll
2008-12-26 22:33 --d----- c:\program files\MSXML 4.0
2008-12-26 22:32 99,840 a------- c:\windows\system32\poqexec.exe
2008-12-26 22:31 3,505,208 a------- c:\windows\system32\ntkrnlpa.exe
2008-12-26 22:31 3,470,904 a------- c:\windows\system32\ntoskrnl.exe
2008-12-26 22:31 633,856 a------- c:\windows\system32\user32.dll
2008-12-26 22:30 1,341,440 a------- c:\windows\system32\msxml6.dll
2008-12-26 22:30 2,048 a------- c:\windows\system32\msxml6r.dll
2008-12-26 22:27 750,080 a------- c:\windows\system32\qmgr.dll
2008-12-26 22:17 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2008-12-26 22:15 --d----- c:\windows\system32\directx
2008-12-26 21:56 --d----- c:\programdata\NVIDIA
2008-12-26 21:52 --d----- c:\program files\common files\Wise Installation Wizard
2008-12-26 21:45 78,093 a------- c:\windows\War3Unin.dat
2008-12-26 21:45 139,264 a------- c:\windows\War3Unin.exe
2008-12-26 21:45 2,829 a------- c:\windows\War3Unin.pif
2008-12-26 21:43 --d----- c:\program files\SystemRequirementsLab
2008-12-26 21:27 986,624 a------- c:\windows\system32\drivers\HSX_DPV.sys
2008-12-26 21:27 659,968 a------- c:\windows\system32\drivers\HSX_CNXT.sys
2008-12-26 21:27 386,560 a------- c:\windows\system32\drivers\XAudio.exe
2008-12-26 21:27 258,048 a------- c:\windows\system32\drivers\HSXHWBS2.sys
2008-12-26 21:27 172,032 a------- c:\windows\system32\Uci32114.dll
2008-12-26 21:27 144,201 a------- c:\windows\system32\drivers\HSFProf.cty
2008-12-26 21:27 94,208 a------- c:\windows\system32\mdmxsdk.dll
2008-12-26 21:27 12,672 a------- c:\windows\system32\drivers\mdmxsdk.sys
2008-12-26 21:27 8,192 a------- c:\windows\system32\drivers\XAudio.sys
2008-12-26 21:27 --d----- c:\windows\I386
2008-12-26 21:24 --d----- c:\windows\SMINST
2008-12-26 20:39 --d----- c:\program files\common files\xing shared
2008-12-26 20:39 499,712 a------- c:\windows\system32\msvcp71.dll
2008-12-26 20:39 348,160 a------- c:\windows\system32\msvcr71.dll
2008-12-26 20:39 --d----- c:\program files\common files\Real
2008-12-26 20:13 --d----- c:\program files\CryptLoad
2008-12-26 20:10 --d----- c:\program files\VideoLAN
2008-12-26 20:07 129,784 -------- c:\windows\system32\pxafs.dll
2008-12-26 20:03 --d----- c:\program files\uTorrent
2008-12-26 20:03 --d----- c:\users\astrob~1\appdata\roaming\uTorrent
2008-12-26 19:57 --d----- c:\program files\common files\Software Update Utility
2008-12-26 19:57 --d----- c:\programdata\AIM Toolbar
2008-12-26 19:57 --d----- c:\program files\AIM Toolbar
2008-12-26 19:57 --d----- c:\progra~2\AIM Toolbar
2008-12-26 19:57 --d----- c:\programdata\Viewpoint
2008-12-26 19:57 --d----- c:\progra~2\Viewpoint
2008-12-26 19:57 --d----- c:\program files\Viewpoint
2008-12-26 19:57 --d----- c:\programdata\acccore
2008-12-26 19:57 --d----- c:\progra~2\acccore
2008-12-26 19:57 --d----- c:\programdata\AOL OCP
2008-12-26 19:57 --d----- c:\programdata\AOL
2008-12-26 19:56 --d----- c:\program files\common files\AOL
2008-12-26 19:56 --d----- c:\program files\AIM6
2008-12-26 19:56 357 a---h--- C:\IPH.PH
2008-12-26 19:55 -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-12-26 19:54 --d----- c:\programdata\WLInstaller
2008-12-26 19:51 --d----- c:\program files\Guild Wars
2008-12-26 19:32 --d----- c:\users\Astrobiologist
2008-12-26 19:19 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-12-26 19:18 162,064 a------- c:\windows\system32\wuwebv.dll
2008-12-26 19:18 31,232 a------- c:\windows\system32\wuapp.exe
2008-12-26 19:18 --dsh--- c:\programdata\Documents
