Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

''Troj/Rustok-N' messages-hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

''Troj/Rustok-N' messages-hijackthis log

Unread postby bobgrem » April 28th, 2009, 1:03 pm

If anyone could help I would greatly appreciate it. I downloaded Spyware Doctor but cannot get it to run smart update (caused by virus?) to run a scan.

Thanks!
Bob

Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:27 PM, on 4/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\SysAgent\SysAgent.exe
C:\WINDOWS\system32\DeltTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\ATT Internet Tools\blsloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.merlinman.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\ATT Internet Tools\blspc.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {C21549AF-A87E-4057-B59D-B3591E5E0360} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SysAgent] C:\SysAgent\SysAgent.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4800 Series on A] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P36 "Auto EPSON Stylus CX4800 Series on A" /O30 "\\A\EPSON Stylus CX4800 Series" /M "Stylus CX4800"
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\ATT Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1661173984
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1831980593
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ ... s-i586.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC3E21E9-7AB9-4DD4-82FB-96BF51A6D456}: NameServer = 85.255.112.170,85.255.112.235
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.170,85.255.112.235
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.112.170,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.170,85.255.112.235
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 15355 bytes
bobgrem
Regular Member
 
Posts: 37
Joined: April 28th, 2009, 12:53 pm
Advertisement
Register to Remove

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby Wi[k]! » April 28th, 2009, 4:23 pm

Hello and welcome to the forums :hello2:

  • Start HijackThis.
  • Click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Click Save list...
  • Save the list to your desktop, or any other convenient place.

Post that in your next reply.
Wi[k]!
MRU Undergrad
MRU Undergrad
 
Posts: 554
Joined: August 4th, 2008, 9:49 am

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby bobgrem » April 28th, 2009, 4:42 pm

Thank you for the quick reply!

Here is the uninstall list from hijack this:

Acrobat.com
Acrobat.com
Active Disk
Adobe AIR
Adobe AIR
Adobe Download Manager (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Allegro 2001
ArcSoft PhotoImpression 5
AT&T Pop-Up Catcher
AT&T Toolbar
ATI Control Panel
ATI Display Driver
Audacity 1.2.4
Belkin 54g USB Network Adapter
Blaze Media Pro
Classic PhoneTools
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Modem-On-Hold
Dell Movie Studio Diagnostics
Dell Picture Studio - Dell Image Expert
Dell ResourceCD
Dell Solution Center
Dell Support
Dell Support Center (Support Software)
DellSupport
Delta
Digital Line Detect
DiscWizard for Windows
DivX 5.0.2 Bundle
DivX Codec 3.1alpha release
DreamStation DXi2
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDSentry
Easy CD Creator 5 Basic
EO Video 1.31
EPSON CX 4200 4800 Guide
EPSON Printer Software
EPSON Scan
Exact Audio Copy 0.95b4
Free Easy Burner V 3.8
Google Toolbar for Internet Explorer
HeroCodec
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 3
Juno
Malware Avenger 1.0 Build 08320
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MediaMonkey 3.0
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo 2002
Microsoft PowerPoint Viewer 97
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla (1.2.1)
Mozilla Firefox (3.0.9)
MSN Music Assistant
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Musicmatch® Jukebox
MyDVD
Nero 6
Paint Shop Pro 7 Anniversary Edition
Pinnacle Express
PowerDVD
Presto! ImageFolio LE
Presto! PageManager
Presto! PageType
Presto! PhotoAlbum
QuickTime
QuickVCD Player v3.0
RealPlayer
RealWorld Eve
Recover My Files
Rhapsody Player Engine
Roxio VideoWave Movie Creator
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Shockwave
Sonic Foundry ACID 2.0d
Sonic Foundry Express FX 1
Sonic Foundry Express FX 2
Sound Blaster Live!
Spyware Doctor 6.0
System Agent
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player (Remove Only)
VistaShuttle
VLC media player 0.9.8a
WD Diagnostics
WG111 Smart Wizard
Windows Defender
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB810217
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
bobgrem
Regular Member
 
Posts: 37
Joined: April 28th, 2009, 12:53 pm

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby bobgrem » April 29th, 2009, 3:08 pm

Also, when i run a search on google, I get redirected to btcar.com.

Thanks,
Bob
bobgrem
Regular Member
 
Posts: 37
Joined: April 28th, 2009, 12:53 pm

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby Wi[k]! » April 30th, 2009, 2:11 pm

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. This includes: Windows defender, McAfee, and Spyware Doctor.

Please include the C:\ComboFix.txt in your next reply for further review.
--------------------------------------------------

I also see you have malwarebytes installed. Open up the program > update to get the latest definitions > perform a quick scan. Post that in your next reply.

Include the following in your next post:

combofix.txt
malwarebytes log
New HJT log
Wi[k]!
MRU Undergrad
MRU Undergrad
 
Posts: 554
Joined: August 4th, 2008, 9:49 am

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby bobgrem » April 30th, 2009, 5:54 pm

Here are the three requested log files. After we get this remedied I would really appreciate some advice. About 6 months ago I started AT&T broadband which came with free McAfee. They said that was all the protection I needed (obviously not) so that’s what I did, except I kept up with Windows Defender. (After I started having trouble I started downloading a bunch of anti-malware/spyware programs.) I used to run AVG along with Ad-aware, spybot, Defender and something else. My question is what, in addition to McAfee, should I be using to be protected?
Thanks for all your help!
Bob


Here is the combofix log.txt:

