Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Troj/Rustok-N


  • Please log in to reply
21 replies to this topic

#1 fallenwinters

fallenwinters

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 30 June 2009 - 08:46 AM

I'm having problems with this virus. Not really sure if that is the name of the virus. When i visited a certain site it gives that name "Troj/Rustok-N". Whenever i start Firefox or Windows explorer my antivirus, AVG, always pops out that i have a trojan virus. I keep cleaning it but it keeps popping out. And also my computer crashes and goes to "Blue Screen" Here is my DDS report. I hope you can help me out. I would really appreciate it and thanks in advance.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Mark at 6:34:39.19 on Tue 06/30/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1267 [GMT -7:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\KbdStub.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\vVX3000.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\jusched.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CSolidBrowserObj Object: {bd08a9d5-0e5c-4f42-99a3-c0cb5e860557} - c:\windows\system32\solidstatenetworks\solidstateion\solidax.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [CCUTRAYICON] FactoryMode
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [<NO NAME>]
mRun: [DT HPW] c:\program files\portrait displays\hp my display\DTHtml.exe -startup_folder
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\multip~1.lnk - c:\program files\multiply\autouploader\multiply autouploader\Multiply AutoUploader.exe
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\shrink~1.lnk - c:\program files\shrink pic\shrink_pic.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://www.playwhat.com/solidPlugin/solidstateion.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 85.255.112.131,85.255.112.74
TCP: {33E963B5-8CA2-40D0-830F-C91D2059F442} = 85.255.112.131,85.255.112.74
TCP: {B62B1708-C89C-4992-9C53-DE25803DDD8E} = 85.255.112.131,85.255.112.74
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\3w5txjaj.default\

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-6-19 12552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-30 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-19 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-19 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-20 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-20 298776]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-30 348752]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]

=============== Created Last 30 ================

2009-06-30 06:05 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-30 06:05 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-30 06:05 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-30 06:05 <DIR> a-d----- c:\programdata\TEMP
2009-06-30 06:05 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-30 06:05 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-30 06:05 <DIR> --d----- c:\users\mark\appdata\roaming\PC Tools
2009-06-30 06:05 <DIR> --d----- c:\programdata\PC Tools
2009-06-30 06:05 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-30 06:05 <DIR> --d----- c:\progra~2\PC Tools
2009-06-30 06:05 506,368 a------- c:\windows\system32\msxml.dll
2009-06-25 21:58 <DIR> --d----- c:\programdata\Media Center Programs
2009-06-25 21:58 <DIR> --d----- c:\progra~2\Media Center Programs
2009-06-25 21:51 <DIR> --d----- c:\program files\Eidos
2009-06-23 08:20 <DIR> --d----- c:\program files\GRETECH
2009-06-22 23:34 <DIR> --d----- c:\users\mark\appdata\roaming\shrink_pic
2009-06-22 23:34 <DIR> --d----- c:\program files\Shrink Pic
2009-06-22 02:00 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-06-22 02:00 <DIR> --d----- c:\program files\MagicDisc
2009-06-21 22:21 <DIR> --d----- c:\users\mark\appdata\roaming\com.Multiply.AutoUploader.C7DF09F73C2059D294831784007C5F0856677385.1
2009-06-21 22:21 <DIR> --d----- c:\program files\Multiply
2009-06-21 08:38 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-06-21 07:45 <DIR> --d----- c:\programdata\NOS
2009-06-20 00:10 <DIR> --d----- c:\windows\system32\SolidStateNetworks
2009-06-19 23:20 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-19 23:20 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-06-19 23:20 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-19 23:20 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-19 23:20 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-19 23:20 <DIR> --d----- c:\program files\AVG
2009-06-19 23:20 <DIR> --d----- c:\programdata\avg8
2009-06-19 23:20 <DIR> --d----- c:\progra~2\avg8
2009-06-14 00:53 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-14 00:53 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-14 00:53 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-14 00:53 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-14 00:53 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-11 12:01 <DIR> --d----- c:\program files\common files\INCA Shared
2009-06-11 12:01 5,174 a------- c:\windows\system32\nppt9x.vxd
2009-06-11 12:01 4,682 a------- c:\windows\system32\npptNT2.sys
2009-06-11 11:50 <DIR> --d----- c:\program files\Gpotato
2009-06-09 15:17 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-09 15:17 636,928 a------- c:\windows\system32\localspl.dll
2009-06-09 15:17 1,469,440 a------- c:\windows\system32\inetcpl.cpl
2009-06-09 15:17 915,456 a------- c:\windows\system32\wininet.dll
2009-06-09 15:16 1,638,912 a------- c:\windows\system32\mshtml.tlb
2009-06-09 15:16 71,680 a------- c:\windows\system32\iesetup.dll
2009-06-09 15:16 784,896 a------- c:\windows\system32\rpcrt4.dll

==================== Find3M ====================

2009-06-22 02:00 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-22 02:00 86,016 a------- c:\windows\inf\infstor.dat
2009-06-22 02:00 51,200 a------- c:\windows\inf\infpub.dat
2009-05-17 13:34 174 a--sh--- c:\program files\desktop.ini
2009-05-17 13:31 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-17 13:25 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-17 13:09 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-05-17 13:09 82,432 a------- c:\windows\system32\axaltocm.dll
2009-04-22 07:10 269,312 a------- c:\windows\system32\es.dll
2009-04-20 09:39 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-04-20 09:39 72,704 a------- c:\windows\system32\secur32.dll
2009-04-20 09:39 9,728 a------- c:\windows\system32\lsass.exe
2009-04-20 09:39 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-04-20 09:39 24,064 a------- c:\windows\system32\amxread.dll
2009-04-20 09:39 13,824 a------- c:\windows\system32\apilogen.dll
2009-04-20 09:39 443,392 a------- c:\windows\system32\win32spl.dll
2009-04-20 09:39 37,888 a------- c:\windows\system32\printcom.dll
2009-04-20 09:39 14,848 a------- c:\windows\system32\wshrm.dll
2009-04-20 09:38 268,288 a------- c:\windows\system32\schannel.dll
2009-04-20 07:27 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-04-20 07:27 272,896 a------- c:\windows\system32\polstore.dll
2009-04-20 07:27 61,440 a------- c:\windows\system32\winipsec.dll
2009-04-20 07:27 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-04-20 07:26 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-04-20 07:26 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-04-20 07:26 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-04-20 07:23 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-20 07:22 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-20 07:20 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-20 07:20 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-20 07:19 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-04-20 07:19 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-04-20 07:19 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-04-20 07:19 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-04-20 07:19 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-04-20 07:19 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-04-20 07:19 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-20 07:19 1,695,744 a------- c:\windows\system32\gameux.dll
2009-04-20 07:19 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-20 07:18 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-04-20 07:18 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-04-20 07:18 2,048 a------- c:\windows\system32\msxml3r.dll
2009-04-20 07:16 2,048 a------- c:\windows\system32\tzres.dll
2009-04-20 07:14 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-20 07:14 7,680 a------- c:\windows\system32\spwmp.dll
2009-04-20 07:14 4,096 a------- c:\windows\system32\dxmasf.dll
2009-04-20 07:08 2,927,104 a------- c:\windows\explorer.exe
2009-04-20 07:04 6,585,856 a------- c:\windows\system32\NlsLexicons001b.dll
2009-04-20 07:02 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-20 07:02 988,216 a------- c:\windows\system32\winload.exe
2009-04-20 07:02 927,288 a------- c:\windows\system32\winresume.exe
2009-04-20 07:02 378,368 a------- c:\windows\system32\srcore.dll
2009-04-20 07:02 318,464 a------- c:\windows\system32\rstrui.exe
2009-04-20 07:02 40,960 a------- c:\windows\system32\srclient.dll
2009-04-20 07:02 14,848 a------- c:\windows\system32\srdelayed.exe
2009-04-20 07:02 615,992 a------- c:\windows\system32\ci.dll
2009-04-20 07:02 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-04-20 07:02 19,000 a------- c:\windows\system32\kd1394.dll
2009-04-20 07:00 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-04-20 07:00 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-04-20 07:00 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-04-20 06:52 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-20 06:52 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-20 06:52 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-20 06:52 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-20 06:52 83,968 a------- c:\windows\system32\mscories.dll
2009-04-20 06:47 2,868,736 a------- c:\windows\system32\mf.dll
2009-04-20 06:47 98,816 a------- c:\windows\system32\mfps.dll
2009-04-20 06:47 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-04-20 06:47 24,576 a------- c:\windows\system32\mfpmp.exe
2009-04-20 06:47 2,048 a------- c:\windows\system32\mferror.dll
2009-04-20 06:47 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-04-20 06:47 94,720 a------- c:\windows\system32\logagent.exe
2009-04-20 06:46 738,304 a------- c:\windows\system32\inetcomm.dll
2009-04-20 06:46 84,480 a------- c:\windows\system32\INETRES.dll
2009-04-20 06:46 1,645,568 a------- c:\windows\system32\connect.dll
2009-04-20 06:45 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-19 19:59 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-19 19:59 2,048 a------- c:\windows\system32\msxml6r.dll
2009-04-19 19:40 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-04-19 19:40 83,456 a------- c:\windows\system32\wudriver.dll
2009-04-19 19:39 162,064 a------- c:\windows\system32\wuwebv.dll
2009-04-19 19:39 31,232 a------- c:\windows\system32\wuapp.exe
2009-04-19 15:54 107,026 a------- c:\windows\hpqins13.dat
2009-04-19 15:47 319,456 a------- c:\windows\DIFxAPI.dll
2009-04-19 15:47 315,392 a------- c:\windows\HideWin.exe
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 6:36:24.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:28 AM

Posted 02 July 2009 - 01:14 PM

Hello fallenwinters,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java™ SE Runtime Environment 6 Update 1
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586.exe to install the newest version.
****************

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

****************


We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

Disable Spyware Doctor while running Malwarebytes.

To disable Spyware Doctor from running on your system startup:
1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
2. Click the "Settings" button on the left side.
3. Click the "Startup Settings" link.
4. Uncheck "Run at Windows Startup".
5. Click the "Apply" button.


Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 fallenwinters

fallenwinters
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 02 July 2009 - 07:54 PM

Hello SifuMike,

Thanks for replying to my post. I really appreciated it.

Okay, I followed all your steps until I installed MBAM. It seems that it won't open. After I installed it, nothing happened. Then when I opened it on my desktop, it said, MBAM has stopped working. I'm kinda lost right now how to operate it. Do I need to install it again?

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:28 AM

Posted 02 July 2009 - 08:40 PM

Hi fallenwinters,


You forgot to post the Security Check log.


If MBAM will not install, please rename the installer mbam-setup.exe. Example: newtool.exe
Proceed installing the renamed installer of MBAM.

If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtool.exe, double click newtool.exe to proceed in running a Quick Scan.


Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh DDS log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Edited by SifuMike, 02 July 2009 - 08:42 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 fallenwinters

fallenwinters
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 02 July 2009 - 08:48 PM

Okay, here's the security check log.

Results of screen317's Security Check version 0.98.4
Windows Vista Service Pack 1
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
EPSONStylusCX7400SeriesScannerDriver Update
AVG8.5
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Spyware Doctor 6.0
Java™ 6 Update 14
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Windows Defender MSASCui.exe
Windows Defender MsMpEng.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 43 seconds.
`````````End of Log```````````

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:28 AM

Posted 02 July 2009 - 08:56 PM

Thanks. :thumbup2:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 fallenwinters

fallenwinters
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 02 July 2009 - 08:59 PM

MBAM worked! Thanks! I'm just waiting for the result. :thumbup2:

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:28 AM

Posted 02 July 2009 - 09:02 PM

Hi,

I thought it would. :thumbup2: Post the log when its done.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 fallenwinters

fallenwinters
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 02 July 2009 - 09:33 PM

How long does it normally takes for the MBAM to scan? It's stuck at 4 min and 59 sec for about 20 mins now.

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:28 AM

Posted 02 July 2009 - 09:38 PM

Did you do the Quick Scan or the Full Scan?
Full Scan will scan all the hard drives so it takes much longer (a hour max) Quick Scan should take 10 - 20 minutes max.

I bet Spyware Doctor and Windows Defender is preventing it from running. :thumbup2:

After waiting one half hour, then use Task Manager to Kill the MBAM running process.

Disable Spyware Doctor

To disable Spyware Doctor from running on your system startup:
1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
2. Click the "Settings" button on the left side.
3. Click the "Startup Settings" link.
4. Uncheck "Run at Windows Startup".
5. Click the "Apply" button.


To disable Windows Defender:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender

Now try running MBAM with a Quick Scan.

Edited by SifuMike, 02 July 2009 - 09:47 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 fallenwinters

fallenwinters
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 02 July 2009 - 09:42 PM

I selected the Quick Scan.

I unistalled the Spyware Doctor too.

Edited by fallenwinters, 02 July 2009 - 09:43 PM.


#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:28 AM

Posted 02 July 2009 - 09:50 PM

Your did not need to uninstall it, you could have disabled it. See my previous post.

Did you disable Windows Defender also? See my previous post on how to do that.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 fallenwinters

fallenwinters
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 02 July 2009 - 09:53 PM

Yes I disabled the windows defender too. I uninstalled the Spyware Doctor because I just want to try it.

Oh, and i can't close MBAM with task manager.

Edited by fallenwinters, 02 July 2009 - 09:56 PM.


#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:28 AM

Posted 02 July 2009 - 09:56 PM

Then it should run. If MBAM runs into a problem running, it should make an error code. Let me know if you see that.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 fallenwinters

fallenwinters
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 02 July 2009 - 10:01 PM

There's no error code. It's just stuck. Not responding.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users