Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
How do i remove Win32/Rustock.gen!C How do i remove Win32/Rustock.gen!C
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 04-02-2007, 08:44 AM   #1 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 3
OS: XP


How do i remove Win32/Rustock.gen!C
Hi ya,

after getting the Win32/Rustock.gen!C virus on my computer.
The computer automatically shuts itself down about every 15 minutes, it's very annoying

Anyway, i've ran numerous scans to try and remove it, but no luck i'm afraid.

Would you know how to get rid of this virus???


Thanks an absolute million!
robburke1980 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-02-2007, 09:21 AM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 25,482
OS: 2000 Pro; XP Pro; XP Home


Re: How do i remove Win32/Rustock.gen!C
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006
Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum.

Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-02-2007, 09:38 AM   #3 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 3
OS: XP


Re: How do i remove Win32/Rustock.gen!C
Main.txt

Deckard's System Scanner v20070328.36
Run by User 1 on 2007-04-02 at 17:34:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as User 1.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 17:34:59, on 02/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\windows\system32\uvcx.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User 1\Local Settings\Temporary Internet Files\Content.IE5\G5MNG1ER\dss[1].exe
C:\PROGRA~1\HIJACK~1\User 1.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {337C54C9-80C1-4de2-93CD-AAA510834074} - C:\WINDOWS\system32\lafA1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://planenquiry.corkcity.ie/MapCo...d/mgaxctrl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


-- Files created between 2007-03-02 and 2007-04-02 -----------------------------

2007-04-02 15:55:18 0 d-------- C:\Program Files\RegCure
2007-04-02 15:27:29 0 d-------- C:\Program Files\Windows Live Safety Center<WIE5D0~1>
2007-04-01 13:49:28 139776 --a------ C:\WINDOWS\system32\Knt12.sys
2007-03-30 22:16:28 73098 --a------ C:\WINDOWS\system32\lzx32.sys
2007-03-30 22:16:13 46176 --a------ C:\WINDOWS\system32\ipv6monr.dll
2007-03-30 22:16:12 84992 --a------ C:\WINDOWS\csm.exe
2007-03-30 10:14:26 0 --a------ C:\WINDOWS\system32\692D963F.exe
2007-03-30 10:14:26 72 --a------ C:\WINDOWS\system32\26106
2007-03-30 10:13:24 42552 --a------ C:\WINDOWS\system32\msvcrl.dll
2007-03-30 10:13:24 80384 --a------ C:\WINDOWS\installer.exe<INSTAL~1.EXE>
2007-03-30 10:12:57 17408 --a------ C:\WINDOWS\system32\uvcx.exe
2007-03-19 12:08:46 0 d-------- C:\WINDOWS\Sun
2007-03-19 12:08:45 0 d-------- C:\Documents and Settings\User 1\Application Data\Sun
2007-03-16 23:49:32 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-03-16 23:49:24 0 d-------- C:\fca842a91495bf939d1e795ac4<FCA842~1>
2007-03-16 19:24:26 0 d-------- C:\Documents and Settings\User 1\Application Data\HP
2007-03-16 19:23:46 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-03-16 19:17:56 0 d-------- C:\Program Files\Common Files\HP
2007-03-16 19:13:36 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-03-16 19:12:50 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-03-16 19:08:11 16496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-03-16 19:08:10 49664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-03-16 1956 77824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-03-16 1953 48128 --a------ C:\WINDOWS\system32\hpzll054.dll
2007-03-16 19:00:26 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-03-16 19:00:26 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-03-16 19:00:26 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-03-16 19:00:26 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-03-16 19:00:25 65536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-03-16 19:00:25 282680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-03-16 18:53:55 0 d-------- C:\Program Files\HP
2007-03-16 18:52:50 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-03-16 18:52:39 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-03-16 18:49:12 121141 --a------ C:\WINDOWS\hpoins11.dat
2007-03-16 18:11:00 0 d-------- C:\Documents and Settings\User 1\Application Data\Google
2007-03-16 18:07:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-03-16 1851 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater<GOOGLE~1>
2007-03-16 1848 0 d-------- C:\Program Files\Google
2007-03-11 18:37:38 0 d-------- C:\Documents and Settings\User 1\Shared
2007-03-11 18:37:36 0 d-------- C:\Documents and Settings\User 1\Incomplete<INCOMP~1>
2007-03-11 18:33:16 0 d-------- C:\Program Files\Java
2007-03-11 18:32:01 0 d-------- C:\Program Files\Common Files\Java
2007-03-11 18:31:54 0 d-------- C:\Program Files\LimeWire
2007-03-11 18:09:55 0 d-------- C:\Documents and Settings\User 1\.limewire<LIMEWI~1>


-- Find3M Report ---------------------------------------------------------------

2007-04-02 14:32:21 0 d-------- C:\Program Files\Norton AntiVirus<NORTON~1>
2007-03-31 17:01:47 0 d-------- C:\Program Files\XoftSpy
2007-03-16 18:07:09 159707 --a------ C:\WINDOWS\Google Pack Screensaver Uninstaller.exe<GOOGLE~1.EXE>
2007-03-16 10:23:32 0 d-------- C:\Documents and Settings\User 1\Application Data\U3
2007-03-10 13:31:53 0 d-------- C:\Program Files\MalwaresWipeds<MALWAR~1>
2007-03-07 11:05:42 0 d---s---- C:\Documents and Settings\User 1\Application Data\Microsoft<MICROS~1>
2007-02-27 20:54:58 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-02-27 20:52:24 0 d-------- C:\Program Files\Windows Media Connect<WI88B7~1>
2007-02-26 21:50:23 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-25 10:56:31 0 d-------- C:\Program Files\The Wonga Wizard<THEWON~1>
2007-02-24 21:11:17 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-02-24 21:11:08 0 d-------- C:\Program Files\Microsoft AntiSpyware<MIAF83~1>
2007-02-24 17:44:42 49152 --a------ C:\WINDOWS\system32\lafA1.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"PowerBar"=""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"uvnx"="c:\\windows\\system32\\uvcx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{8329660f-e248-4872-98cc-fb9c4fec7ba8}"="didynamia"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Power2GoExpress"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-04-02 at 17:35:22 ---------
Attached Files
File Type: txt extra.txt (10.5 KB, 1 views)
robburke1980 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-02-2007, 09:47 AM   #4 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 3
OS: XP


Re: How do i remove Win32/Rustock.gen!C
Deckard's System Scanner v20070328.36
Run by User 1 on 2007-04-02 at 17:34:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as User 1.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 17:34:59, on 02/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\windows\system32\uvcx.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User 1\Local Settings\Temporary Internet Files\Content.IE5\G5MNG1ER\dss[1].exe
C:\PROGRA~1\HIJACK~1\User 1.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {337C54C9-80C1-4de2-93CD-AAA510834074} - C:\WINDOWS\system32\lafA1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://planenquiry.corkcity.ie/MapCo...d/mgaxctrl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


-- Files created between 2007-03-02 and 2007-04-02 -----------------------------

2007-04-02 15:55:18 0 d-------- C:\Program Files\RegCure
2007-04-02 15:27:29 0 d-------- C:\Program Files\Windows Live Safety Center<WIE5D0~1>
2007-04-01 13:49:28 139776 --a------ C:\WINDOWS\system32\Knt12.sys
2007-03-30 22:16:28 73098 --a------ C:\WINDOWS\system32\lzx32.sys
2007-03-30 22:16:13 46176 --a------ C:\WINDOWS\system32\ipv6monr.dll
2007-03-30 22:16:12 84992 --a------ C:\WINDOWS\csm.exe
2007-03-30 10:14:26 0 --a------ C:\WINDOWS\system32\692D963F.exe
2007-03-30 10:14:26 72 --a------ C:\WINDOWS\system32\26106
2007-03-30 10:13:24 42552 --a------ C:\WINDOWS\system32\msvcrl.dll
2007-03-30 10:13:24 80384 --a------ C:\WINDOWS\installer.exe<INSTAL~1.EXE>
2007-03-30 10:12:57 17408 --a------ C:\WINDOWS\system32\uvcx.exe
2007-03-19 12:08:46 0 d-------- C:\WINDOWS\Sun
2007-03-19 12:08:45 0 d-------- C:\Documents and Settings\User 1\Application Data\Sun
2007-03-16 23:49:32 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-03-16 23:49:24 0 d-------- C:\fca842a91495bf939d1e795ac4<FCA842~1>
2007-03-16 19:24:26 0 d-------- C:\Documents and Settings\User 1\Application Data\HP
2007-03-16 19:23:46 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-03-16 19:17:56 0 d-------- C:\Program Files\Common Files\HP
2007-03-16 19:13:36 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-03-16 19:12:50 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-03-16 19:08:11 16496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-03-16 19:08:10 49664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-03-16 1956 77824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-03-16 1953 48128 --a------ C:\WINDOWS\system32\hpzll054.dll
2007-03-16 19:00:26 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-03-16 19:00:26 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-03-16 19:00:26 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-03-16 19:00:26 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-03-16 19:00:25 65536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-03-16 19:00:25 282680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-03-16 18:53:55 0 d-------- C:\Program Files\HP
2007-03-16 18:52:50 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-03-16 18:52:39 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-03-16 18:49:12 121141 --a------ C:\WINDOWS\hpoins11.dat
2007-03-16 18:11:00 0 d-------- C:\Documents and Settings\User 1\Application Data\Google
2007-03-16 18:07:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-03-16 1851 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater<GOOGLE~1>
2007-03-16 1848 0 d-------- C:\Program Files\Google
2007-03-11 18:37:38 0 d-------- C:\Documents and Settings\User 1\Shared
2007-03-11 18:37:36 0 d-------- C:\Documents and Settings\User 1\Incomplete<INCOMP~1>
2007-03-11 18:33:16 0 d-------- C:\Program Files\Java
2007-03-11 18:32:01 0 d-------- C:\Program Files\Common Files\Java
2007-03-11 18:31:54 0 d-------- C:\Program Files\LimeWire
2007-03-11 18:09:55 0 d-------- C:\Documents and Settings\User 1\.limewire<LIMEWI~1>