ComboFix 09-04-29.07 - Bob 04/30/2009 14:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.153 [GMT -4:00]
Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\recycler\S-8-9-54-100025600-100011949-100019782-8204.com
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\_002762_.tmp.dll
c:\windows\system32\_002763_.tmp.dll
c:\windows\system32\_002764_.tmp.dll
c:\windows\system32\_002765_.tmp.dll
c:\windows\system32\_002772_.tmp.dll
c:\windows\system32\_002773_.tmp.dll
c:\windows\system32\_002774_.tmp.dll
c:\windows\system32\_002775_.tmp.dll
c:\windows\system32\_002776_.tmp.dll
c:\windows\system32\_002777_.tmp.dll
c:\windows\system32\_002778_.tmp.dll
c:\windows\system32\_002779_.tmp.dll
c:\windows\system32\_002780_.tmp.dll
c:\windows\system32\_002781_.tmp.dll
c:\windows\system32\_002782_.tmp.dll
c:\windows\system32\_002783_.tmp.dll
c:\windows\system32\_002784_.tmp.dll
c:\windows\system32\_002785_.tmp.dll
c:\windows\system32\_002786_.tmp.dll
c:\windows\system32\_002787_.tmp.dll
c:\windows\system32\_002788_.tmp.dll
c:\windows\system32\_002789_.tmp.dll
c:\windows\system32\_002790_.tmp.dll
c:\windows\system32\_002791_.tmp.dll
c:\windows\system32\_002792_.tmp.dll
c:\windows\system32\_002795_.tmp.dll
c:\windows\system32\_002796_.tmp.dll
c:\windows\system32\_002797_.tmp.dll
c:\windows\system32\_002798_.tmp.dll
c:\windows\system32\_002799_.tmp.dll
c:\windows\system32\_002800_.tmp.dll
c:\windows\system32\_002801_.tmp.dll
c:\windows\system32\_002802_.tmp.dll
c:\windows\system32\_002803_.tmp.dll
c:\windows\system32\_002804_.tmp.dll
c:\windows\system32\_002805_.tmp.dll
c:\windows\system32\_002806_.tmp.dll
c:\windows\system32\_002807_.tmp.dll
c:\windows\system32\_002808_.tmp.dll
c:\windows\system32\_002809_.tmp.dll
c:\windows\system32\_002810_.tmp.dll
c:\windows\system32\_002811_.tmp.dll
c:\windows\system32\_002812_.tmp.dll
c:\windows\system32\_002813_.tmp.dll
c:\windows\system32\_002814_.tmp.dll
c:\windows\system32\_002815_.tmp.dll
c:\windows\system32\_002816_.tmp.dll
c:\windows\system32\_002817_.tmp.dll
c:\windows\system32\_002818_.tmp.dll
c:\windows\system32\_002819_.tmp.dll
c:\windows\system32\_002820_.tmp.dll
c:\windows\system32\_002821_.tmp.dll
c:\windows\system32\_002822_.tmp.dll
c:\windows\system32\_002823_.tmp.dll
c:\windows\system32\_002824_.tmp.dll
c:\windows\system32\_002825_.tmp.dll
c:\windows\system32\_002826_.tmp.dll
c:\windows\system32\_002827_.tmp.dll
c:\windows\system32\_002828_.tmp.dll
c:\windows\system32\_002829_.tmp.dll
c:\windows\system32\_002830_.tmp.dll
c:\windows\system32\_002831_.tmp.dll
c:\windows\system32\_002832_.tmp.dll
c:\windows\system32\_002833_.tmp.dll
c:\windows\system32\_002834_.tmp.dll
c:\windows\system32\_002835_.tmp.dll
c:\windows\system32\_002836_.tmp.dll
c:\windows\system32\_002837_.tmp.dll
c:\windows\system32\_002838_.tmp.dll
c:\windows\system32\_002839_.tmp.dll
c:\windows\system32\_002840_.tmp.dll
c:\windows\system32\_002841_.tmp.dll
c:\windows\system32\_002842_.tmp.dll
c:\windows\system32\_002843_.tmp.dll
c:\windows\system32\_002844_.tmp.dll
c:\windows\system32\_002845_.tmp.dll
c:\windows\system32\_002846_.tmp.dll
c:\windows\system32\_002847_.tmp.dll
c:\windows\system32\_002848_.tmp.dll
c:\windows\system32\_002849_.tmp.dll
c:\windows\system32\_002850_.tmp.dll
c:\windows\system32\_002851_.tmp.dll
c:\windows\system32\_002852_.tmp.dll
c:\windows\system32\_002854_.tmp.dll
c:\windows\system32\_002856_.tmp.dll
c:\windows\system32\_002857_.tmp.dll
c:\windows\system32\_002858_.tmp.dll
c:\windows\system32\_002859_.tmp.dll
c:\windows\system32\_002860_.tmp.dll
c:\windows\system32\_002861_.tmp.dll
c:\windows\system32\_002862_.tmp.dll
c:\windows\system32\_002863_.tmp.dll
c:\windows\system32\_002865_.tmp.dll
c:\windows\system32\_002866_.tmp.dll
c:\windows\system32\_002867_.tmp.dll
c:\windows\system32\_002868_.tmp.dll
c:\windows\system32\_002869_.tmp.dll
c:\windows\system32\_002871_.tmp.dll
c:\windows\system32\_002873_.tmp.dll
c:\windows\system32\_002874_.tmp.dll
c:\windows\system32\_002875_.tmp.dll
c:\windows\system32\_002876_.tmp.dll
c:\windows\system32\_002877_.tmp.dll
c:\windows\system32\_002878_.tmp.dll
c:\windows\system32\_002879_.tmp.dll
c:\windows\system32\_002881_.tmp.dll
c:\windows\system32\_002882_.tmp.dll
c:\windows\system32\_002883_.tmp.dll
c:\windows\system32\_002884_.tmp.dll
c:\windows\system32\_002885_.tmp.dll
c:\windows\system32\_002886_.tmp.dll
c:\windows\system32\_002887_.tmp.dll
c:\windows\system32\_002888_.tmp.dll
c:\windows\system32\_002889_.tmp.dll
c:\windows\system32\_002890_.tmp.dll
c:\windows\system32\_002891_.tmp.dll
c:\windows\system32\_002892_.tmp.dll
c:\windows\system32\_002893_.tmp.dll
c:\windows\system32\_002894_.tmp.dll
c:\windows\system32\_002895_.tmp.dll
c:\windows\system32\_002897_.tmp.dll
c:\windows\system32\_002898_.tmp.dll
c:\windows\system32\_002899_.tmp.dll
c:\windows\system32\_002900_.tmp.dll
c:\windows\system32\_002902_.tmp.dll
c:\windows\system32\_002904_.tmp.dll
c:\windows\system32\_002905_.tmp.dll
c:\windows\system32\_002906_.tmp.dll
c:\windows\system32\_002907_.tmp.dll
c:\windows\system32\_002908_.tmp.dll
c:\windows\system32\_002909_.tmp.dll
c:\windows\system32\_002910_.tmp.dll
c:\windows\system32\_002912_.tmp.dll
c:\windows\system32\_002913_.tmp.dll
c:\windows\system32\_002914_.tmp.dll
c:\windows\system32\_002915_.tmp.dll
c:\windows\system32\_002916_.tmp.dll
c:\windows\system32\_002917_.tmp.dll
c:\windows\system32\_002918_.tmp.dll
c:\windows\system32\_002920_.tmp.dll
c:\windows\system32\_002922_.tmp.dll
c:\windows\system32\_002924_.tmp.dll
c:\windows\system32\_002925_.tmp.dll
c:\windows\system32\_002926_.tmp.dll
c:\windows\system32\_002927_.tmp.dll
c:\windows\system32\_002931_.tmp.dll
c:\windows\system32\_002932_.tmp.dll
c:\windows\system32\_002934_.tmp.dll
c:\windows\system32\_002937_.tmp.dll
c:\windows\system32\_002939_.tmp.dll
c:\windows\system32\_002940_.tmp.dll