2008-12-26 19:18 --dsh--- C:\Documents and Settings
2008-12-26 19:06 --dsh--- C:\$RECYCLE.BIN
2008-12-26 19:05 974,336 a------- c:\windows\system32\crypt32.dll
2008-12-26 19:04 104,448 a------- c:\windows\system32\DWWIN.EXE
2008-12-26 19:03 74,752 a------- c:\windows\system32\drivers\rasl2tp.sys
2008-12-26 19:03 60,928 a------- c:\windows\system32\drivers\raspptp.sys
2008-12-26 19:02 135,680 a------- c:\windows\system32\wusa.exe
2008-12-26 19:01 229,888 a------- c:\windows\system32\msshsq.dll
2008-12-26 18:58 223,744 a------- c:\windows\system32\drivers\usbport.sys
2008-12-26 18:58 191,488 a------- c:\windows\system32\drivers\usbhub.sys
2008-12-26 18:58 38,400 a------- c:\windows\system32\drivers\usbehci.sys
2008-12-26 18:58 19,456 a------- c:\windows\system32\drivers\usbohci.sys
2008-12-26 18:58 8,704 a------- c:\windows\system32\hccoin.dll
2008-12-26 18:58 5,888 a------- c:\windows\system32\drivers\usbd.sys
2008-12-26 18:57 500,224 a------- c:\windows\system32\msdtcprx.dll
2008-12-26 18:57 30,208 a------- c:\windows\system32\xolehlp.dll
2008-12-26 18:54 --d----- c:\programdata\McAfee
2008-12-26 18:54 12,840 a------- c:\windows\BigFixClientOverride.dll
2008-12-26 18:54 --d----- c:\program files\BigFix
2008-12-26 18:54 --d----- C:\Documents
2008-12-26 18:54 --d----- c:\programdata\Napster
2008-12-26 18:54 --d----- c:\progra~2\Napster
2008-12-26 18:53 --d----- C:\google
2008-12-26 18:53 --d----- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-12-26 18:53 --d----- c:\progra~2\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-12-26 18:53 --d----- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2008-12-26 18:53 --d----- c:\program files\NetZero
2008-12-26 18:52 --d----- c:\program files\Acceller
2008-12-26 18:52 --d----- c:\program files\Microsoft Money 2006
2008-12-26 18:51 --d----- c:\program files\AOL 9.0
2008-12-26 18:51 69,632 a------- c:\windows\system32\javacpl.cpl
2008-12-26 18:51 4 a------- c:\windows\Pix11.dat
2008-12-26 18:51 --d----- c:\program files\Microsoft Digital Image 2006
2008-12-26 18:51 0 a------- c:\windows\system32\drivers\Gateway_GM5474_MCP61PM-AM_CCX7631005718.MRK
2008-12-26 18:51 0 a------- c:\windows\system32\drivers\Gateway_GM5474_MCP61PM-AM_0000000000.MRK
2008-12-26 18:50 --d-h--- c:\windows\msdownld.tmp
2008-12-26 18:50 --d----- c:\programdata\Google
2008-12-26 18:49 32,592 a------- c:\windows\system32\msonpmon.dll
2008-12-26 18:49 --d----- c:\windows\PCHEALTH
2008-12-26 18:47 --d----- c:\programdata\Microsoft Help
2008-12-26 18:46 --d----- c:\programdata\Adobe
2008-12-26 18:46 --d----- c:\programdata\Windows
2008-12-26 18:46 --d----- c:\progra~2\Windows
2008-12-26 18:46 --d----- c:\program files\MSN Encarta Plus
2008-12-26 18:45 --d----- C:\Graphics
2008-12-26 18:45 24,536 a------- c:\windows\system32\gateway.bmp
2008-12-26 18:45 --d----- c:\program files\AMDLive
2008-12-26 18:45 --d----- c:\program files\Gateway
2008-12-26 18:42 --d----- c:\program files\Digital Media Reader
2008-12-26 18:42 --d----- c:\program files\Gateway Games
2008-12-26 18:42 --d----- c:\programdata\WildTangent
2008-12-26 18:42 --d----- c:\progra~2\WildTangent
2008-12-26 18:41 --d----- c:\windows\Downloaded Installations
2008-12-26 18:41 --d----- c:\windows\system32\RTCOM
2008-12-26 18:40 --d----- c:\program files\Realtek
2008-12-26 18:38 --d----- c:\program files\Marvell
2008-12-26 18:38 --dsh--- c:\windows\Installer
2008-12-26 18:38 2 ---shr-- C:\USER
2008-12-26 18:35 --d----- c:\program files\CONEXANT