-- Find3M Report ---------------------------------------------------------------

2007-04-02 14:32:21 0 d-------- C:\Program Files\Norton AntiVirus<NORTON~1>
2007-03-31 17:01:47 0 d-------- C:\Program Files\XoftSpy
2007-03-16 18:07:09 159707 --a------ C:\WINDOWS\Google Pack Screensaver Uninstaller.exe<GOOGLE~1.EXE>
2007-03-16 10:23:32 0 d-------- C:\Documents and Settings\User 1\Application Data\U3
2007-03-10 13:31:53 0 d-------- C:\Program Files\MalwaresWipeds<MALWAR~1>
2007-03-07 11:05:42 0 d---s---- C:\Documents and Settings\User 1\Application Data\Microsoft<MICROS~1>
2007-02-27 20:54:58 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-02-27 20:52:24 0 d-------- C:\Program Files\Windows Media Connect<WI88B7~1>
2007-02-26 21:50:23 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-25 10:56:31 0 d-------- C:\Program Files\The Wonga Wizard<THEWON~1>
2007-02-24 21:11:17 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-02-24 21:11:08 0 d-------- C:\Program Files\Microsoft AntiSpyware<MIAF83~1>
2007-02-24 17:44:42 49152 --a------ C:\WINDOWS\system32\lafA1.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"PowerBar"=""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"uvnx"="c:\\windows\\system32\\uvcx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{8329660f-e248-4872-98cc-fb9c4fec7ba8}"="didynamia"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Power2GoExpress"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-04-02 at 17:35:22 ---------
robburke1980 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-02-2007, 10:22 AM   #5 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 25,482
OS: 2000 Pro; XP Pro; XP Home


Re: How do i remove Win32/Rustock.gen!C
One or more of the identified infections is an info stealer.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

---------------------------------------------------------------------------------------------

Download combofix.exe to your desktop.


* IMPORTANT !!! Place it on your Desktop.


Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\combofix.exe" /v lafA1 ipv6monr
When finished, it shall produce a log for you. Post that log in your next reply along with a new HijackThis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------

Also, please do this:

Please go to: VirusTotal
  • At the top of the page you'll find a "Browse" button.
  • Next to the browse button you'll see a box to enter text.
  • Please copy/paste the following in BOLD:

    C:\WINDOWS\system32\Knt12.sys

  • Then click the "Send" button at the top of the VirusTotal page.
  • This will scan the file. Please be patient.
  • Then repeat as above for the following files in BOLD:

    C:\WINDOWS\system32\692D963F.exe
    C:\WINDOWS\system32\26106
    C:\WINDOWS\system32\msvcrl.dll
  • Once scanned, copy and paste the results in your next reply.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006
Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum.

Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience.
Last edited by tetonbob : 04-02-2007 at 10:24 AM.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-02-2007, 10:35 AM   #6 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 25,482
OS: 2000 Pro; XP Pro; XP Home


Re: How do i remove Win32/Rustock.gen!C
Quote:
AV: Norton AntiVirus v2004 (Symantec Corporation) Outdated
Additionally, it appears as though your Norton subscription is outdated. If this is the case, you're not as well protected against threats as you should be.

Is the subscription expired? I'd be glad to give you links to excellent freeware AV programs.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006
Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum.

Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:11 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82