c:\windows\system32\_002941_.tmp.dll
c:\windows\system32\_002942_.tmp.dll
c:\windows\system32\_002945_.tmp.dll
c:\windows\system32\_002947_.tmp.dll
c:\windows\system32\_002948_.tmp.dll
c:\windows\system32\_002949_.tmp.dll
c:\windows\system32\_002954_.tmp.dll
c:\windows\system32\_002956_.tmp.dll
c:\windows\system32\_002957_.tmp.dll
c:\windows\system32\_003754_.tmp.dll
c:\windows\system32\_003755_.tmp.dll
c:\windows\system32\_003756_.tmp.dll
c:\windows\system32\_003757_.tmp.dll
c:\windows\system32\_003764_.tmp.dll
c:\windows\system32\_003765_.tmp.dll
c:\windows\system32\_003766_.tmp.dll
c:\windows\system32\_003767_.tmp.dll
c:\windows\system32\_003768_.tmp.dll
c:\windows\system32\_003769_.tmp.dll
c:\windows\system32\_003770_.tmp.dll
c:\windows\system32\_003771_.tmp.dll
c:\windows\system32\_003772_.tmp.dll
c:\windows\system32\_003773_.tmp.dll
c:\windows\system32\_003774_.tmp.dll
c:\windows\system32\_003775_.tmp.dll
c:\windows\system32\_003776_.tmp.dll
c:\windows\system32\_003777_.tmp.dll
c:\windows\system32\_003778_.tmp.dll
c:\windows\system32\_003779_.tmp.dll
c:\windows\system32\_003780_.tmp.dll
c:\windows\system32\_003781_.tmp.dll
c:\windows\system32\_003782_.tmp.dll
c:\windows\system32\_003783_.tmp.dll
c:\windows\system32\_003784_.tmp.dll
c:\windows\system32\_003785_.tmp.dll
c:\windows\system32\_003786_.tmp.dll
c:\windows\system32\_003787_.tmp.dll
c:\windows\system32\_003788_.tmp.dll
c:\windows\system32\_003789_.tmp.dll
c:\windows\system32\_003790_.tmp.dll
c:\windows\system32\_003791_.tmp.dll
c:\windows\system32\_003792_.tmp.dll
c:\windows\system32\_003793_.tmp.dll
c:\windows\system32\_003794_.tmp.dll
c:\windows\system32\_003795_.tmp.dll
c:\windows\system32\_003796_.tmp.dll
c:\windows\system32\_003797_.tmp.dll
c:\windows\system32\_003798_.tmp.dll
c:\windows\system32\_003799_.tmp.dll
c:\windows\system32\_003800_.tmp.dll
c:\windows\system32\_003801_.tmp.dll
c:\windows\system32\_003802_.tmp.dll
c:\windows\system32\_003803_.tmp.dll
c:\windows\system32\_003804_.tmp.dll
c:\windows\system32\_003805_.tmp.dll
c:\windows\system32\_003806_.tmp.dll
c:\windows\system32\_003807_.tmp.dll
c:\windows\system32\_003808_.tmp.dll
c:\windows\system32\_003809_.tmp.dll
c:\windows\system32\_003810_.tmp.dll
c:\windows\system32\_003811_.tmp.dll
c:\windows\system32\_003812_.tmp.dll
c:\windows\system32\_003813_.tmp.dll
c:\windows\system32\_003814_.tmp.dll
c:\windows\system32\_003815_.tmp.dll
c:\windows\system32\_003816_.tmp.dll
c:\windows\system32\_003817_.tmp.dll
c:\windows\system32\_003818_.tmp.dll
c:\windows\system32\_003819_.tmp.dll
c:\windows\system32\_003820_.tmp.dll
c:\windows\system32\_003821_.tmp.dll
c:\windows\system32\_003822_.tmp.dll
c:\windows\system32\_003823_.tmp.dll
c:\windows\system32\_003824_.tmp.dll
c:\windows\system32\_003825_.tmp.dll
c:\windows\system32\_003826_.tmp.dll
c:\windows\system32\_003827_.tmp.dll
c:\windows\system32\_003828_.tmp.dll
c:\windows\system32\_003829_.tmp.dll
c:\windows\system32\_003830_.tmp.dll
c:\windows\system32\_003831_.tmp.dll
c:\windows\system32\_003832_.tmp.dll
c:\windows\system32\_003833_.tmp.dll
c:\windows\system32\_003834_.tmp.dll
c:\windows\system32\_003835_.tmp.dll
c:\windows\system32\_003836_.tmp.dll
c:\windows\system32\_003837_.tmp.dll
c:\windows\system32\_003838_.tmp.dll
c:\windows\system32\_003839_.tmp.dll
c:\windows\system32\_003840_.tmp.dll
c:\windows\system32\_003841_.tmp.dll
c:\windows\system32\_003842_.tmp.dll
c:\windows\system32\_003843_.tmp.dll
c:\windows\system32\_003844_.tmp.dll
c:\windows\system32\_003845_.tmp.dll
c:\windows\system32\_003846_.tmp.dll
c:\windows\system32\_003847_.tmp.dll
c:\windows\system32\_003848_.tmp.dll
c:\windows\system32\_003849_.tmp.dll
c:\windows\system32\_003850_.tmp.dll
c:\windows\system32\_003851_.tmp.dll
c:\windows\system32\_003852_.tmp.dll
c:\windows\system32\_003853_.tmp.dll
c:\windows\system32\_003854_.tmp.dll
c:\windows\system32\_003855_.tmp.dll
c:\windows\system32\_003856_.tmp.dll
c:\windows\system32\_003857_.tmp.dll
c:\windows\system32\_003858_.tmp.dll
c:\windows\system32\_003859_.tmp.dll
c:\windows\system32\_003860_.tmp.dll
c:\windows\system32\_003861_.tmp.dll
c:\windows\system32\_003862_.tmp.dll
c:\windows\system32\_003863_.tmp.dll
c:\windows\system32\_003864_.tmp.dll
c:\windows\system32\_003865_.tmp.dll
c:\windows\system32\_003866_.tmp.dll
c:\windows\system32\_003867_.tmp.dll
c:\windows\system32\_003868_.tmp.dll
c:\windows\system32\_003869_.tmp.dll
c:\windows\system32\_003870_.tmp.dll
c:\windows\system32\_003871_.tmp.dll
c:\windows\system32\_003872_.tmp.dll
c:\windows\system32\_003873_.tmp.dll
c:\windows\system32\_003874_.tmp.dll
c:\windows\system32\_003875_.tmp.dll
c:\windows\system32\_003876_.tmp.dll
c:\windows\system32\_003877_.tmp.dll
c:\windows\system32\_003878_.tmp.dll
c:\windows\system32\_003879_.tmp.dll
c:\windows\system32\_003880_.tmp.dll
c:\windows\system32\_003881_.tmp.dll
c:\windows\system32\_003882_.tmp.dll
c:\windows\system32\_003883_.tmp.dll
c:\windows\system32\_003884_.tmp.dll
c:\windows\system32\_003885_.tmp.dll
c:\windows\system32\_003886_.tmp.dll
c:\windows\system32\_003887_.tmp.dll
c:\windows\system32\_003888_.tmp.dll
c:\windows\system32\_003889_.tmp.dll
c:\windows\system32\_003890_.tmp.dll
c:\windows\system32\_003891_.tmp.dll
c:\windows\system32\_003892_.tmp.dll
c:\windows\system32\_003893_.tmp.dll
c:\windows\system32\_003894_.tmp.dll
c:\windows\system32\_003895_.tmp.dll
c:\windows\system32\_003896_.tmp.dll
c:\windows\system32\_003897_.tmp.dll
c:\windows\system32\_003899_.tmp.dll
c:\windows\system32\_003900_.tmp.dll
c:\windows\system32\_003901_.tmp.dll
c:\windows\system32\_003902_.tmp.dll
c:\windows\system32\_003903_.tmp.dll
c:\windows\system32\_003904_.tmp.dll
c:\windows\system32\_003905_.tmp.dll
c:\windows\system32\_003907_.tmp.dll
c:\windows\system32\_003908_.tmp.dll
c:\windows\system32\_003909_.tmp.dll
c:\windows\system32\_003910_.tmp.dll
c:\windows\system32\_003911_.tmp.dll
c:\windows\system32\_003912_.tmp.dll
c:\windows\system32\_003913_.tmp.dll
c:\windows\system32\_003914_.tmp.dll
c:\windows\system32\_003915_.tmp.dll
c:\windows\system32\_003916_.tmp.dll
c:\windows\system32\_003917_.tmp.dll
c:\windows\system32\_003918_.tmp.dll
c:\windows\system32\_003919_.tmp.dll
c:\windows\system32\_003920_.tmp.dll
c:\windows\system32\_003921_.tmp.dll
c:\windows\system32\_003922_.tmp.dll
c:\windows\system32\_003923_.tmp.dll
c:\windows\system32\_003925_.tmp.dll
c:\windows\system32\_003926_.tmp.dll
c:\windows\system32\_003927_.tmp.dll
c:\windows\system32\_003928_.tmp.dll
c:\windows\system32\_003930_.tmp.dll
c:\windows\system32\_003932_.tmp.dll
c:\windows\system32\_003933_.tmp.dll
c:\windows\system32\_003934_.tmp.dll
c:\windows\system32\_003935_.tmp.dll
c:\windows\system32\_003936_.tmp.dll
c:\windows\system32\_003937_.tmp.dll
c:\windows\system32\_003938_.tmp.dll
c:\windows\system32\_003940_.tmp.dll
c:\windows\system32\_003941_.tmp.dll
c:\windows\system32\_003942_.tmp.dll
c:\windows\system32\_003943_.tmp.dll
c:\windows\system32\_003944_.tmp.dll
c:\windows\system32\_003945_.tmp.dll
c:\windows\system32\_003946_.tmp.dll
c:\windows\system32\_003947_.tmp.dll
c:\windows\system32\_003948_.tmp.dll
c:\windows\system32\_003949_.tmp.dll
c:\windows\system32\_003950_.tmp.dll
c:\windows\system32\_003951_.tmp.dll
c:\windows\system32\_003952_.tmp.dll
c:\windows\system32\_003953_.tmp.dll
c:\windows\system32\_003954_.tmp.dll
c:\windows\system32\_003955_.tmp.dll
c:\windows\system32\_003956_.tmp.dll
c:\windows\system32\_003958_.tmp.dll
c:\windows\system32\_003959_.tmp.dll
c:\windows\system32\_003960_.tmp.dll
c:\windows\system32\_003961_.tmp.dll
c:\windows\system32\_003963_.tmp.dll
c:\windows\system32\_003965_.tmp.dll
c:\windows\system32\_003966_.tmp.dll
c:\windows\system32\_003967_.tmp.dll
c:\windows\system32\_003968_.tmp.dll
c:\windows\system32\_003969_.tmp.dll
c:\windows\system32\_003970_.tmp.dll
c:\windows\system32\_003971_.tmp.dll
c:\windows\system32\_003973_.tmp.dll
c:\windows\system32\_003974_.tmp.dll
c:\windows\system32\_003975_.tmp.dll
c:\windows\system32\_003976_.tmp.dll
c:\windows\system32\_003977_.tmp.dll
c:\windows\system32\_003978_.tmp.dll
c:\windows\system32\_003979_.tmp.dll
c:\windows\system32\_003980_.tmp.dll
c:\windows\system32\_003982_.tmp.dll
c:\windows\system32\_003983_.tmp.dll
c:\windows\system32\_003985_.tmp.dll
c:\windows\system32\_003986_.tmp.dll
c:\windows\system32\_003988_.tmp.dll
c:\windows\system32\_003989_.tmp.dll
c:\windows\system32\_003993_.tmp.dll
c:\windows\system32\_003994_.tmp.dll
c:\windows\system32\_003996_.tmp.dll
c:\windows\system32\_003999_.tmp.dll
c:\windows\system32\_004001_.tmp.dll
c:\windows\system32\_004002_.tmp.dll
c:\windows\system32\_004003_.tmp.dll
c:\windows\system32\_004004_.tmp.dll
c:\windows\system32\_004007_.tmp.dll
c:\windows\system32\_004008_.tmp.dll
c:\windows\system32\_004009_.tmp.dll
c:\windows\system32\_004010_.tmp.dll
c:\windows\system32\_004011_.tmp.dll
c:\windows\system32\_004016_.tmp.dll
c:\windows\system32\_004018_.tmp.dll
c:\windows\system32\_004019_.tmp.dll
c:\windows\system32\_006002_.tmp.dll
c:\windows\system32\_006003_.tmp.dll
c:\windows\system32\_006004_.tmp.dll
c:\windows\system32\_006005_.tmp.dll
c:\windows\system32\_006012_.tmp.dll
c:\windows\system32\_006013_.tmp.dll
c:\windows\system32\_006014_.tmp.dll
c:\windows\system32\_006015_.tmp.dll
c:\windows\system32\_006017_.tmp.dll
c:\windows\system32\_006018_.tmp.dll
c:\windows\system32\_006021_.tmp.dll
c:\windows\system32\_006022_.tmp.dll
c:\windows\system32\_006024_.tmp.dll
c:\windows\system32\_006025_.tmp.dll
c:\windows\system32\_006026_.tmp.dll
c:\windows\system32\_006028_.tmp.dll
c:\windows\system32\_006031_.tmp.dll
c:\windows\system32\_006032_.tmp.dll
c:\windows\system32\_006036_.tmp.dll
c:\windows\system32\_006037_.tmp.dll
c:\windows\system32\_006039_.tmp.dll
c:\windows\system32\_006042_.tmp.dll
c:\windows\system32\_006044_.tmp.dll
c:\windows\system32\_006045_.tmp.dll
c:\windows\system32\_006046_.tmp.dll
c:\windows\system32\_006047_.tmp.dll
c:\windows\system32\_006048_.tmp.dll
c:\windows\system32\_006051_.tmp.dll
c:\windows\system32\_006052_.tmp.dll
c:\windows\system32\_006053_.tmp.dll
c:\windows\system32\_006054_.tmp.dll
c:\windows\system32\_006055_.tmp.dll
c:\windows\system32\_006060_.tmp.dll
c:\windows\system32\_006062_.tmp.dll
c:\windows\system32\_006063_.tmp.dll
c:\windows\system32\_006147_.tmp.dll
c:\windows\system32\_006148_.tmp.dll
c:\windows\system32\_006149_.tmp.dll
c:\windows\system32\_006150_.tmp.dll
c:\windows\system32\_006157_.tmp.dll
c:\windows\system32\_006158_.tmp.dll
c:\windows\system32\_006159_.tmp.dll
c:\windows\system32\_006161_.tmp.dll
c:\windows\system32\_006162_.tmp.dll
c:\windows\system32\_006165_.tmp.dll
c:\windows\system32\_006166_.tmp.dll
c:\windows\system32\_006168_.tmp.dll
c:\windows\system32\_006169_.tmp.dll
c:\windows\system32\_006170_.tmp.dll
c:\windows\system32\_006172_.tmp.dll
c:\windows\system32\_006175_.tmp.dll
c:\windows\system32\_006176_.tmp.dll
c:\windows\system32\_006180_.tmp.dll
c:\windows\system32\_006181_.tmp.dll
c:\windows\system32\_006183_.tmp.dll
c:\windows\system32\_006186_.tmp.dll
c:\windows\system32\_006188_.tmp.dll
c:\windows\system32\_006189_.tmp.dll
c:\windows\system32\_006190_.tmp.dll
c:\windows\system32\_006191_.tmp.dll
c:\windows\system32\_006194_.tmp.dll
c:\windows\system32\_006196_.tmp.dll
c:\windows\system32\_006197_.tmp.dll
c:\windows\system32\_006198_.tmp.dll
c:\windows\system32\_006203_.tmp.dll
c:\windows\system32\_006205_.tmp.dll
c:\windows\system32\_006206_.tmp.dll
c:\windows\system32\drivers\gxvxcuijxtcdrwwostirsnkcvrxdqltardkrj.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcohanuvaiqjxfqhbbopeqjgaqpamtusti.dll
F:\Autorun.inf
f:\recycler\S-8-9-54-100025600-100011949-100019782-8204.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.

2009-04-30 15:16 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-30 15:16 . 2009-04-30 15:16 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-30 15:13 . 2009-04-30 15:13 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-29 20:12 . 2009-04-29 20:21 -------- d-----w c:\program files\SpywareBlaster
2009-04-28 17:21 . 2009-04-28 17:21 -------- d-----w c:\program files\Malware Avenger
2009-04-28 16:42 . 2009-04-28 16:42 -------- d-----w c:\program files\Trend Micro
2009-04-28 16:35 . 2008-06-02 19:19 42376 ----a-w c:\windows\system32\drivers\ikfilesec.sys
2009-04-28 16:35 . 2008-06-02 19:19 29576 ----a-w c:\windows\system32\drivers\kcom.sys
2009-04-28 16:35 . 2008-06-11 01:22 81288 ----a-w c:\windows\system32\drivers\iksyssec.sys
2009-04-28 16:35 . 2008-06-02 19:19 66952 ----a-w c:\windows\system32\drivers\iksysflt.sys
2009-04-28 16:35 . 2009-04-28 16:35 -------- d-----w c:\documents and settings\Bob\Application Data\PC Tools
2009-04-28 16:35 . 2009-04-28 17:06 -------- d-----w c:\program files\Spyware Doctor
2009-04-28 15:12 . 2009-04-28 16:35 -------- d-----w c:\documents and settings\Bob\Application Data\GetRightToGo
2009-04-28 01:51 . 2007-08-02 02:47 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-28 01:32 . 2009-04-28 01:32 -------- d-----w c:\windows\Sun
2009-04-28 01:19 . 2009-04-28 01:20 -------- d-----w c:\program files\Java
2009-04-28 01:18 . 2009-04-28 01:18 -------- d-----w c:\program files\Common Files\Java
2009-04-27 21:54 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 21:54 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 21:54 . 2009-04-27 21:54 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-27 21:54 . 2009-04-27 21:57 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 14:07 . 2009-04-27 14:07 -------- d-----w c:\program files\HeroCodec
2009-04-26 23:45 . 2009-04-26 23:45 -------- d-----w C:\iview
2009-04-23 04:29 . 2009-04-23 04:29 -------- d-----w c:\windows\system32\Adobe
2009-04-17 12:17 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 19:06 . 2008-12-05 00:24 -------- d-----w c:\program files\DNA
2009-04-30 15:13 . 2003-07-27 16:02 -------- d-----w c:\program files\Lavasoft
2009-04-28 01:42 . 2002-12-10 05:14 104768 ----a-w c:\documents and settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 00:24 . 2009-02-03 04:03 -------- d-----w c:\program files\Cakewalk
2009-04-27 23:47 . 2008-01-30 02:44 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-21 06:51 . 2002-12-16 16:01 -------- d-----w c:\program files\Common Files\Adobe
2009-04-18 18:07 . 2008-11-25 16:52 -------- d-----w c:\program files\McAfee
2009-03-24 08:32 . 2009-02-03 04:21 -------- d-----w c:\program files\Native Instruments
2009-03-24 08:32 . 2009-02-03 04:22 -------- d-----w c:\program files\Common Files\Native Instruments
2009-03-19 16:29 . 2009-03-19 16:28 -------- d-----w c:\program files\Exact Audio Copy
2009-03-03 00:18 . 2004-02-06 22:05 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 16:03 . 2009-03-02 16:03 -------- d-----w c:\program files\realworld
2009-02-28 16:06 . 2004-09-02 00:50 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-02-28 16:06 . 2004-09-02 00:50 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-02-22 20:54 . 2003-01-03 20:23 105160 ----a-w c:\documents and settings\Bob\Application Data\GDIPFONTCACHEV1.DAT
2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2009-03-15 15:51 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-06-13 03:11 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2009-03-15 15:51 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2009-03-15 15:51 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:19 . 2009-03-15 15:51 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2009-03-15 15:51 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2009-03-15 15:51 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2002-08-29 11:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2009-03-15 15:51 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2002-08-29 11:00 55808 ----a-w c:\windows\system32\secur32.dll
2009-02-03 04:16 . 2009-02-03 04:16 118784 ----a-w c:\windows\dsdxirmv.exe
2009-02-03 02:57 . 2009-02-03 02:57 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-09 20:21 . 2008-12-18 22:16 94208 ----a-w c:\program files\mozilla firefox\components\blsfflock.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"uoltray"="c:\program files\NetZero\exec.exe" [2004-01-20 90384]
"spc_w"="c:\program files\NZSearch\hcm.exe" [2004-05-13 258114]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-29 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-25 290816]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-06-11 684032]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2002-12-21 77824]
"SysAgent"="c:\sysagent\SysAgent.exe" [2001-09-14 814592]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Auto EPSON Stylus CX4800 Series on A"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"blspcloader"="c:\program files\ATT Internet Tools\blsloader.exe" [2008-12-18 103760]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-28 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\SYSTEM32\Ati2mdxx.exe [2001-09-04 28672]
"DeltTray"="DeltTray.exe" - c:\windows\SYSTEM32\delttray.exe [2004-08-27 56320]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-12-4 45056]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111.exe [2004-10-9 1056860]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KAZAA"=g:\kazaa lite\kazaa.exe /SYSTRAY
"ConMgr.exe"="c:\program files\EarthLink 5.0\conmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 BWU713_A02;Blitzz Wireless G USB Controller;c:\windows\system32\DRIVERS\BWU713.sys [2004-03-02 340096]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
S2 NwSapAgent;SAP Agent;c:\windows\System32\svchost.exe [2004-08-04 14336]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90e2d42a-ef82-11dc-9711-bc8ab7e11fde}]
\Shell\AutoRun\command - "G:\Install FreeAgent Tools.exe" /run
.
Contents of the 'Scheduled Tasks' folder

2009-04-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-25 18:32]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-25 18:32]

2009-04-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{C21549AF-A87E-4057-B59D-B3591E5E0360} - (no file)
HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.merlinman.blogspot.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://merlinman.blogspot.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\blsfflock.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
.
.
------- File Associations -------
.
inffile=c:\i386\NOTEPAD.EXE %1
inifile=c:\i386\NOTEPAD.EXE %1
txtfile=c:\i386\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 15:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"

[HKEY_LOCAL_MACHINE\software\Classes\CakewalkPlugIns\^`ܵî =qx * *]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3304)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\windows\SYSTEM32\CTsvcCDA.EXE
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Iomega\AutoDisk\ADService.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\ATTToolbar\FDServer.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-04-30 15:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 19:18

Pre-Run: 2,420,535,296 bytes free
Post-Run: 2,373,021,696 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
734 --- E O F --- 2009-04-17 16:53





Malwarebytes Anti-Malware log (I deleted the Registry Data Items Infected at the end of the scan when given that option):

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

4/30/2009 5:14:47 PM
mbam-log-2009-04-30 (17-14-47).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 199270
Time elapsed: 56 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



new hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:04 PM, on 4/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\QuickTime\qttask.exe
C:\SysAgent\SysAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\DeltTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\MHN\McENUI.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\ATT Internet Tools\blsloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.merlinman.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\ATT Internet Tools\blspc.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SysAgent] C:\SysAgent\SysAgent.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4800 Series on A] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P36 "Auto EPSON Stylus CX4800 Series on A" /O30 "\\A\EPSON Stylus CX4800 Series" /M "Stylus CX4800"
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\ATT Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1661173984
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1831980593
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ ... s-i586.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 14440 bytes
bobgrem
Regular Member
 
Posts: 37
Joined: April 28th, 2009, 12:53 pm

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby bobgrem » April 30th, 2009, 6:19 pm

Boy, thanks!
Troj/Rustok and btcar problems seem to be resolved.
My deep gratitude!
Besides anything you notice in the log files, any advice on preventative medicine would be much appreciated!

Bob
bobgrem
Regular Member
 
Posts: 37
Joined: April 28th, 2009, 12:53 pm

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby bobgrem » April 30th, 2009, 7:27 pm

I missed where you said to d/l latest malwarebytes definitions. I did that and am now running the scan, and then will run HJT and will post (slaps forehead) both.

Bob
bobgrem
Regular Member
 
Posts: 37
Joined: April 28th, 2009, 12:53 pm

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby bobgrem » April 30th, 2009, 11:35 pm

Thanks!
Malwarebytes log after updated definitions:

Malwarebytes' Anti-Malware 1.36
Database version: 2062
Windows 5.1.2600 Service Pack 2

4/30/2009 11:08:39 PM
mbam-log-2009-04-30 (23-08-18).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 210709
Time elapsed: 55 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\HeroCodec (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\HeroCodecSoft (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HeroCodec (Trojan.DNSChanger) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Bob\Start Menu\Programs\HeroCodec (Trojan.DNSChanger) -> No action taken.
C:\Program Files\HeroCodec (Trojan.DNSChanger) -> No action taken.

Files Infected:
C:\Program Files\HeroCodec\Uninstall.exe (Rogue.Installer) -> No action taken.
C:\Program Files\Pinnacle\Pinnacle Express\EReg\RegTool.exe (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bob\Start Menu\Programs\HeroCodec\Uninstall.lnk (Trojan.DNSChanger) -> No action taken.


Malwarebytes log after 8 infected items deleted:

Malwarebytes' Anti-Malware 1.36
Database version: 2062
Windows 5.1.2600 Service Pack 2

4/30/2009 11:11:45 PM
mbam-log-2009-04-30 (23-11-45).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 210709
Time elapsed: 55 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HeroCodecSoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Bob\Start Menu\Programs\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\HeroCodec\Uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Pinnacle\Pinnacle Express\EReg\RegTool.exe (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bob\Start Menu\Programs\HeroCodec\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.


Subsequent hjt scan logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:28 PM, on 4/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\QuickTime\qttask.exe
C:\SysAgent\SysAgent.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\DeltTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\MHN\McENUI.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\ATT Internet Tools\blsloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.merlinman.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\ATT Internet Tools\blspc.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SysAgent] C:\SysAgent\SysAgent.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4800 Series on A] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P36 "Auto EPSON Stylus CX4800 Series on A" /O30 "\\A\EPSON Stylus CX4800 Series" /M "Stylus CX4800"
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\ATT Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1661173984
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1831980593
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ ... s-i586.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 14520 bytes
bobgrem
Regular Member
 
Posts: 37
Joined: April 28th, 2009, 12:53 pm

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby Wi[k]! » May 1st, 2009, 4:33 pm

Hello Bob,

I will give you some advice on how to secure your computer but after we're certain your clean. In the meantime do not install another anti-virus or a firewall. Running one antivirus program is essential, but having two can cause conflicts, slow your system down and even cause stability problems without improving your security.
--------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\program files\DNA
c:\Program Files\BitTorrent

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KAZAA"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]



Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
--------------------------------------------------

Click on start > run > type in: appwiz.cpl and press enter uninstall J2SE Runtime Environment 5.0 Update 3 from the list.

Download and install the latest version of java from here
--------------------------------------------------

Do an online scan with Kaspersky's Online Scanner

  • Click on accept and updating will commence to download the latest virus definitions.
  • On the left side, under Scan click on My Computer, a scan will start.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Note: There is a tutorial Here if you need to see one.

In your next reply:

Combofix.txt
Kaspersky report
How is the computer running? Any problems?
Wi[k]!
MRU Undergrad
MRU Undergrad
 
Posts: 554
Joined: August 4th, 2008, 9:49 am

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby bobgrem » May 2nd, 2009, 1:38 am

My computer seems to working okay.
I’m not getting Troj/Rustok notices and when I google search there are no btmon.car results. Before I disabled Windows Defender it did an automatic scan and quarantined eight items. I uninstalled other anti-spyware/malware programs. I noticed the Kaspersky scan turned up some threats and infected items.

Thanks!
Bob



Combofix scan after CFScript drag (file was saved as text file with ANSI coding):

ComboFix 09-05-02.3 - Bob 05/01/2009 18:23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.168 [GMT -4:00]
Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BitTorrent
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.

2009-04-30 19:24 . 2009-04-30 19:24 -------- d-----w c:\documents and settings\Bob\Application Data\Malwarebytes
2009-04-30 15:16 . 2009-05-01 21:01 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-28 17:21 . 2009-05-01 20:57 -------- d-----w c:\program files\Malware Avenger
2009-04-28 16:42 . 2009-04-28 16:42 -------- d-----w c:\program files\Trend Micro
2009-04-28 15:12 . 2009-04-28 16:35 -------- d-----w c:\documents and settings\Bob\Application Data\GetRightToGo
2009-04-28 01:51 . 2007-08-02 02:47 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-28 01:32 . 2009-04-28 01:32 -------- d-----w c:\windows\Sun
2009-04-28 01:19 . 2009-04-28 01:20 -------- d-----w c:\program files\Java
2009-04-28 01:18 . 2009-04-28 01:18 -------- d-----w c:\program files\Common Files\Java
2009-04-27 21:54 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 21:54 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 21:54 . 2009-04-27 21:54 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-27 21:54 . 2009-04-27 21:57 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-26 23:45 . 2009-04-26 23:45 -------- d-----w C:\iview
2009-04-23 04:29 . 2009-04-23 04:29 -------- d-----w c:\windows\system32\Adobe
2009-04-17 12:17 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 22:22 . 2002-12-04 13:20 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-01 22:20 . 2006-06-04 06:25 366 ----a-w c:\windows\Tasks\Symantec NetDetect.job
2009-05-01 21:33 . 2003-01-03 20:23 104768 ----a-w c:\documents and settings\Bob\Application Data\GDIPFONTCACHEV1.DAT
2009-05-01 21:02 . 2003-07-27 16:02 -------- d-----w c:\program files\Lavasoft
2009-04-30 15:17 . 2009-04-30 15:17 472 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
2009-04-28 01:42 . 2002-12-10 05:14 104768 ----a-w c:\documents and settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 00:24 . 2009-02-03 04:03 -------- d-----w c:\program files\Cakewalk
2009-04-27 23:47 . 2008-01-30 02:44 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-21 06:51 . 2002-12-16 16:01 -------- d-----w c:\program files\Common Files\Adobe
2009-04-18 18:07 . 2008-11-25 16:52 -------- d-----w c:\program files\McAfee
2009-03-26 07:00 . 2007-01-19 19:58 368 ----a-w c:\windows\Tasks\RegCure.job
2009-03-24 08:32 . 2009-02-03 04:21 -------- d-----w c:\program files\Native Instruments
2009-03-24 08:32 . 2009-02-03 04:22 -------- d-----w c:\program files\Common Files\Native Instruments
2009-03-19 16:29 . 2009-03-19 16:28 -------- d-----w c:\program files\Exact Audio Copy
2009-03-03 00:18 . 2004-02-06 22:05 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-01 06:00 . 2008-11-25 16:52 328 ----a-w c:\windows\Tasks\McQcTask.job
2009-02-28 16:06 . 2004-09-02 00:50 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-02-28 16:06 . 2004-09-02 00:50 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-15 06:00 . 2008-11-25 16:52 336 ----a-w c:\windows\Tasks\McDefragTask.job
2009-02-09 10:20 . 2009-03-15 15:51 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-06-13 03:11 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2009-03-15 15:51 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2009-03-15 15:51 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:19 . 2009-03-15 15:51 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2009-03-15 15:51 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2009-03-15 15:51 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2002-08-29 11:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2009-03-15 15:51 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2002-08-29 11:00 55808 ----a-w c:\windows\system32\secur32.dll
2009-02-03 04:16 . 2009-02-03 04:16 118784 ----a-w c:\windows\dsdxirmv.exe
2009-02-03 02:57 . 2009-02-03 02:57 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-09 20:21 . 2008-12-18 22:16 94208 ----a-w c:\program files\mozilla firefox\components\blsfflock.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-30_19.08.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-30 21:40 . 2009-05-01 19:00 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2002-09-03 08:08 . 2009-05-01 19:00 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2002-09-03 08:08 . 2009-04-30 17:14 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2002-09-03 08:08 . 2009-05-01 19:00 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2002-09-03 08:08 . 2009-04-30 17:14 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2009-04-28 01:33 . 2009-05-01 21:37 3642 c:\windows\SoftwareDistribution\EventCache\{86150A9D-18A0-4B96-8923-3F12D7FD6726}.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"uoltray"="c:\program files\NetZero\exec.exe" [2004-01-20 90384]
"spc_w"="c:\program files\NZSearch\hcm.exe" [2004-05-13 258114]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-29 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-25 290816]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-06-11 684032]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2002-12-21 77824]
"SysAgent"="c:\sysagent\SysAgent.exe" [2001-09-14 814592]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Auto EPSON Stylus CX4800 Series on A"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"blspcloader"="c:\program files\ATT Internet Tools\blsloader.exe" [2008-12-18 103760]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-28 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\SYSTEM32\Ati2mdxx.exe [2001-09-04 28672]
"DeltTray"="DeltTray.exe" - c:\windows\SYSTEM32\delttray.exe [2004-08-27 56320]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-12-4 45056]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111.exe [2004-10-9 1056860]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ConMgr.exe"="c:\program files\EarthLink 5.0\conmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
R3 BWU713_A02;Blitzz Wireless G USB Controller;c:\windows\system32\DRIVERS\BWU713.sys [2004-03-02 340096]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
S2 NwSapAgent;SAP Agent;c:\windows\System32\svchost.exe [2004-08-04 14336]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90e2d42a-ef82-11dc-9711-bc8ab7e11fde}]
\Shell\AutoRun\command - "G:\Install FreeAgent Tools.exe" /run
.
Contents of the 'Scheduled Tasks' folder