==================== Find3M ====================

2009-01-03 16:21 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-03 16:21 51,200 a------- c:\windows\inf\infpub.dat
2009-01-01 00:41 86,016 a------- c:\windows\inf\infstor.dat
2008-12-26 23:36 174 a--sh--- c:\program files\desktop.ini
2008-12-26 23:31 665,600 a------- c:\windows\inf\drvindex.dat
2008-12-26 23:27 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2008-12-26 23:27 258,232 a------- c:\windows\system32\drivers\acpi.sys
2008-12-26 23:27 28,344 a------- c:\windows\system32\drivers\battc.sys
2008-12-26 23:27 24,064 a------- c:\windows\system32\wtsapi32.dll
2008-12-26 23:27 20,920 a------- c:\windows\system32\drivers\compbatt.sys
2008-12-26 23:27 542,720 a------- c:\windows\system32\sysmain.dll
2008-12-26 23:27 502,784 a------- c:\windows\system32\wlansvc.dll
2008-12-26 23:27 297,984 a------- c:\windows\system32\wlansec.dll
2008-12-26 23:27 290,816 a------- c:\windows\system32\wlanmsm.dll
2008-12-26 23:27 67,584 a------- c:\windows\system32\wlanhlp.dll
2008-12-26 23:27 47,104 a------- c:\windows\system32\wlanapi.dll
2008-12-26 23:18 2,560 a------- c:\windows\apppatch\AcRes.dll
2008-12-26 23:18 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2008-12-26 23:18 537,600 a------- c:\windows\apppatch\AcLayers.dll
2008-12-26 23:18 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2008-12-26 23:18 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-12-26 23:18 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-12-26 23:06 826,368 a------- c:\windows\system32\wininet.dll
2008-12-26 23:06 26,624 a------- c:\windows\system32\ieUnatt.exe
2008-12-26 23:06 56,320 a------- c:\windows\system32\iesetup.dll
2008-12-26 23:01 905,400 a------- c:\windows\system32\winresume.exe
2008-12-26 22:58 269,824 a------- c:\windows\system32\schannel.dll
2008-12-26 22:57 83,968 a------- c:\windows\system32\dnsrslvr.dll
2008-12-26 22:57 24,576 a------- c:\windows\system32\dnscacheugc.exe
2008-12-26 22:57 2,855,424 a------- c:\windows\system32\mf.dll
2008-12-26 22:57 98,816 a------- c:\windows\system32\mfps.dll
2008-12-26 22:57 52,736 a------- c:\windows\system32\rrinstaller.exe
2008-12-26 22:57 24,576 a------- c:\windows\system32\mfpmp.exe
2008-12-26 22:57 2,048 a------- c:\windows\system32\mferror.dll
2008-12-26 22:57 94,720 a------- c:\windows\system32\logagent.exe
2008-12-26 22:57 996,352 a------- c:\windows\system32\WMNetMgr.dll
2008-12-26 22:57 101,888 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-12-26 22:57 58,368 a------- c:\windows\system32\drivers\mrxsmb20.sys
2008-12-26 22:57 130,048 a------- c:\windows\system32\drivers\srv2.sys
2008-12-26 22:57 84,992 a------- c:\windows\system32\drivers\srvnet.sys
2008-12-26 19:03 160,872 a------- c:\windows\system32\halmacpi.dll
2008-12-26 19:03 134,760 a------- c:\windows\system32\halacpi.dll
2008-12-26 18:40 319,456 a------- c:\windows\DIFxAPI.dll
2008-12-26 18:40 315,392 a------- c:\windows\HideWin.exe
2008-12-02 23:11 1,560,576 a------- c:\windows\system32\nvcuda.dll
2008-12-02 23:11 1,286,144 a------- c:\windows\system32\nvsvs.dll
2008-12-02 23:11 801,312 a------- c:\windows\system32\nvcplui.exe
2008-12-02 23:11 122,880 a------- c:\windows\system32\nvcod135.dll
2008-12-02 23:11 4,160 a------- c:\windows\system32\drivers\nvBridge.kmd
2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2008-10-13 09:56 70,936 a------- c:\windows\system32\PhysXLoader.dll
2008-10-10 04:52 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2008-10-10 04:52 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2008-10-10 04:52 452,440 a------- c:\windows\system32\d3dx10_40.dll
2008-10-07 13:33 795,104 a------- c:\windows\system32\dpinst.exe
2008-10-07 13:33 704,512 a------- c:\windows\system32\nvsvsr.dll
2008-10-07 13:33 122,880 a------- c:\windows\system32\nvcod134.dll
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 21:56:48.29 ===============

descriptionSolvedRe: Troj/Rustok-N

more_horiz
Hello.

Please download the Pocket Killbox from HERE

1. Open the Killbox.
2. Under "Full path of file to delete", copy and paste in the following:

c:\windows\system32\MSVolume.dll

3. Press the Red X to delete the file.
4. It will ask if you want to make a backup of the file we deleted, select Yes to the prompt.
5. It will now delete the file, and popup with another prompt saying so, press Ok.
6. Close the Killbox.

I see you have Viewpoint Manager, this is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". Read this article: http://www.clickz.com/news/article.php/3561546

Additional info: http://vil.nai.com/vil/content/v_137262.htm

I suggest you remove the program now.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar
Now lets make sure that Viewpoint is fully gone from the system.

  • Next, please download ViewpointKiller by Prm753 from here.
  • Save it to a permanent folder (such as C:/ViewpointKiller) and unzip it there.
  • Open ViewpointKiller, and press the Start button.
  • A log will be produced in the same folder where you unzipped it to. Please post the contents of that log in your reply.

descriptionSolvedRe: Troj/Rustok-N

more_horiz
----------------------------------
ViewpointKiller Version 1.30 (beta)

The removal process was started on Sat Jan 03 22:07:26 2009

Preparing to remove Viewpoint Media Player...



Warning accepted, beginning removal process....



ViewpointKiller determined that "aim.exe" was not running.

ViewpointKiller was able to close "aim6.exe" successfully.

ViewpointKiller was able to close "aolsoftware.exe" successfully.

ViewpointKiller determined that "aol.exe" was not running.

ViewpointKiller determined that "MtsAxInstaller.exe" was not running.



Preparing to close the Viewpoint Manager Service if it is running...

Closing "Viewpoint Manager Service" failed, or the service is not running.





