Thread: Win32/Rustock.gen!C help needed please!!!
View Single Post
Old 08-13-2007, 01:13 AM   #12 (permalink)
Mortson
Registered User
 
Join Date: Aug 2007
Posts: 44
OS: XP Home


Send a message via MSN to Mortson
Re: Win32/Rustock.gen!C help needed please!!!
OneCare only alerts me when the computer crashes and the computer hasn't crashed since before I started the thread.

I sent you a file like you said but in your previous post you said you wanted the last ComboFix log so here it is.


ComboFix 07-08-12.5 - "Joshua" 2007-08-12 18:50:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.227 [GMT 1:00]

ADS removed - system32: deleted 55004 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\FTPx.dll


((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))


2007-08-12 18:44 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 08:20 <DIR> d-------- C:\Program Files\Arcane Light Messenger Tools 4.1
2007-08-09 08:19 <DIR> d-------- C:\Program Files\Download Manager
2007-08-08 12:17 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(6).sys
2007-08-08 09:10 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(7).sys
2007-08-08 07:55 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(8).sys
2007-08-07 08:59 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(9).sys
2007-08-04 18:18 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(10).sys
2007-08-04 13:53 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(11).sys
2007-08-04 10:51 5,505,024 --a------ C:\DOCUME~1\Joshua\ntuser.dat
2007-08-01 07:13 <DIR> d-------- C:\Program Files\AoA Audio Extractor
2007-07-28 18:57 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-07-28 16:28 <DIR> d-------- C:\Program Files\NCH Software
2007-07-28 16:16 <DIR> d-------- C:\Program Files\YouTube Video Downloader
2007-07-19 21:44 <DIR> d-------- C:\Program Files\Chronograph
2007-07-16 19:04 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-16 19:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-16 19:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-12 07:24 <DIR> d-------- C:\Program Files\AnalogX
2007-07-12 07:19 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
2007-07-12 07:19 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
2007-07-12 07:19 <DIR> d-------- C:\Program Files\Acoustica DJ Twist And Burn
2007-07-12 07:19 <DIR> d-------- C:\DOCUME~1\Joshua\APPLIC~1\Acoustica
2007-07-12 07:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 18:54 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\OpenOffice.org2
2007-08-12 17:00 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-08-10 21:57 --------- d-------- C:\Program Files\CRB
2007-08-09 18:00 --------- d-------- C:\Program Files\NCH Swift Sound
2007-08-09 10:08 --------- d-------- C:\Program Files\GameSpy Arcade
2007-08-09 08:19 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-09 08:13 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\IGN_DLM
2007-08-08 13:03 --------- d-------- C:\Program Files\eMule
2007-08-01 17:06 --------- d-------- C:\Program Files\FST Calculator
2007-07-28 19:15 --------- d-------- C:\Program Files\Gpotato
2007-07-22 22:04 --------- d-------- C:\Program Files\Google
2007-07-09 17:52 --------- d-------- C:\Program Files\Winamp
2007-07-09 17:09 80 -r-hs---- C:\WINDOWS\system32\57906271A7.dll
2007-07-09 17:09 --------- d-------- C:\Program Files\Amond Software
2007-07-08 09:34 --------- d-------- C:\Program Files\Activision
2007-07-05 17:50 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\Reno 911 Paintball
2007-06-30 18:33 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-29 19:37 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\NCH Swift Sound
2007-06-26 17:26 --------- d-------- C:\Program Files\TalkTalk
2007-06-26 17:26 --------- d-------- C:\Program Files\SupportSoft
2007-06-26 17:26 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-26 16:39 --------- d-------- C:\Program Files\Common Files\AVSMedia
2007-06-25 19:58 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\MSN6
2007-06-24 17:51 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\Hewlett-Packard
2007-06-24 09:26 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(3).sys
2007-06-21 16:27 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(4).sys
2007-06-20 17:21 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(5).sys
2007-06-19 17:04 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(2).sys
2007-06-13 21:24 --------- d-------- C:\Program Files\Canon
2007-06-11 22:15 203264 --a------ C:\WINDOWS\system32\MCW32.DLL
2007-06-07 22:17 876032 --a------ C:\WINDOWS\system32\VFP6RENU.DLL
2007-06-07 22:17 69632 --a------ C:\WINDOWS\system32\DZSTACTX.DLL
2007-06-07 22:17 6656 --a------ C:\WINDOWS\system32\FOXHHELPPS.DLL
2007-06-07 22:17 61440 --a------ C:\WINDOWS\system32\WWIPSTUF.DLL
2007-06-07 22:17 3373328 --a------ C:\WINDOWS\system32\VFP6R.DLL
2007-06-07 22:17 26112 --a------ C:\WINDOWS\system32\FOXHHELP.EXE
2007-06-07 22:17 24990 --a------ C:\WINDOWS\system32\VFP6RUN.EXE
2007-06-07 22:17 249856 --a------ C:\WINDOWS\system32\DZACTX.DLL
2007-06-07 22:17 229376 --a------ C:\WINDOWS\system32\DUZACTX.DLL
2007-06-07 22:17 120056 --a------ C:\WINDOWS\system32\PINGX.DLL
2007-06-07 22:17 118784 --a------ C:\WINDOWS\system32\RASX.DLL
2007-05-16 16:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 16:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 16:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 16:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 16:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 09:34]
"nForce Tray Options"="sstray.exe" [2002-12-05 13:23 C:\WINDOWS\system32\sstray.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-25 01:00]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [2005-08-16 00:12]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-08 19:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57]
"Chronograph"="C:\Program Files\Chronograph\chrono.exe" [2007-04-24 22:38]

C:\Documents and Settings\Joshua\Start Menu\Programs\Startup\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 17:45:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-02-10 15:11:08]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 0258]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mszsrn32]

R3 NVENET;NVIDIA nForce MCP Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
S2 Install Driver Table Manager;Install Driver Manager;"C:\WINDOWS\wpablan.exe"
S2 MsaSvc;Microsoft authenticate service;C:\WINDOWS\System32\msasvc.exe
S3 dump_wmimmc;dump_wmimmc;\??\C:\Program Files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys
S3 spydetector;spydetector;\??\C:\Program Files\Spyware Process Detector\spydetector.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44dba336-afc9-11db-b938-0090d0a67f28}]
AutoRun\command- Don't_Tell_The_Professionals!_-_CD1.exe


Contents of the 'Scheduled Tasks' folder
2007-08-12 17:24:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
2007-05-17 14:45:05 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1168357262.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
2007-04-27 2314 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 18:53:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 18:55:43 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-12 18:55

--- E O F ---
__________________
Currently Playing:
CS: Source; CM 2008; GuildWars: Prophecies and Nightfall; AOE II (rave); FlyFF
Mortson is offline