here are the 3 logs in this order 1st from superantispyware 2nd malware and 3rd highjack this:
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 06/29/2008 at 07:04 PM
Application Version : 4.15.1000
Core Rules Database Version : 3469
Trace Rules Database Version: 1460
Scan type : Complete Scan
Total Scan Time : 00:39:28
Memory items scanned : 184
Memory threats detected : 0
Registry items scanned : 4429
Registry threats detected : 0
File items scanned : 21705
File threats detected : 14
Rootkit.RunTime3/WinCtrl32
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5114BC6D-2B34-4E28-91B8-D6A61C5DAFF5}\RP106\A0104404.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5114BC6D-2B34-4E28-91B8-D6A61C5DAFF5}\RP90\A0099332.SYS
Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5114BC6D-2B34-4E28-91B8-D6A61C5DAFF5}\RP106\A0104405.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5114BC6D-2B34-4E28-91B8-D6A61C5DAFF5}\RP87\A0098254.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5114BC6D-2B34-4E28-91B8-D6A61C5DAFF5}\RP87\A0099258.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5114BC6D-2B34-4E28-91B8-D6A61C5DAFF5}\RP87\A0099272.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5114BC6D-2B34-4E28-91B8-D6A61C5DAFF5}\RP90\A0099314.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5114BC6D-2B34-4E28-91B8-D6A61C5DAFF5}\RP90\A0099345.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5114BC6D-2B34-4E28-91B8-D6A61C5DAFF5}\RP90\A0099377.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5114BC6D-2B34-4E28-91B8-D6A61C5DAFF5}\RP90\A0099390.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5114BC6D-2B34-4E28-91B8-D6A61C5DAFF5}\RP92\A0099415.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5114BC6D-2B34-4E28-91B8-D6A61C5DAFF5}\RP92\A0100431.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5114BC6D-2B34-4E28-91B8-D6A61C5DAFF5}\RP92\A0100444.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5114BC6D-2B34-4E28-91B8-D6A61C5DAFF5}\RP93\A0100474.SYS
2nd
Malwarebytes' Anti-Malware 1.18
Database version: 885
8:02:16 PM 6/29/2008
mbam-log-6-29-2008 (20-02-14).txt
Scan type: Full Scan (C:\|E:\|)
Objects scanned: 78255
Time elapsed: 44 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{5114BC6D-2B34-4E28-91B8-D6A61C5DAFF5}\RP106\A0104414.sys (Backdoor.Rustock) -> No action taken.
3rd
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:26, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {402b6f8f-75e3-4e28-ba63-126f48f66480} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
O2 - BHO: (no name) - {9030d464-4c02-4abf-8ecc-5164760863c6} - (no file)
O2 - BHO: (no name) - {f9112a18-3d55-4e21-8e5d-f589bd167154} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [liveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [MSIWU_1] "C:\PROGRA~1\MSI\LIVEUP~1\MSIWUPro.exe" -DEL:[C:\PROGRAM FILES\SETUP FILES\MS-6728 V3.A0\CACHE\MS-6728V3.A0.EXE]
O4 - HKLM\..\RunOnce: [MSIWU_0] "C:\PROGRA~1\MSI\LIVEUP~1\MSIWUPro.exe" -DEL:[C:\PROGRAM FILES\SETUP FILES\MS-6728 V3.A0\CACHE\MS-6728V3.A0.EXE]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O15 - Trusted Zone:
http://asia.msi.com.twO15 - Trusted Zone:
http://global.msi.com.twO15 - Trusted Zone:
http://www.msi.com.twO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191246115781O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191246203109O16 - DPF: {8167c273-df59-4416-b647-c8bb2c7ee83e} (WebSDev Control) -
http://liveupdate.msi.com.tw/autobios/LOnline/install.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: coruscantsimpleactivitylogger - C:\WINDOWS\SYSTEM32\SimpleActivityLogger.dll
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O23 - Service: Ares Chatroom server (areschatserver) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cryptographic Services CryptSvcRasMan (CryptSvcRasMan) - Unknown owner - C:\WINDOWS\system32\acctresp.exe
O23 - Service: Intel(R) License Manager for FLEXlm (intel(r) license manager for flexlm) - Macrovision Corporation - C:\Program Files\Common Files\Intel\FLEXlm\lmgrd.intel.exe
O23 - Service: Distributed Transaction Coordinator MSDTCLmHosts (msdtclmhosts) - Unknown owner - C:\WINDOWS\system32\advapi32m.exe (file missing)
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Telnet TlntSvrTermService (tlntsvrtermservice) - Unknown owner - C:\WINDOWS\system32\actxprxy(4)f.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Management Instrumentation winmgmtAppMgmt (winmgmtappmgmt) - Unknown owner - C:\WINDOWS\system32\actxprxy(4)y.exe (file missing)
--
End of file - 8628 bytes