Searching for all known Viewpoint Media Player registry values and keys...

Found and removed: SOFTWARE\Viewpoint

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Found and removed: SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Found and removed: CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Found and removed: CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Finished searching for and removing all known Viewpoint Media Player registry values and keys.



Searching for all known Viewpoint Media Player files and folders...

There was an error removing C:\Program Files\Viewpoint\Viewpoint Media Player. The error returned was 124.

There was an error removing C:\Program Files\Viewpoint\Viewpoint Experience Technology. The error returned was 124.

Could not delete: C:\ProgramData\Application Data\Viewpoint

There was an error removing C:\ProgramData.WINDOWS\Application Data\Viewpoint. The error returned was 124.

There was an error removing C:\Program Files\Viewpoint\Common. The error returned was 124.

Finished searching for and removing all known Viewpoint Media Player files and folders.



Finished reporting.

----------------------------------
----------------------------------
ViewpointKiller Version 1.30 (beta)

The removal process was started on Sat Jan 03 22:07:39 2009

Preparing to remove Viewpoint Manager...



ViewpointKiller determined that "viewmgr.exe" was not running.

Searching for all known Viewpoint Manager registry values and keys...

Finished searching for and removing all known Viewpoint Manager registry values and keys.



Searching for all known Viewpoint Manager files and folders...

There was an error removing C:\Program Files\Viewpoint\Viewpoint Manager. The error returned was 124.

Could not delete: C:\ProgramData\Application Data\Viewpoint

Finished searching for and removing all known Viewpoint Manager files and folders.



Finished reporting.

----------------------------------
----------------------------------
ViewpointKiller Version 1.30 (beta)

The removal process was started on Sat Jan 03 22:07:41 2009

Preparing to remove Viewpoint Toolbar...



ViewpointKiller determined that "FotomatDeviceConnect.exe" was not running.

ViewpointKiller determined that "iexplore.exe" was not running.



Searming for all known Viewpoint Toolbar registry values and keys...

Finished searching for and removing all known Viewpoint Toolbar registry values and keys.



Searching for all known Viewpoint Toolbar files and folders...

There was an error removing C:\Program Files\Viewpoint\Viewpoint Toolbar V35. The error returned was 124.

Could not delete: C:\Users\Astrobiologist\Local Settings\Application Data\Viewpoint

Could not delete: C:\ProgramData\Desktop\Fotomat.lnk

There was an error removing C:\Program Files\Viewpoint\Viewpoint Toolbar. The error returned was 124.

Could not delete: C:\ProgramData\Application Data\Viewpoint

There was an error removing C:\Program Files\Common Files\Viewpoint\Toolbar Runtime. The error returned was 124.

Finished searching for and removing all known Viewpoint Toolbar files and folders.



Finished reporting.

----------------------------------

descriptionSolvedRe: Troj/Rustok-N

more_horiz
Belahzur, I have a question if you don't mind. Is there any type of Malware that could possibly cause Display Driver failure? For instance, I'll be playing a game and after a few minutes it will start glitching and freeze. Afterwards, an error will pop-up saying something like "Display driver has stopped working and has successfully recovered". Are you familiar with this?

By the way, thanks for all the help so far. I really appreciate it.

descriptionSolvedRe: Troj/Rustok-N

more_horiz
No, haven't heard of that before, a virus would slow the machine down, but would speed back up after removal.
Best posting in the hardware forum for that help, but as for here, what problems remain?

descriptionSolvedRe: Troj/Rustok-N

more_horiz
Belahzur wrote:
No, haven't heard of that before, a virus would slow the machine down, but would speed back up after removal.
Best posting in the hardware forum for that help, but as for here, what problems remain?


Seems all the malware is gone, I am no longer getting that message. Thank you so much! Hooray!

descriptionSolvedRe: Troj/Rustok-N

more_horiz
Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.

descriptionSolvedRe: Troj/Rustok-N

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum