Posted 29 January 2009 - 03:13 PM
Hi not very good with PC's! Basic story bought PC of mate blue screen all the time. was on the other post being helped by BOOPME - Thanks for your help. He told me to post here the problem was this:
This problem was caused by Win32/Rustock.gen!C, a known computer virus.
Win32/Rustock.gen!C is also known by the following names:
* Win32/Vxidl.B
* Troj/Dorf-Fam
* Trojan.Peacomm
* TROJ_SMALL.EDW
This is what he said:
These are coming from malware laden PSP or torrent downloads. the only way to clean this other thana Full wipe of the drive is thru our HJY team.
We need to run HJT.
Please follow this guide. go and do steps 6 and 7 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.
Let me know it it went OK !
So I think I need the logs now: DDS -
DDS (Ver_09-01-19.01) - NTFSx86
Run by Swanbo at 20:02:32.78 on 29/01/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1464 [GMT 0:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: *disabled*
FW: ZoneAlarm Firewall *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Swanbo\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.ie/
mWinlogon: SFCDisable=4 (0x4)
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.5672\swg.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [Start WingMan Profiler] "c:\program files\logitech\profiler\lwemon.exe" /noui
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [F5D9050] c:\program files\belkin\f5d9050\Belkinwcui.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: WIKI.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\swanbo\applic~1\mozilla\firefox\profiles\p00q247a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ie
FF - prefs.js: network.proxy.http - 212.170.156.46:80
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\swanbo\application data\mozilla\firefox\profiles\p00q247a.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlc\npvlc.dll
============= SERVICES / DRIVERS ===============
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2007-1-29 10240]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-1 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-1 27656]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-10-15 127768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-10-15 394952]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [2008-10-9 19968]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-1 298264]
R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-14 47640]
R4 RVIEGVST;VSC VST Engine;c:\program files\roland\virtual sound canvas vst\RVIEg01VST.sys [2007-2-1 188276]
R4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S1 IKFileFlt;File Filter Driver;c:\windows\system32\drivers\ikfileflt.sys --> c:\windows\system32\drivers\ikfileflt.sys [?]
S1 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys --> c:\windows\system32\drivers\ikfilesec.sys [?]
S1 IkSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys --> c:\windows\system32\drivers\iksysflt.sys [?]
S1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys --> c:\windows\system32\drivers\iksyssec.sys [?]
S3 PAC7302;PC VGA Camer@ Plus;c:\windows\system32\drivers\PAC7302.SYS [2007-9-10 457984]
S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys [2007-2-1 951284]
S4 DNSCacheReader;dns cache reader;c:\windows\system32\j6231639.exe --> c:\windows\system32\j6231639.exe [?]
S4 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\spyware doctor\svcntaux.exe --> c:\program files\spyware doctor\svcntaux.exe [?]
S4 sdCoreService;Spyware Doctor Service;c:\program files\spyware doctor\swdsvc.exe --> c:\program files\spyware doctor\swdsvc.exe [?]
=============== Created Last 30 ================
2009-01-28 18:57 <DIR> --d----- c:\docume~1\swanbo\applic~1\Malwarebytes
2009-01-28 18:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-28 18:57 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-28 18:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-28 18:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-27 22:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-27 22:22 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-27 22:22 <DIR> --d----- c:\docume~1\swanbo\applic~1\SUPERAntiSpyware.com
2009-01-27 21:59 <DIR> --d----- c:\documents and settings\swanbo\.housecall6.6
2009-01-25 13:59 <DIR> --d----- c:\docume~1\swanbo\applic~1\PPStream
2009-01-25 13:58 <DIR> --d----- c:\program files\360DeskSearch
2009-01-17 19:25 <DIR> --d----- c:\docume~1\swanbo\applic~1\AVS4YOU
2009-01-17 19:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-01-17 19:24 <DIR> --d----- c:\program files\common files\AVSMedia
2009-01-17 19:23 1,700,352 a------- c:\windows\system32\GdiPlus.dll
2009-01-17 19:23 24,576 a------- c:\windows\system32\msxml3a.dll
2009-01-17 19:23 <DIR> --d----- c:\program files\AVS4YOU
2009-01-17 18:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nokia
2009-01-15 22:40 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll
2009-01-15 22:40 659,968 a------- c:\windows\system32\nmwcdcocls.dll
2009-01-15 21:56 <DIR> --d----- c:\documents and settings\swanbo\Phone Browser
2009-01-15 21:39 <DIR> --d----- c:\program files\common files\PCSuite
2009-01-15 21:39 <DIR> --d----- c:\program files\common files\Nokia
2009-01-15 21:39 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-01-15 21:39 <DIR> --d----- c:\program files\Nokia
2009-01-15 19:57 666,112 a------- c:\windows\system32\SET41.tmp
2009-01-15 19:57 619,520 a------- c:\windows\system32\SET42.tmp
2009-01-15 19:57 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2009-01-15 19:57 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2009-01-15 19:57 1,499,136 a------- c:\windows\system32\SET43.tmp
2009-01-15 19:57 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-01-15 19:57 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-15 19:57 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-15 19:56 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-15 19:56 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-15 19:56 3,067,904 a------- c:\windows\system32\SET31.tmp
2009-01-15 19:56 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2009-01-15 19:56 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-15 19:53 337,408 a------- c:\windows\system32\SET20.tmp
2009-01-15 19:53 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-01-15 19:43 <DIR> --d----- c:\windows\system32\scripting
2009-01-15 19:43 <DIR> --d----- c:\windows\system32\en
2009-01-15 19:43 <DIR> --d----- c:\windows\system32\bits
2009-01-15 19:43 <DIR> --d----- c:\windows\l2schemas
2009-01-15 19:40 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-15 19:38 <DIR> --d----- c:\windows\network diagnostic
2009-01-13 20:05 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-01-07 12:46 <DIR> --d----- c:\docume~1\swanbo\applic~1\uTorrent
==================== Find3M ====================
2009-01-29 20:02 17,278,496 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-28 21:16 234,116 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-01-27 21:09 8,450 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-01-27 18:43 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-27 18:43 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-15 19:45 79,431 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-11-08 23:29 48,396 a------- c:\windows\UninstVeetleTVPlayer.exe
2008-11-01 17:01 921,632 ac------ C:\PA7302.DAT
2008-11-01 16:41 4,212 ----h--- c:\windows\system32\zllictbl.dat
2007-07-05 15:12 140 a------- c:\docume~1\swanbo\applic~1\wklnhst.dat
2007-02-02 23:04 137,104 a------- c:\program files\INSTALL.LOG
2001-01-05 16:51 162,304 a------- c:\program files\UNWISE.EXE
============= FINISH: 20:03:23.10 ===============
There is another LOG - ATTACH? it says not to attach unless directed so will leave it off for now. Thanks in advance.