Win32/Rustock.gen!C help needed please!!!

Mortson · 08-12-2007, 09:01 AM

Hi guys,

I have the Win32/Rustock.gen!C virus on my computer and I can't get rid of it. Can somebody help me please?

Thanks.

Mortson · 08-12-2007, 09:02 AM

My HijackThis log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 16:57:32, on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjk\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [xi4dc] c:\program files\habbo\activex\please goto system32\files\ocx\dll\data\csrss.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xi4dc] c:\program files\habbo\activex\please goto system32\files\ocx\dll\data\csrss.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8eb85512b2344245b17926c4bbee6551
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8eb85512b2344245b17926c4bbee6551
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joshua\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Homepage - {25D93640-EFB4-4335-B0C9-8189D26504CA} - http://bt.yahoo.com (file missing) (HKCU)
O9 - Extra button: BT - {7EA563BC-0C67-4487-AB4D-6FF2E1EBE9F8} - http://www.bt.com (file missing) (HKCU)
O16 - DPF: Yahoo! Blackjack - http://download2.games.yahoo.com/gam...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/gam...ts/y/ct5_x.cab
O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/gam...ts/y/ht1_x.cab
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/gam...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/gam...s/y/poti_x.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1168724651500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168805068015
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/...y4LotTeleX.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport...ScapeTeleX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

tetonbob · 08-12-2007, 10:27 AM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download combofix.exe to your desktop.
Disconnect from the internet....pull the plug!
Disable your real time protection of your Anti-Virus. Exit the program via the SystemTray icon.
Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------
Re-enable your Anti-Virus if it is not active...a reboot should have re-activated it.
Re-establish an internet connection.
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
Create an uninstall list:

With HiJackThis still open
- Click on the configure button on the bottom right
- Click on the tab "Misc Tools"
- Click on the Box that says "Open Uninstall Manager"
- Click on the button "Save list"
- Copy and past the List from the notepad file into your post
---------------------------------------------------------------------------------------------

Mortson · 08-12-2007, 10:59 AM

ComboFix log below:

ComboFix 07-08-12.5 - "Joshua" 2007-08-12 18:50:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.227 [GMT 1:00]

ADS removed - system32: deleted 55004 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\FTPx.dll

((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))

2007-08-12 18:44 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 08:20 <DIR> d-------- C:\Program Files\Arcane Light Messenger Tools 4.1
2007-08-09 08:19 <DIR> d-------- C:\Program Files\Download Manager
2007-08-08 12:17 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(6).sys
2007-08-08 09:10 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(7).sys
2007-08-08 07:55 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(8).sys
2007-08-07 08:59 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(9).sys
2007-08-04 18:18 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(10).sys
2007-08-04 13:53 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(11).sys
2007-08-04 10:51 5,505,024 --a------ C:\DOCUME~1\Joshua\ntuser.dat
2007-08-01 07:13 <DIR> d-------- C:\Program Files\AoA Audio Extractor
2007-07-28 18:57 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-07-28 16:28 <DIR> d-------- C:\Program Files\NCH Software
2007-07-28 16:16 <DIR> d-------- C:\Program Files\YouTube Video Downloader
2007-07-19 21:44 <DIR> d-------- C:\Program Files\Chronograph
2007-07-16 19:04 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-16 19:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-16 19:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-12 07:24 <DIR> d-------- C:\Program Files\AnalogX
2007-07-12 07:19 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
2007-07-12 07:19 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
2007-07-12 07:19 <DIR> d-------- C:\Program Files\Acoustica DJ Twist And Burn
2007-07-12 07:19 <DIR> d-------- C:\DOCUME~1\Joshua\APPLIC~1\Acoustica
2007-07-12 07:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 18:54 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\OpenOffice.org2
2007-08-12 17:00 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-08-10 21:57 --------- d-------- C:\Program Files\CRB
2007-08-09 18:00 --------- d-------- C:\Program Files\NCH Swift Sound
2007-08-09 10:08 --------- d-------- C:\Program Files\GameSpy Arcade
2007-08-09 08:19 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-09 08:13 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\IGN_DLM
2007-08-08 13:03 --------- d-------- C:\Program Files\eMule
2007-08-01 17:06 --------- d-------- C:\Program Files\FST Calculator
2007-07-28 19:15 --------- d-------- C:\Program Files\Gpotato
2007-07-22 22:04 --------- d-------- C:\Program Files\Google
2007-07-09 17:52 --------- d-------- C:\Program Files\Winamp
2007-07-09 17:09 80 -r-hs---- C:\WINDOWS\system32\57906271A7.dll
2007-07-09 17:09 --------- d-------- C:\Program Files\Amond Software
2007-07-08 09:34 --------- d-------- C:\Program Files\Activision
2007-07-05 17:50 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\Reno 911 Paintball
2007-06-30 18:33 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-29 19:37 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\NCH Swift Sound
2007-06-26 17:26 --------- d-------- C:\Program Files\TalkTalk
2007-06-26 17:26 --------- d-------- C:\Program Files\SupportSoft
2007-06-26 17:26 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-26 16:39 --------- d-------- C:\Program Files\Common Files\AVSMedia
2007-06-25 19:58 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\MSN6
2007-06-24 17:51 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\Hewlett-Packard
2007-06-24 09:26 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(3).sys
2007-06-21 16:27 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(4).sys
2007-06-20 17:21 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(5).sys
2007-06-19 17:04 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(2).sys
2007-06-13 21:24 --------- d-------- C:\Program Files\Canon
2007-06-11 22:15 203264 --a------ C:\WINDOWS\system32\MCW32.DLL
2007-06-07 22:17 876032 --a------ C:\WINDOWS\system32\VFP6RENU.DLL
2007-06-07 22:17 69632 --a------ C:\WINDOWS\system32\DZSTACTX.DLL
2007-06-07 22:17 6656 --a------ C:\WINDOWS\system32\FOXHHELPPS.DLL
2007-06-07 22:17 61440 --a------ C:\WINDOWS\system32\WWIPSTUF.DLL
2007-06-07 22:17 3373328 --a------ C:\WINDOWS\system32\VFP6R.DLL
2007-06-07 22:17 26112 --a------ C:\WINDOWS\system32\FOXHHELP.EXE
2007-06-07 22:17 24990 --a------ C:\WINDOWS\system32\VFP6RUN.EXE
2007-06-07 22:17 249856 --a------ C:\WINDOWS\system32\DZACTX.DLL
2007-06-07 22:17 229376 --a------ C:\WINDOWS\system32\DUZACTX.DLL
2007-06-07 22:17 120056 --a------ C:\WINDOWS\system32\PINGX.DLL
2007-06-07 22:17 118784 --a------ C:\WINDOWS\system32\RASX.DLL
2007-05-16 16:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 16:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 16:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 16:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 16:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 09:34]
"nForce Tray Options"="sstray.exe" [2002-12-05 13:23 C:\WINDOWS\system32\sstray.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-25 01:00]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [2005-08-16 00:12]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-08 19:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57]
"Chronograph"="C:\Program Files\Chronograph\chrono.exe" [2007-04-24 22:38]

C:\Documents and Settings\Joshua\Start Menu\Programs\Startup\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 17:45:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-02-10 15:11:08]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02

58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mszsrn32]

R3 NVENET;NVIDIA nForce MCP Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
S2 Install Driver Table Manager;Install Driver Manager;"C:\WINDOWS\wpablan.exe"
S2 MsaSvc;Microsoft authenticate service;C:\WINDOWS\System32\msasvc.exe
S3 dump_wmimmc;dump_wmimmc;\??\C:\Program Files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys
S3 spydetector;spydetector;\??\C:\Program Files\Spyware Process Detector\spydetector.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44dba336-afc9-11db-b938-0090d0a67f28}]
AutoRun\command- Don't_Tell_The_Professionals!_-_CD1.exe

Contents of the 'Scheduled Tasks' folder
2007-08-12 17:24:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
2007-05-17 14:45:05 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1168357262.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
2007-04-27 23

14 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 18:53:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 18:55:43 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-12 18:55

--- E O F ---

Mortson · 08-12-2007, 10:59 AM

HijackThis log below:

Logfile of HijackThis v1.99.1
Scan saved at 18:59:31, on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hjk\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8eb85512b2344245b17926c4bbee6551
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8eb85512b2344245b17926c4bbee6551
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joshua\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Homepage - {25D93640-EFB4-4335-B0C9-8189D26504CA} - http://bt.yahoo.com (file missing) (HKCU)
O9 - Extra button: BT - {7EA563BC-0C67-4487-AB4D-6FF2E1EBE9F8} - http://www.bt.com (file missing) (HKCU)
O16 - DPF: Yahoo! Blackjack - http://download2.games.yahoo.com/gam...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/gam...ts/y/ct5_x.cab
O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/gam...ts/y/ht1_x.cab
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/gam...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/gam...s/y/poti_x.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1168724651500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168805068015
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/...y4LotTeleX.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport...ScapeTeleX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Mortson · 08-12-2007, 11:01 AM

Uninstall list below:

Acoustica Effects Pack
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player
Amond 3GP Video Converter V1.2.4
AoA Audio Extractor 1.0
Arcane Light Messenger Tools 4.1
ATI Display Driver
AVG Anti-Spyware 7.5
AVG Free Edition
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Chronograph 6.20
CRB PowerSystem
CRB PowerSystem software for TESS
DJ Twist & Burn
Download Manager 2.3.6
eMule
eSignal
FST Calculator
GameShadow
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1100 series
hp psc 1100 series
Investor Ease for Windows
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Map Button (Windows Live Toolbar)
Messenger Plus! Live
MetaTrader 4.00
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Publisher 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Mozilla Firefox (2.0.0.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
NetHelp
NVIDIA nForce Utilities
NVIDIA Windows 2000/XP nForce Drivers
OneCare Advisor (Windows Live Toolbar)
OpenOffice.org 2.1
Popup Blocker (Windows Live Toolbar)
Prism
QuickTime
RealPlayer
Rome - Total War(TM)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
SigmaTel MSCN Audio Player
Smart Menus (Windows Live Toolbar)
SpeedTouch USB Software
Spybot - Search & Destroy 1.4
Tabbed Browsing (Windows Live Toolbar)
TalkTalk Assist & Go
TOSHIBA Bluetooth Stack for Windows by CSR and Apache
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
WavePad Uninstall
Windows Installer 3.1 (KB893803)
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
YouTube Video Downloader V2.0
ZoneAlarm

tetonbob · 08-12-2007, 11:16 AM

What was alerting you to Rustock, and is it still?

---------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) SE Runtime Environment 6 Update 1

These are all outdated, and security risks by having them installed still. Unfortunately, Java does not uninstall previous version when you update, nor tell you that you should.

Leave Java(TM) 6 Update 2 alone, as it is the most recent.

---------------------------------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/173879-win32-rustock-gen-c-help-needed-please.html

Suspect::[28]
c:\program files\habbo\activex\please goto system32\files\ocx\dll\data\csrss.exe

File::
C:\WINDOWS\System32\msasvc.exe

Driver::
MsaSvc

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mszsrn32]

Save this as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Mortson · 08-12-2007, 11:41 AM

Quote:

Originally Posted by tetonbob

What was alerting you to Rustock, and is it still?

---------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) SE Runtime Environment 6 Update 1

These are all outdated, and security risks by having them installed still. Unfortunately, Java does not uninstall previous version when you update, nor tell you that you should.

Leave Java(TM) 6 Update 2 alone, as it is the most recent.

---------------------------------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Windows Live OneCare alerted me.

Thanks for your help so far. I'm just doing what you requested now.

Mortson · 08-12-2007, 11:55 AM

I sent you the file you requested.

Latest HijackThis scan below:

Logfile of HijackThis v1.99.1
Scan saved at 19:55:29, on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hjk\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8eb85512b2344245b17926c4bbee6551
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8eb85512b2344245b17926c4bbee6551
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joshua\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Homepage - {25D93640-EFB4-4335-B0C9-8189D26504CA} - http://bt.yahoo.com (file missing) (HKCU)
O9 - Extra button: BT - {7EA563BC-0C67-4487-AB4D-6FF2E1EBE9F8} - http://www.bt.com (file missing) (HKCU)
O16 - DPF: Yahoo! Blackjack - http://download2.games.yahoo.com/gam...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/gam...ts/y/ct5_x.cab
O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/gam...ts/y/ht1_x.cab
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/gam...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/gam...s/y/poti_x.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1168724651500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168805068015
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/...y4LotTeleX.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport...ScapeTeleX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Mortson · 08-12-2007, 01:06 PM

Will pick this up tomorrow.

Thanks for the help so far.

tetonbob · 08-12-2007, 03:10 PM

Hello -

You should also post the most recent ComboFix log. It's located at C:\ComboFix.txt

Is Windows Live OneCare still alerting you to Rustock? I would think not....but I'd like for you to tell me.

Mortson · 08-13-2007, 12:13 AM

OneCare only alerts me when the computer crashes and the computer hasn't crashed since before I started the thread.

I sent you a file like you said but in your previous post you said you wanted the last ComboFix log so here it is.

ComboFix 07-08-12.5 - "Joshua" 2007-08-12 18:50:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.227 [GMT 1:00]

ADS removed - system32: deleted 55004 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\FTPx.dll

((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))

2007-08-12 18:44 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 08:20 <DIR> d-------- C:\Program Files\Arcane Light Messenger Tools 4.1
2007-08-09 08:19 <DIR> d-------- C:\Program Files\Download Manager
2007-08-08 12:17 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(6).sys
2007-08-08 09:10 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(7).sys
2007-08-08 07:55 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(8).sys
2007-08-07 08:59 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(9).sys
2007-08-04 18:18 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(10).sys
2007-08-04 13:53 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(11).sys
2007-08-04 10:51 5,505,024 --a------ C:\DOCUME~1\Joshua\ntuser.dat
2007-08-01 07:13 <DIR> d-------- C:\Program Files\AoA Audio Extractor
2007-07-28 18:57 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-07-28 16:28 <DIR> d-------- C:\Program Files\NCH Software
2007-07-28 16:16 <DIR> d-------- C:\Program Files\YouTube Video Downloader
2007-07-19 21:44 <DIR> d-------- C:\Program Files\Chronograph
2007-07-16 19:04 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-16 19:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-16 19:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-12 07:24 <DIR> d-------- C:\Program Files\AnalogX
2007-07-12 07:19 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
2007-07-12 07:19 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
2007-07-12 07:19 <DIR> d-------- C:\Program Files\Acoustica DJ Twist And Burn
2007-07-12 07:19 <DIR> d-------- C:\DOCUME~1\Joshua\APPLIC~1\Acoustica
2007-07-12 07:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 18:54 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\OpenOffice.org2
2007-08-12 17:00 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-08-10 21:57 --------- d-------- C:\Program Files\CRB
2007-08-09 18:00 --------- d-------- C:\Program Files\NCH Swift Sound
2007-08-09 10:08 --------- d-------- C:\Program Files\GameSpy Arcade
2007-08-09 08:19 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-09 08:13 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\IGN_DLM
2007-08-08 13:03 --------- d-------- C:\Program Files\eMule
2007-08-01 17:06 --------- d-------- C:\Program Files\FST Calculator
2007-07-28 19:15 --------- d-------- C:\Program Files\Gpotato
2007-07-22 22:04 --------- d-------- C:\Program Files\Google
2007-07-09 17:52 --------- d-------- C:\Program Files\Winamp
2007-07-09 17:09 80 -r-hs---- C:\WINDOWS\system32\57906271A7.dll
2007-07-09 17:09 --------- d-------- C:\Program Files\Amond Software
2007-07-08 09:34 --------- d-------- C:\Program Files\Activision
2007-07-05 17:50 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\Reno 911 Paintball
2007-06-30 18:33 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-29 19:37 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\NCH Swift Sound
2007-06-26 17:26 --------- d-------- C:\Program Files\TalkTalk
2007-06-26 17:26 --------- d-------- C:\Program Files\SupportSoft
2007-06-26 17:26 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-26 16:39 --------- d-------- C:\Program Files\Common Files\AVSMedia
2007-06-25 19:58 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\MSN6
2007-06-24 17:51 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\Hewlett-Packard
2007-06-24 09:26 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(3).sys
2007-06-21 16:27 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(4).sys
2007-06-20 17:21 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(5).sys
2007-06-19 17:04 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(2).sys
2007-06-13 21:24 --------- d-------- C:\Program Files\Canon
2007-06-11 22:15 203264 --a------ C:\WINDOWS\system32\MCW32.DLL
2007-06-07 22:17 876032 --a------ C:\WINDOWS\system32\VFP6RENU.DLL
2007-06-07 22:17 69632 --a------ C:\WINDOWS\system32\DZSTACTX.DLL
2007-06-07 22:17 6656 --a------ C:\WINDOWS\system32\FOXHHELPPS.DLL
2007-06-07 22:17 61440 --a------ C:\WINDOWS\system32\WWIPSTUF.DLL
2007-06-07 22:17 3373328 --a------ C:\WINDOWS\system32\VFP6R.DLL
2007-06-07 22:17 26112 --a------ C:\WINDOWS\system32\FOXHHELP.EXE
2007-06-07 22:17 24990 --a------ C:\WINDOWS\system32\VFP6RUN.EXE
2007-06-07 22:17 249856 --a------ C:\WINDOWS\system32\DZACTX.DLL
2007-06-07 22:17 229376 --a------ C:\WINDOWS\system32\DUZACTX.DLL
2007-06-07 22:17 120056 --a------ C:\WINDOWS\system32\PINGX.DLL
2007-06-07 22:17 118784 --a------ C:\WINDOWS\system32\RASX.DLL
2007-05-16 16:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 16:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 16:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 16:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 16:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 09:34]
"nForce Tray Options"="sstray.exe" [2002-12-05 13:23 C:\WINDOWS\system32\sstray.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-25 01:00]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [2005-08-16 00:12]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-08 19:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57]
"Chronograph"="C:\Program Files\Chronograph\chrono.exe" [2007-04-24 22:38]

C:\Documents and Settings\Joshua\Start Menu\Programs\Startup\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 17:45:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-02-10 15:11:08]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02

58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mszsrn32]

R3 NVENET;NVIDIA nForce MCP Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
S2 Install Driver Table Manager;Install Driver Manager;"C:\WINDOWS\wpablan.exe"
S2 MsaSvc;Microsoft authenticate service;C:\WINDOWS\System32\msasvc.exe
S3 dump_wmimmc;dump_wmimmc;\??\C:\Program Files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys
S3 spydetector;spydetector;\??\C:\Program Files\Spyware Process Detector\spydetector.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44dba336-afc9-11db-b938-0090d0a67f28}]
AutoRun\command- Don't_Tell_The_Professionals!_-_CD1.exe

Contents of the 'Scheduled Tasks' folder
2007-08-12 17:24:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
2007-05-17 14:45:05 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1168357262.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
2007-04-27 23

14 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 18:53:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 18:55:43 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-12 18:55

--- E O F ---

tetonbob · 08-13-2007, 08:11 AM

Sorry, but I'm a bit perplexed.

If you ran the instructions in Post #7, which it appears as though you did, because I did receive the file submisson, there should have been produced a different ComboFix log. The one you just posted is the very same as the first one. Both have the same time stamp.

"Joshua" 2007-08-12 18:50:24.1

Did you happen to save the second log as something else?

You should have ComboFix.txt and ComboFix2.txt now. It is ComboFix.txt I'd like to see, this is just to confirm some things for me, but we can work without it if need be.

At any rate...if you can find it, I'd like to see it.

Let's do this now...

I see you have AVG Anti-Spyware already. Please update it's definitions, and run a scan where I have placed it in this fix.

Run AVG Anti-Spyware

From the main screen, click on update, then click the Start
update button.
After the update finishes (the status bar at the bottom will display "Update
successful")
select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Do Not Automatically generate report after every scan"
Exit AVG Anti-Spyware. DO NOT scan yet.

---------------------------------------------------------------------------------------------

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.

---------------------------------------------------------------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the licence, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Mortson · 08-13-2007, 09:03 AM

Ah sorry. I posted CF2.txt last time. Here is CF.txt.

ComboFix 07-08-12.5 - "Joshua" 2007-08-12 19:47:06.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.155 [GMT 1:00]
Command switches used :: C:\Documents and Settings\Joshua\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\System32\msasvc.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_MSASVC
-------\MsaSvc

((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))

2007-08-12 18:44 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 08:20 <DIR> d-------- C:\Program Files\Arcane Light Messenger Tools 4.1
2007-08-09 08:19 <DIR> d-------- C:\Program Files\Download Manager
2007-08-08 12:17 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(6).sys
2007-08-08 09:10 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(7).sys
2007-08-08 07:55 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(8).sys
2007-08-07 08:59 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(9).sys
2007-08-04 18:18 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(10).sys
2007-08-04 13:53 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(11).sys
2007-08-04 10:51 5,505,024 --a------ C:\DOCUME~1\Joshua\ntuser.dat
2007-08-01 07:13 <DIR> d-------- C:\Program Files\AoA Audio Extractor
2007-07-28 18:57 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-07-28 16:28 <DIR> d-------- C:\Program Files\NCH Software
2007-07-28 16:16 <DIR> d-------- C:\Program Files\YouTube Video Downloader
2007-07-19 21:44 <DIR> d-------- C:\Program Files\Chronograph
2007-07-16 19:04 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-16 19:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-16 19:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-12 07:24 <DIR> d-------- C:\Program Files\AnalogX
2007-07-12 07:19 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
2007-07-12 07:19 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
2007-07-12 07:19 <DIR> d-------- C:\Program Files\Acoustica DJ Twist And Burn
2007-07-12 07:19 <DIR> d-------- C:\DOCUME~1\Joshua\APPLIC~1\Acoustica
2007-07-12 07:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 19:52 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\OpenOffice.org2
2007-08-12 17:00 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-08-10 21:57 --------- d-------- C:\Program Files\CRB
2007-08-09 18:00 --------- d-------- C:\Program Files\NCH Swift Sound
2007-08-09 10:08 --------- d-------- C:\Program Files\GameSpy Arcade
2007-08-09 08:19 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-09 08:13 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\IGN_DLM
2007-08-08 13:03 --------- d-------- C:\Program Files\eMule
2007-08-01 17:06 --------- d-------- C:\Program Files\FST Calculator
2007-07-28 19:15 --------- d-------- C:\Program Files\Gpotato
2007-07-22 22:04 --------- d-------- C:\Program Files\Google
2007-07-09 17:52 --------- d-------- C:\Program Files\Winamp
2007-07-09 17:09 80 -r-hs---- C:\WINDOWS\system32\57906271A7.dll
2007-07-09 17:09 --------- d-------- C:\Program Files\Amond Software
2007-07-08 09:34 --------- d-------- C:\Program Files\Activision
2007-07-05 17:50 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\Reno 911 Paintball
2007-06-30 18:33 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-29 19:37 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\NCH Swift Sound
2007-06-26 17:26 --------- d-------- C:\Program Files\TalkTalk
2007-06-26 17:26 --------- d-------- C:\Program Files\SupportSoft
2007-06-26 17:26 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-26 16:39 --------- d-------- C:\Program Files\Common Files\AVSMedia
2007-06-25 19:58 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\MSN6
2007-06-24 17:51 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\Hewlett-Packard
2007-06-24 09:26 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(3).sys
2007-06-21 16:27 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(4).sys
2007-06-20 17:21 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(5).sys
2007-06-19 17:04 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(2).sys
2007-06-13 21:24 --------- d-------- C:\Program Files\Canon
2007-06-11 22:15 203264 --a------ C:\WINDOWS\system32\MCW32.DLL
2007-06-07 22:17 876032 --a------ C:\WINDOWS\system32\VFP6RENU.DLL
2007-06-07 22:17 69632 --a------ C:\WINDOWS\system32\DZSTACTX.DLL
2007-06-07 22:17 6656 --a------ C:\WINDOWS\system32\FOXHHELPPS.DLL
2007-06-07 22:17 61440 --a------ C:\WINDOWS\system32\WWIPSTUF.DLL
2007-06-07 22:17 3373328 --a------ C:\WINDOWS\system32\VFP6R.DLL
2007-06-07 22:17 26112 --a------ C:\WINDOWS\system32\FOXHHELP.EXE
2007-06-07 22:17 24990 --a------ C:\WINDOWS\system32\VFP6RUN.EXE
2007-06-07 22:17 249856 --a------ C:\WINDOWS\system32\DZACTX.DLL
2007-06-07 22:17 229376 --a------ C:\WINDOWS\system32\DUZACTX.DLL
2007-06-07 22:17 120056 --a------ C:\WINDOWS\system32\PINGX.DLL
2007-06-07 22:17 118784 --a------ C:\WINDOWS\system32\RASX.DLL
2007-05-16 16:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 16:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 16:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 16:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 16:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 09:34]
"nForce Tray Options"="sstray.exe" [2002-12-05 13:23 C:\WINDOWS\system32\sstray.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-25 01:00]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [2005-08-16 00:12]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-08 19:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57]
"Chronograph"="C:\Program Files\Chronograph\chrono.exe" [2007-04-24 22:38]

C:\Documents and Settings\Joshua\Start Menu\Programs\Startup\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 17:45:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-02-10 15:11:08]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02

58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)

R3 NVENET;NVIDIA nForce MCP Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
S2 Install Driver Table Manager;Install Driver Manager;"C:\WINDOWS\wpablan.exe"
S3 dump_wmimmc;dump_wmimmc;\??\C:\Program Files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys
S3 spydetector;spydetector;\??\C:\Program Files\Spyware Process Detector\spydetector.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44dba336-afc9-11db-b938-0090d0a67f28}]
AutoRun\command- Don't_Tell_The_Professionals!_-_CD1.exe

Contents of the 'Scheduled Tasks' folder
2007-08-12 18:24:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
2007-05-17 14:45:05 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1168357262.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
2007-04-27 23

14 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 19:51:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 19:53:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-12 19:53
C:\ComboFix2.txt ... 2007-08-12 18:55

--- E O F ---

tetonbob · 08-13-2007, 10:04 AM

Very good...thanks.

Please do continue with the steps outlined in my last post.

Mortson · 08-13-2007, 11:47 PM

Okay. AVG in safe mode finished and Kapersky is on 10% complete now.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:48:30 13/08/2007

+ Scan result:

:mozilla.119:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.48:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.49:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.68:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@pandasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.28:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.29:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.93:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.94:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.98:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.99:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.159:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.160:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.30:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.31:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.32:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.33:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.34:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.37:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.69:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Sue\Cookies\sue@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.84:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@com[1].txt -> TrackingCookie.Com : No action taken.
:mozilla.54:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.57:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Sue\Cookies\sue@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.67:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.68:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.70:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.71:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.72:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Sue\Cookies\sue@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.89:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.113:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.115:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.116:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.117:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Intelli-direct : No action taken.
:mozilla.66:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Sue\Cookies\sue@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.62:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.63:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.462:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.463:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.61:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.62:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.63:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.64:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.65:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.66:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Sue\Cookies\sue@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Sue\Cookies\sue@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.108:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Sextracker : No action taken.
:mozilla.95:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.96:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Joshua\Cookies\joshua@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Sue\Cookies\sue@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.25:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.26:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.35:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.36:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.37:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.38:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.39:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

::Report end

Mortson · 08-13-2007, 11:50 PM

You will notice how it says no action taken for a lot of them. This is because I had to do a system restore before having a chance to delete them because something I had changed was denying access to the internet.

Could you recommend a program that will stop trojans, viruses etc. into my computer?

tetonbob · 08-13-2007, 11:50 PM

Did you by any chance save the log before applying all actions?

Because as you can see, there was no action taken according to this log.

No real big deal in this case, as they are all cookies, which we can remove other ways easily enough....

Mortson · 08-13-2007, 11:55 PM

Good point. Thats probably what I did. Kapersky is at 17% now.

tetonbob · 08-13-2007, 11:58 PM

OK, thanks. We'll be sure to use other methods as well, to be sure we clear those cookies out.

Kaspersky scan will take a while.

I'll look for the log after I've grabbed some sleep.

08-12-2007, 09:01 AM	#1 (permalink)
Mortson Registered User Join Date: Aug 2007 Posts: 44 OS: XP Home	Win32/Rustock.gen!C help needed please!!! Hi guys, I have the Win32/Rustock.gen!C virus on my computer and I can't get rid of it. Can somebody help me please? Thanks.

08-12-2007, 09:02 AM	#2 (permalink)
Mortson Registered User Join Date: Aug 2007 Posts: 44 OS: XP Home	Re: Win32/Rustock.gen!C help needed please!!! My HijackThis log is as follows: Logfile of HijackThis v1.99.1 Scan saved at 16:57:32, on 12/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\sstray.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\TalkTalk\bin\sprtcmd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\hjk\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [xi4dc] c:\program files\habbo\activex\please goto system32\files\ocx\dll\data\csrss.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [xi4dc] c:\program files\habbo\activex\please goto system32\files\ocx\dll\data\csrss.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8eb85512b2344245b17926c4bbee6551 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8eb85512b2344245b17926c4bbee6551 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joshua\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Homepage - {25D93640-EFB4-4335-B0C9-8189D26504CA} - http://bt.yahoo.com (file missing) (HKCU) O9 - Extra button: BT - {7EA563BC-0C67-4487-AB4D-6FF2E1EBE9F8} - http://www.bt.com (file missing) (HKCU) O16 - DPF: Yahoo! Blackjack - http://download2.games.yahoo.com/gam...ts/y/jt0_x.cab O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/gam...ts/y/ct5_x.cab O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/gam...ts/y/ht1_x.cab O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/gam...ts/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/gam...s/y/poti_x.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/m...s/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1168724651500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168805068015 O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/...y4LotTeleX.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport...ScapeTeleX.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe (file missing) O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

08-12-2007, 10:27 AM	#3 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 32,560 OS: 2000 Pro; XP Pro; XP Home	Re: Win32/Rustock.gen!C help needed please!!! Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Download combofix.exe to your desktop. Disconnect from the internet....pull the plug! Disable your real time protection of your Anti-Virus. Exit the program via the SystemTray icon. Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall --------------------------------------------------------------------------------------------- Re-enable your Anti-Virus if it is not active...a reboot should have re-activated it. Re-establish an internet connection. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- Create an uninstall list: With HiJackThis still open Click on the configure button on the bottom right Click on the tab "Misc Tools" Click on the Box that says "Open Uninstall Manager" Click on the button "Save list" Copy and past the List from the notepad file into your post --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

08-12-2007, 10:59 AM	#4 (permalink)
Mortson Registered User Join Date: Aug 2007 Posts: 44 OS: XP Home	Re: Win32/Rustock.gen!C help needed please!!! ComboFix log below: ComboFix 07-08-12.5 - "Joshua" 2007-08-12 18:50:24.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.227 [GMT 1:00] ADS removed - system32: deleted 55004 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\FTPx.dll ((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 ))))))))))))))))))))))))))))))) 2007-08-12 18:44 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-09 08:20 <DIR> d-------- C:\Program Files\Arcane Light Messenger Tools 4.1 2007-08-09 08:19 <DIR> d-------- C:\Program Files\Download Manager 2007-08-08 12:17 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(6).sys 2007-08-08 09:10 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(7).sys 2007-08-08 07:55 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(8).sys 2007-08-07 08:59 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(9).sys 2007-08-04 18:18 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(10).sys 2007-08-04 13:53 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(11).sys 2007-08-04 10:51 5,505,024 --a------ C:\DOCUME~1\Joshua\ntuser.dat 2007-08-01 07:13 <DIR> d-------- C:\Program Files\AoA Audio Extractor 2007-07-28 18:57 <DIR> d-------- C:\WINDOWS\.jagex_cache_32 2007-07-28 16:28 <DIR> d-------- C:\Program Files\NCH Software 2007-07-28 16:16 <DIR> d-------- C:\Program Files\YouTube Video Downloader 2007-07-19 21:44 <DIR> d-------- C:\Program Files\Chronograph 2007-07-16 19:04 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-07-16 19:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-07-16 19:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-07-12 07:24 <DIR> d-------- C:\Program Files\AnalogX 2007-07-12 07:19 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll 2007-07-12 07:19 <DIR> d-------- C:\Program Files\Acoustica Shared Effects 2007-07-12 07:19 <DIR> d-------- C:\Program Files\Acoustica DJ Twist And Burn 2007-07-12 07:19 <DIR> d-------- C:\DOCUME~1\Joshua\APPLIC~1\Acoustica 2007-07-12 07:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-12 18:54 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\OpenOffice.org2 2007-08-12 17:00 --------- d-------- C:\Program Files\Windows Live Safety Center 2007-08-10 21:57 --------- d-------- C:\Program Files\CRB 2007-08-09 18:00 --------- d-------- C:\Program Files\NCH Swift Sound 2007-08-09 10:08 --------- d-------- C:\Program Files\GameSpy Arcade 2007-08-09 08:19 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-09 08:13 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\IGN_DLM 2007-08-08 13:03 --------- d-------- C:\Program Files\eMule 2007-08-01 17:06 --------- d-------- C:\Program Files\FST Calculator 2007-07-28 19:15 --------- d-------- C:\Program Files\Gpotato 2007-07-22 22:04 --------- d-------- C:\Program Files\Google 2007-07-09 17:52 --------- d-------- C:\Program Files\Winamp 2007-07-09 17:09 80 -r-hs---- C:\WINDOWS\system32\57906271A7.dll 2007-07-09 17:09 --------- d-------- C:\Program Files\Amond Software 2007-07-08 09:34 --------- d-------- C:\Program Files\Activision 2007-07-05 17:50 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\Reno 911 Paintball 2007-06-30 18:33 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2007-06-29 19:37 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\NCH Swift Sound 2007-06-26 17:26 --------- d-------- C:\Program Files\TalkTalk 2007-06-26 17:26 --------- d-------- C:\Program Files\SupportSoft 2007-06-26 17:26 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-26 16:39 --------- d-------- C:\Program Files\Common Files\AVSMedia 2007-06-25 19:58 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\MSN6 2007-06-24 17:51 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\Hewlett-Packard 2007-06-24 09:26 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(3).sys 2007-06-21 16:27 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(4).sys 2007-06-20 17:21 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(5).sys 2007-06-19 17:04 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(2).sys 2007-06-13 21:24 --------- d-------- C:\Program Files\Canon 2007-06-11 22:15 203264 --a------ C:\WINDOWS\system32\MCW32.DLL 2007-06-07 22:17 876032 --a------ C:\WINDOWS\system32\VFP6RENU.DLL 2007-06-07 22:17 69632 --a------ C:\WINDOWS\system32\DZSTACTX.DLL 2007-06-07 22:17 6656 --a------ C:\WINDOWS\system32\FOXHHELPPS.DLL 2007-06-07 22:17 61440 --a------ C:\WINDOWS\system32\WWIPSTUF.DLL 2007-06-07 22:17 3373328 --a------ C:\WINDOWS\system32\VFP6R.DLL 2007-06-07 22:17 26112 --a------ C:\WINDOWS\system32\FOXHHELP.EXE 2007-06-07 22:17 24990 --a------ C:\WINDOWS\system32\VFP6RUN.EXE 2007-06-07 22:17 249856 --a------ C:\WINDOWS\system32\DZACTX.DLL 2007-06-07 22:17 229376 --a------ C:\WINDOWS\system32\DUZACTX.DLL 2007-06-07 22:17 120056 --a------ C:\WINDOWS\system32\PINGX.DLL 2007-06-07 22:17 118784 --a------ C:\WINDOWS\system32\RASX.DLL 2007-05-16 16:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 16:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 16:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 16:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 16:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 09:34] "nForce Tray Options"="sstray.exe" [2002-12-05 13:23 C:\WINDOWS\system32\sstray.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-25 01:00] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 C:\WINDOWS\system32\bthprops.cpl] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [2005-08-16 00:12] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-08 19:52] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57] "Chronograph"="C:\Program Files\Chronograph\chrono.exe" [2007-04-24 22:38] C:\Documents and Settings\Joshua\Start Menu\Programs\Startup\ OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 17:45:48] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-02-10 15:11:08] hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 0258] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisallowRun"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mszsrn32] R3 NVENET;NVIDIA nForce MCP Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys S2 Install Driver Table Manager;Install Driver Manager;"C:\WINDOWS\wpablan.exe" S2 MsaSvc;Microsoft authenticate service;C:\WINDOWS\System32\msasvc.exe S3 dump_wmimmc;dump_wmimmc;\??\C:\Program Files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys S3 spydetector;spydetector;\??\C:\Program Files\Spyware Process Detector\spydetector.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44dba336-afc9-11db-b938-0090d0a67f28}] AutoRun\command- Don't_Tell_The_Professionals!_-_CD1.exe Contents of the 'Scheduled Tasks' folder 2007-08-12 17:24:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 2007-05-17 14:45:05 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1168357262.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe 2007-04-27 2314 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-12 18:53:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-12 18:55:43 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-12 18:55 --- E O F ---

08-12-2007, 10:59 AM	#5 (permalink)
Mortson Registered User Join Date: Aug 2007 Posts: 44 OS: XP Home	Re: Win32/Rustock.gen!C help needed please!!! HijackThis log below: Logfile of HijackThis v1.99.1 Scan saved at 18:59:31, on 12/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\sstray.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\TalkTalk\bin\sprtcmd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\hjk\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8eb85512b2344245b17926c4bbee6551 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8eb85512b2344245b17926c4bbee6551 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joshua\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Homepage - {25D93640-EFB4-4335-B0C9-8189D26504CA} - http://bt.yahoo.com (file missing) (HKCU) O9 - Extra button: BT - {7EA563BC-0C67-4487-AB4D-6FF2E1EBE9F8} - http://www.bt.com (file missing) (HKCU) O16 - DPF: Yahoo! Blackjack - http://download2.games.yahoo.com/gam...ts/y/jt0_x.cab O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/gam...ts/y/ct5_x.cab O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/gam...ts/y/ht1_x.cab O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/gam...ts/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/gam...s/y/poti_x.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/m...s/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1168724651500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168805068015 O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/...y4LotTeleX.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport...ScapeTeleX.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe (file missing) O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

08-12-2007, 11:01 AM	#6 (permalink)
Mortson Registered User Join Date: Aug 2007 Posts: 44 OS: XP Home	Re: Win32/Rustock.gen!C help needed please!!! Uninstall list below: Acoustica Effects Pack Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Reader 8.1.0 Adobe Shockwave Player Amond 3GP Video Converter V1.2.4 AoA Audio Extractor 1.0 Arcane Light Messenger Tools 4.1 ATI Display Driver AVG Anti-Spyware 7.5 AVG Free Edition Canon Camera Support Core Library Canon Camera Window for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MovieEdit Task for ZoomBrowser EX Canon PhotoRecord Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities PhotoStitch 3.1 Canon Utilities ZoomBrowser EX Chronograph 6.20 CRB PowerSystem CRB PowerSystem software for TESS DJ Twist & Burn Download Manager 2.3.6 eMule eSignal FST Calculator GameShadow HijackThis 1.99.1 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) hp instant support HP Memories Disc HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers HP Photo and Imaging 2.0 - hp psc 1100 series hp psc 1100 series Investor Ease for Windows J2SE Runtime Environment 5.0 Update 11 Java 2 Runtime Environment, SE v1.4.2_03 Java(TM) 6 Update 2 Java(TM) SE Runtime Environment 6 Update 1 Map Button (Windows Live Toolbar) Messenger Plus! Live MetaTrader 4.00 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Media Content Microsoft Office XP Professional Microsoft Publisher 2002 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Windows Journal Viewer Mozilla Firefox (2.0.0.6) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 Parser and SDK MSXML4 Parser NetHelp NVIDIA nForce Utilities NVIDIA Windows 2000/XP nForce Drivers OneCare Advisor (Windows Live Toolbar) OpenOffice.org 2.1 Popup Blocker (Windows Live Toolbar) Prism QuickTime RealPlayer Rome - Total War(TM) Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) SigmaTel MSCN Audio Player Smart Menus (Windows Live Toolbar) SpeedTouch USB Software Spybot - Search & Destroy 1.4 Tabbed Browsing (Windows Live Toolbar) TalkTalk Assist & Go TOSHIBA Bluetooth Stack for Windows by CSR and Apache Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB914882) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB931836) WavePad Uninstall Windows Installer 3.1 (KB893803) Windows Live Favorites for Windows Live Toolbar Windows Live Messenger Windows Live OneCare safety scanner Windows Live Outlook Toolbar (Windows Live Toolbar) Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Toolbar Windows Live Toolbar Extension (Windows Live Toolbar) Windows Live Toolbar Feed Detector (Windows Live Toolbar) Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 WinRAR archiver YouTube Video Downloader V2.0 ZoneAlarm

08-12-2007, 11:55 AM	#9 (permalink)
Mortson Registered User Join Date: Aug 2007 Posts: 44 OS: XP Home	Re: Win32/Rustock.gen!C help needed please!!! I sent you the file you requested. Latest HijackThis scan below: Logfile of HijackThis v1.99.1 Scan saved at 19:55:29, on 12/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\sstray.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\TalkTalk\bin\sprtcmd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\hjk\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8eb85512b2344245b17926c4bbee6551 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8eb85512b2344245b17926c4bbee6551 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joshua\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Homepage - {25D93640-EFB4-4335-B0C9-8189D26504CA} - http://bt.yahoo.com (file missing) (HKCU) O9 - Extra button: BT - {7EA563BC-0C67-4487-AB4D-6FF2E1EBE9F8} - http://www.bt.com (file missing) (HKCU) O16 - DPF: Yahoo! Blackjack - http://download2.games.yahoo.com/gam...ts/y/jt0_x.cab O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/gam...ts/y/ct5_x.cab O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/gam...ts/y/ht1_x.cab O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/gam...ts/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/gam...s/y/poti_x.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/m...s/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1168724651500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168805068015 O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/...y4LotTeleX.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport...ScapeTeleX.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe (file missing) O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

08-12-2007, 01:06 PM	#10 (permalink)
Mortson Registered User Join Date: Aug 2007 Posts: 44 OS: XP Home	Re: Win32/Rustock.gen!C help needed please!!! Will pick this up tomorrow. Thanks for the help so far. __________________ Currently Playing: CS: Source; CM 2008; GuildWars: Prophecies and Nightfall; AOE II (rave); FlyFF

08-12-2007, 03:10 PM	#11 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 32,560 OS: 2000 Pro; XP Pro; XP Home	Re: Win32/Rustock.gen!C help needed please!!! Hello - You should also post the most recent ComboFix log. It's located at C:\ComboFix.txt Is Windows Live OneCare still alerting you to Rustock? I would think not....but I'd like for you to tell me. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

08-13-2007, 12:13 AM	#12 (permalink)
Mortson Registered User Join Date: Aug 2007 Posts: 44 OS: XP Home	Re: Win32/Rustock.gen!C help needed please!!! OneCare only alerts me when the computer crashes and the computer hasn't crashed since before I started the thread. I sent you a file like you said but in your previous post you said you wanted the last ComboFix log so here it is. ComboFix 07-08-12.5 - "Joshua" 2007-08-12 18:50:24.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.227 [GMT 1:00] ADS removed - system32: deleted 55004 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\FTPx.dll ((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 ))))))))))))))))))))))))))))))) 2007-08-12 18:44 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-09 08:20 <DIR> d-------- C:\Program Files\Arcane Light Messenger Tools 4.1 2007-08-09 08:19 <DIR> d-------- C:\Program Files\Download Manager 2007-08-08 12:17 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(6).sys 2007-08-08 09:10 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(7).sys 2007-08-08 07:55 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(8).sys 2007-08-07 08:59 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(9).sys 2007-08-04 18:18 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(10).sys 2007-08-04 13:53 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(11).sys 2007-08-04 10:51 5,505,024 --a------ C:\DOCUME~1\Joshua\ntuser.dat 2007-08-01 07:13 <DIR> d-------- C:\Program Files\AoA Audio Extractor 2007-07-28 18:57 <DIR> d-------- C:\WINDOWS\.jagex_cache_32 2007-07-28 16:28 <DIR> d-------- C:\Program Files\NCH Software 2007-07-28 16:16 <DIR> d-------- C:\Program Files\YouTube Video Downloader 2007-07-19 21:44 <DIR> d-------- C:\Program Files\Chronograph 2007-07-16 19:04 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-07-16 19:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-07-16 19:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-07-12 07:24 <DIR> d-------- C:\Program Files\AnalogX 2007-07-12 07:19 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll 2007-07-12 07:19 <DIR> d-------- C:\Program Files\Acoustica Shared Effects 2007-07-12 07:19 <DIR> d-------- C:\Program Files\Acoustica DJ Twist And Burn 2007-07-12 07:19 <DIR> d-------- C:\DOCUME~1\Joshua\APPLIC~1\Acoustica 2007-07-12 07:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-12 18:54 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\OpenOffice.org2 2007-08-12 17:00 --------- d-------- C:\Program Files\Windows Live Safety Center 2007-08-10 21:57 --------- d-------- C:\Program Files\CRB 2007-08-09 18:00 --------- d-------- C:\Program Files\NCH Swift Sound 2007-08-09 10:08 --------- d-------- C:\Program Files\GameSpy Arcade 2007-08-09 08:19 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-09 08:13 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\IGN_DLM 2007-08-08 13:03 --------- d-------- C:\Program Files\eMule 2007-08-01 17:06 --------- d-------- C:\Program Files\FST Calculator 2007-07-28 19:15 --------- d-------- C:\Program Files\Gpotato 2007-07-22 22:04 --------- d-------- C:\Program Files\Google 2007-07-09 17:52 --------- d-------- C:\Program Files\Winamp 2007-07-09 17:09 80 -r-hs---- C:\WINDOWS\system32\57906271A7.dll 2007-07-09 17:09 --------- d-------- C:\Program Files\Amond Software 2007-07-08 09:34 --------- d-------- C:\Program Files\Activision 2007-07-05 17:50 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\Reno 911 Paintball 2007-06-30 18:33 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2007-06-29 19:37 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\NCH Swift Sound 2007-06-26 17:26 --------- d-------- C:\Program Files\TalkTalk 2007-06-26 17:26 --------- d-------- C:\Program Files\SupportSoft 2007-06-26 17:26 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-26 16:39 --------- d-------- C:\Program Files\Common Files\AVSMedia 2007-06-25 19:58 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\MSN6 2007-06-24 17:51 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\Hewlett-Packard 2007-06-24 09:26 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(3).sys 2007-06-21 16:27 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(4).sys 2007-06-20 17:21 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(5).sys 2007-06-19 17:04 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(2).sys 2007-06-13 21:24 --------- d-------- C:\Program Files\Canon 2007-06-11 22:15 203264 --a------ C:\WINDOWS\system32\MCW32.DLL 2007-06-07 22:17 876032 --a------ C:\WINDOWS\system32\VFP6RENU.DLL 2007-06-07 22:17 69632 --a------ C:\WINDOWS\system32\DZSTACTX.DLL 2007-06-07 22:17 6656 --a------ C:\WINDOWS\system32\FOXHHELPPS.DLL 2007-06-07 22:17 61440 --a------ C:\WINDOWS\system32\WWIPSTUF.DLL 2007-06-07 22:17 3373328 --a------ C:\WINDOWS\system32\VFP6R.DLL 2007-06-07 22:17 26112 --a------ C:\WINDOWS\system32\FOXHHELP.EXE 2007-06-07 22:17 24990 --a------ C:\WINDOWS\system32\VFP6RUN.EXE 2007-06-07 22:17 249856 --a------ C:\WINDOWS\system32\DZACTX.DLL 2007-06-07 22:17 229376 --a------ C:\WINDOWS\system32\DUZACTX.DLL 2007-06-07 22:17 120056 --a------ C:\WINDOWS\system32\PINGX.DLL 2007-06-07 22:17 118784 --a------ C:\WINDOWS\system32\RASX.DLL 2007-05-16 16:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 16:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 16:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 16:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 16:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 09:34] "nForce Tray Options"="sstray.exe" [2002-12-05 13:23 C:\WINDOWS\system32\sstray.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-25 01:00] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 C:\WINDOWS\system32\bthprops.cpl] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [2005-08-16 00:12] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-08 19:52] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57] "Chronograph"="C:\Program Files\Chronograph\chrono.exe" [2007-04-24 22:38] C:\Documents and Settings\Joshua\Start Menu\Programs\Startup\ OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 17:45:48] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-02-10 15:11:08] hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 0258] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisallowRun"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mszsrn32] R3 NVENET;NVIDIA nForce MCP Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys S2 Install Driver Table Manager;Install Driver Manager;"C:\WINDOWS\wpablan.exe" S2 MsaSvc;Microsoft authenticate service;C:\WINDOWS\System32\msasvc.exe S3 dump_wmimmc;dump_wmimmc;\??\C:\Program Files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys S3 spydetector;spydetector;\??\C:\Program Files\Spyware Process Detector\spydetector.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44dba336-afc9-11db-b938-0090d0a67f28}] AutoRun\command- Don't_Tell_The_Professionals!_-_CD1.exe Contents of the 'Scheduled Tasks' folder 2007-08-12 17:24:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 2007-05-17 14:45:05 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1168357262.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe 2007-04-27 2314 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-12 18:53:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-12 18:55:43 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-12 18:55 --- E O F --- __________________ Currently Playing: CS: Source; CM 2008; GuildWars: Prophecies and Nightfall; AOE II (rave); FlyFF

08-13-2007, 08:11 AM	#13 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 32,560 OS: 2000 Pro; XP Pro; XP Home	Re: Win32/Rustock.gen!C help needed please!!! Sorry, but I'm a bit perplexed. If you ran the instructions in Post #7, which it appears as though you did, because I did receive the file submisson, there should have been produced a different ComboFix log. The one you just posted is the very same as the first one. Both have the same time stamp. "Joshua" 2007-08-12 18:50:24.1 Did you happen to save the second log as something else? You should have ComboFix.txt and ComboFix2.txt now. It is ComboFix.txt I'd like to see, this is just to confirm some things for me, but we can work without it if need be. At any rate...if you can find it, I'd like to see it. Let's do this now... I see you have AVG Anti-Spyware already. Please update it's definitions, and run a scan where I have placed it in this fix. Run AVG Anti-Spyware From the main screen, click on update, then click the Start update button. After the update finishes (the status bar at the bottom will display "Update successful") select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Do Not Automatically generate report after every scan" Exit AVG Anti-Spyware. DO NOT scan yet. --------------------------------------------------------------------------------------------- Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. --------------------------------------------------------------------------------------------- Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). Restart in normal mode. --------------------------------------------------------------------------------------------- Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the licence, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

08-13-2007, 09:03 AM	#14 (permalink)
Mortson Registered User Join Date: Aug 2007 Posts: 44 OS: XP Home	Re: Win32/Rustock.gen!C help needed please!!! Ah sorry. I posted CF2.txt last time. Here is CF.txt. ComboFix 07-08-12.5 - "Joshua" 2007-08-12 19:47:06.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.155 [GMT 1:00] Command switches used :: C:\Documents and Settings\Joshua\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\System32\msasvc.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_MSASVC -------\MsaSvc ((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 ))))))))))))))))))))))))))))))) 2007-08-12 18:44 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-09 08:20 <DIR> d-------- C:\Program Files\Arcane Light Messenger Tools 4.1 2007-08-09 08:19 <DIR> d-------- C:\Program Files\Download Manager 2007-08-08 12:17 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(6).sys 2007-08-08 09:10 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(7).sys 2007-08-08 07:55 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(8).sys 2007-08-07 08:59 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(9).sys 2007-08-04 18:18 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(10).sys 2007-08-04 13:53 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(11).sys 2007-08-04 10:51 5,505,024 --a------ C:\DOCUME~1\Joshua\ntuser.dat 2007-08-01 07:13 <DIR> d-------- C:\Program Files\AoA Audio Extractor 2007-07-28 18:57 <DIR> d-------- C:\WINDOWS\.jagex_cache_32 2007-07-28 16:28 <DIR> d-------- C:\Program Files\NCH Software 2007-07-28 16:16 <DIR> d-------- C:\Program Files\YouTube Video Downloader 2007-07-19 21:44 <DIR> d-------- C:\Program Files\Chronograph 2007-07-16 19:04 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-07-16 19:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-07-16 19:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-07-12 07:24 <DIR> d-------- C:\Program Files\AnalogX 2007-07-12 07:19 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll 2007-07-12 07:19 <DIR> d-------- C:\Program Files\Acoustica Shared Effects 2007-07-12 07:19 <DIR> d-------- C:\Program Files\Acoustica DJ Twist And Burn 2007-07-12 07:19 <DIR> d-------- C:\DOCUME~1\Joshua\APPLIC~1\Acoustica 2007-07-12 07:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-12 19:52 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\OpenOffice.org2 2007-08-12 17:00 --------- d-------- C:\Program Files\Windows Live Safety Center 2007-08-10 21:57 --------- d-------- C:\Program Files\CRB 2007-08-09 18:00 --------- d-------- C:\Program Files\NCH Swift Sound 2007-08-09 10:08 --------- d-------- C:\Program Files\GameSpy Arcade 2007-08-09 08:19 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-09 08:13 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\IGN_DLM 2007-08-08 13:03 --------- d-------- C:\Program Files\eMule 2007-08-01 17:06 --------- d-------- C:\Program Files\FST Calculator 2007-07-28 19:15 --------- d-------- C:\Program Files\Gpotato 2007-07-22 22:04 --------- d-------- C:\Program Files\Google 2007-07-09 17:52 --------- d-------- C:\Program Files\Winamp 2007-07-09 17:09 80 -r-hs---- C:\WINDOWS\system32\57906271A7.dll 2007-07-09 17:09 --------- d-------- C:\Program Files\Amond Software 2007-07-08 09:34 --------- d-------- C:\Program Files\Activision 2007-07-05 17:50 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\Reno 911 Paintball 2007-06-30 18:33 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2007-06-29 19:37 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\NCH Swift Sound 2007-06-26 17:26 --------- d-------- C:\Program Files\TalkTalk 2007-06-26 17:26 --------- d-------- C:\Program Files\SupportSoft 2007-06-26 17:26 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-26 16:39 --------- d-------- C:\Program Files\Common Files\AVSMedia 2007-06-25 19:58 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\MSN6 2007-06-24 17:51 --------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\Hewlett-Packard 2007-06-24 09:26 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(3).sys 2007-06-21 16:27 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(4).sys 2007-06-20 17:21 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(5).sys 2007-06-19 17:04 0 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc(2).sys 2007-06-13 21:24 --------- d-------- C:\Program Files\Canon 2007-06-11 22:15 203264 --a------ C:\WINDOWS\system32\MCW32.DLL 2007-06-07 22:17 876032 --a------ C:\WINDOWS\system32\VFP6RENU.DLL 2007-06-07 22:17 69632 --a------ C:\WINDOWS\system32\DZSTACTX.DLL 2007-06-07 22:17 6656 --a------ C:\WINDOWS\system32\FOXHHELPPS.DLL 2007-06-07 22:17 61440 --a------ C:\WINDOWS\system32\WWIPSTUF.DLL 2007-06-07 22:17 3373328 --a------ C:\WINDOWS\system32\VFP6R.DLL 2007-06-07 22:17 26112 --a------ C:\WINDOWS\system32\FOXHHELP.EXE 2007-06-07 22:17 24990 --a------ C:\WINDOWS\system32\VFP6RUN.EXE 2007-06-07 22:17 249856 --a------ C:\WINDOWS\system32\DZACTX.DLL 2007-06-07 22:17 229376 --a------ C:\WINDOWS\system32\DUZACTX.DLL 2007-06-07 22:17 120056 --a------ C:\WINDOWS\system32\PINGX.DLL 2007-06-07 22:17 118784 --a------ C:\WINDOWS\system32\RASX.DLL 2007-05-16 16:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 16:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 16:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 16:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 16:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 09:34] "nForce Tray Options"="sstray.exe" [2002-12-05 13:23 C:\WINDOWS\system32\sstray.exe] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-25 01:00] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 C:\WINDOWS\system32\bthprops.cpl] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [2005-08-16 00:12] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-08 19:52] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57] "Chronograph"="C:\Program Files\Chronograph\chrono.exe" [2007-04-24 22:38] C:\Documents and Settings\Joshua\Start Menu\Programs\Startup\ OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 17:45:48] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-02-10 15:11:08] hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 0258] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisallowRun"=1 (0x1) R3 NVENET;NVIDIA nForce MCP Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys S2 Install Driver Table Manager;Install Driver Manager;"C:\WINDOWS\wpablan.exe" S3 dump_wmimmc;dump_wmimmc;\??\C:\Program Files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys S3 spydetector;spydetector;\??\C:\Program Files\Spyware Process Detector\spydetector.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44dba336-afc9-11db-b938-0090d0a67f28}] AutoRun\command- Don't_Tell_The_Professionals!_-_CD1.exe Contents of the 'Scheduled Tasks' folder 2007-08-12 18:24:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 2007-05-17 14:45:05 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1168357262.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe 2007-04-27 2314 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-12 19:51:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-12 19:53:14 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-12 19:53 C:\ComboFix2.txt ... 2007-08-12 18:55 --- E O F --- __________________ Currently Playing: CS: Source; CM 2008; GuildWars: Prophecies and Nightfall; AOE II (rave); FlyFF

08-13-2007, 10:04 AM	#15 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 32,560 OS: 2000 Pro; XP Pro; XP Home	Re: Win32/Rustock.gen!C help needed please!!! Very good...thanks. Please do continue with the steps outlined in my last post. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

08-13-2007, 11:47 PM	#16 (permalink)
Mortson Registered User Join Date: Aug 2007 Posts: 44 OS: XP Home	Re: Win32/Rustock.gen!C help needed please!!! Okay. AVG in safe mode finished and Kapersky is on 10% complete now. --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 18:48:30 13/08/2007 + Scan result: :mozilla.119:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.2o7 : No action taken. :mozilla.48:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.2o7 : No action taken. :mozilla.49:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.2o7 : No action taken. :mozilla.68:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Joshua\Cookies\joshua@2o7[2].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Joshua\Cookies\joshua@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Joshua\Cookies\joshua@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Joshua\Cookies\joshua@pandasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. :mozilla.27:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.28:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.29:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.93:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.94:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.98:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.99:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.159:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Adtech : No action taken. :mozilla.160:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Adtech : No action taken. :mozilla.30:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.31:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.32:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.33:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.34:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.37:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Atdmt : No action taken. :mozilla.69:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Atdmt : No action taken. C:\Documents and Settings\Sue\Cookies\sue@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. :mozilla.84:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Clickbank : No action taken. C:\Documents and Settings\Joshua\Cookies\joshua@com[1].txt -> TrackingCookie.Com : No action taken. :mozilla.54:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken. :mozilla.57:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken. C:\Documents and Settings\Sue\Cookies\sue@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. :mozilla.67:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Esomniture : No action taken. :mozilla.68:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Esomniture : No action taken. :mozilla.70:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Esomniture : No action taken. :mozilla.71:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Esomniture : No action taken. :mozilla.72:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\Sue\Cookies\sue@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken. :mozilla.89:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken. :mozilla.113:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Hitbox : No action taken. :mozilla.115:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Hitbox : No action taken. :mozilla.116:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Hitbox : No action taken. :mozilla.117:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Intelli-direct : No action taken. :mozilla.66:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken. C:\Documents and Settings\Sue\Cookies\sue@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken. :mozilla.62:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken. :mozilla.63:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken. :mozilla.462:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.463:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.61:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken. :mozilla.62:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken. :mozilla.63:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken. :mozilla.64:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken. :mozilla.65:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken. :mozilla.66:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken. C:\Documents and Settings\Sue\Cookies\sue@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken. C:\Documents and Settings\Sue\Cookies\sue@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken. :mozilla.108:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Sextracker : No action taken. :mozilla.95:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Statcounter : No action taken. :mozilla.96:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\eg7fz72h.default\cookies.txt -> TrackingCookie.Statcounter : No action taken. C:\Documents and Settings\Joshua\Cookies\joshua@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken. C:\Documents and Settings\Joshua\Cookies\joshua@m.webtrends[2].txt -> TrackingCookie.Webtrends : No action taken. C:\Documents and Settings\Sue\Cookies\sue@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken. :mozilla.25:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.26:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.35:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.36:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.37:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.38:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.39:C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\qc2vflrc.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. ::Report end __________________ Currently Playing: CS: Source; CM 2008; GuildWars: Prophecies and Nightfall; AOE II (rave); FlyFF

08-13-2007, 11:50 PM	#17 (permalink)
Mortson Registered User Join Date: Aug 2007 Posts: 44 OS: XP Home	Re: Win32/Rustock.gen!C help needed please!!! You will notice how it says no action taken for a lot of them. This is because I had to do a system restore before having a chance to delete them because something I had changed was denying access to the internet. Could you recommend a program that will stop trojans, viruses etc. into my computer? __________________ Currently Playing: CS: Source; CM 2008; GuildWars: Prophecies and Nightfall; AOE II (rave); FlyFF

08-13-2007, 11:50 PM	#18 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 32,560 OS: 2000 Pro; XP Pro; XP Home	Re: Win32/Rustock.gen!C help needed please!!! Did you by any chance save the log before applying all actions? Because as you can see, there was no action taken according to this log. No real big deal in this case, as they are all cookies, which we can remove other ways easily enough.... __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

08-13-2007, 11:55 PM	#19 (permalink)
Mortson Registered User Join Date: Aug 2007 Posts: 44 OS: XP Home	Re: Win32/Rustock.gen!C help needed please!!! Good point. Thats probably what I did. Kapersky is at 17% now. __________________ Currently Playing: CS: Source; CM 2008; GuildWars: Prophecies and Nightfall; AOE II (rave); FlyFF

08-13-2007, 11:58 PM	#20 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 32,560 OS: 2000 Pro; XP Pro; XP Home	Re: Win32/Rustock.gen!C help needed please!!! OK, thanks. We'll be sure to use other methods as well, to be sure we clear those cookies out. Kaspersky scan will take a while. I'll look for the log after I've grabbed some sleep. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.