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-25 18:32]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-25 18:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.merlinman.blogspot.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\jcnxm3kk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://merlinman.blogspot.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\blsfflock.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 18:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CakewalkPlugIns\^`ܵî =qx * *]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
Completion time: 2009-05-01 18:29
ComboFix-quarantined-files.txt 2009-05-01 22:28
ComboFix2.txt 2009-04-30 19:18

Pre-Run: 2,460,303,360 bytes free
Post-Run: 2,454,003,712 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
203 --- E O F --- 2009-05-01 21:37


kaspersky’s scan results:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, May 2, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, May 02, 2009 00:39:41
Records in database: 2118498
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 110561
Threat name: 3
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 02:05:19


File name / Threat name / Threats count
C:\Documents and Settings\Bob\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Inbox.dbx Infected: Email-Worm.Win32.Sobig.e 2
C:\Program Files\Norton AntiVirus\Quarantine\64B30C40 Infected: Trojan-Downloader.JS.IstBar.s 1
C:\Qoobox\Quarantine\C\RECYCLER\S-8-9-54-100025600-100011949-100019782-8204.com.vir Infected: Trojan.Win32.Tdss.abds 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP767\A0502402.com Infected: Trojan.Win32.Tdss.abds 1
G:\RECYCLER\S-8-9-54-100025600-100011949-100019782-8204.com Infected: Trojan.Win32.Tdss.abds 1

The selected area was scanned.
bobgrem
Regular Member
 
Posts: 37
Joined: April 28th, 2009, 12:53 pm

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby bobgrem » May 2nd, 2009, 8:29 am

When I turned on my computer this morning it said the system had recovered from a serious error. The error report contents:
C:\DOCUME~1\Bob\LOCALS~1\Temp\WERf75f.dir00\Mini043009-01.dmp
C:\DOCUME~1\Bob\LOCALS~1\Temp\WERf75f.dir00\sysdata.xml

Thanks,
Bob
bobgrem
Regular Member
 
Posts: 37
Joined: April 28th, 2009, 12:53 pm

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby Wi[k]! » May 3rd, 2009, 8:00 am

Go through this inbox in Outlook (C:\Documents and Settings\Bob\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Inbox.dbx) and delete any suspicious looking e-mails.

Then empty the contents of this folder: C:\Program Files\Norton AntiVirus\Quarantine
Delete this folder on your G: drive - G:\RECYCLER

Now, for the serious error:

Download ATF Cleaner to your Desktop.
    Double-click on ATF-Cleaner.exe to start the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    Note: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    Note: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
--------------------------------------------------

Press Start->Run, then copy/paste the following command into the box and press OK:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.
Wi[k]!
MRU Undergrad
MRU Undergrad
 
Posts: 554
Joined: August 4th, 2008, 9:49 am

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby Dakeyras » May 3rd, 2009, 1:01 pm

Hi :)

Your current helper is unavailable at present and I will be taking over this topic if this change of situation is OK with your good self.

Any questions feel free to ask, if not please carry out the last set of instructions posted by Wi[k]! when ready, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: ''Troj/Rustok-N' messages-hijackthis log

Unread postby bobgrem » May 3rd, 2009, 2:41 pm

I followed the latest round of instructions, except I deleted inbox.dbx since I could not open it. I don't use Outlook Express, don't find the program on my computer and don't ever remember using it, although there are some more .dbx files in that folder.

The G drive is a thumb drive that I used to transfer some files from my laptop which is running slow. I guess I need to have that checked out too?

Thanks,
Bob

Here are the contents of checkhd.txt:
The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
Deleting index entry 0653D3~1 in index $I30 of file 38943.
Deleting index entry SESSIO~1.JS in index $I30 of file 45084.
Deleting index entry _DOWNL~1.STA in index $I30 of file 57749.
Deleting index entry MCUIMG~1.PF in index $I30 of file 113434.

Errors found. CHKDSK cannot continue in read-only mode.
bobgrem
Regular Member
 
Posts: 37
Joined: April 28th, 2009, 12:53 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware