Possible Rustock Infection (scan logs inside)

So about a month ago now my ISP contacted me saying that my computer had been infected with a Rustock trojan, rootkit thing and that my computer was kicking out spam at an alarming rate. Having installed Wireshark I noticed that this was, indeed, the case.

A fully updated version of ESET's NOD32 scanner appears to have stopped absolutely nothing and no scans I've attempted with other scanners have turned up with anything.

I've noticed that my computer only kicks out spam in drips and drops unless I am running a bittorrent client (i've tried several) in which case it starts transmitting like crazy (even with no actual torrents running in the client).

Hopefully this helps. You guys are pretty much my last resort...

 

More logs.

 

So here's some more info. I don't use Outlook or any other email client with any of my computers. I always use Firefox and Hotmail for all my email, so to my knowledge no emails are stored locally.

The infection has spread to a secondary laptop aswell (Wireshark has picked up spam on that machine too). I've noticed that on both my desktop HDD and my external HDD there's a hidden folder called "System Volume Information" in the root directory (probably supposed to be there, i'm not sure) which cannot be edited, deleted or opened. Upon attempting to do so, I get an error message that reads C:\System Volume Information is not accesible. Access is denied. The laptop appears to have no such folder.

However, after attempting to do a Low Level Format on my External HDD (using this http://hddguru.com/content/en/software/2006.04.12-HDD-Low-Level-Format-Tool/) I got a notification in my taskbar telling me there were errors in the System Volume Information directory on the drive (supposedly after it had just had a zero-fill format).

Would any further scans or Wireshark logs help? I'm hoping that a solution exists that doesn't involve me simply wiping all my HDDs and starting over.

 

System Restore has been turned off (annoying how Combofix turns it on everytime it runs) but I still don't have access to my System Volume Information folder.

Having turned System Restore off, i ran all the scanners in the Malware Removal Guide. Here are the logs.


Would it be at all helpful if I scanned the laptop and posted logs from that aswell?

 

More logs.

 

The computer itself appears to be running fine, however my isp (TPG Australia) is under the distinct impression that it's sending out spam emails on a daily basis. They say that it's a Rustock Trojan but seeing as they're extremely unhelpful and nobody's actually been able to identify the problem I'm taking their word on it.

I was told to run Wireshark (not by my isp) to see what was going on with my network traffic and after getting it to show only traffic going through port 25 and ICMP (filter string looks like this: tcp.port eq 25 or icmp) I see just over half a dozen packets being sent a day. However, if I attempt to use any bittorrent client (utorrent, Vuze etc.) the floodgates open and I get several pages of results in only a few minutes.


C:\WINDOWS\system32\-1 has been deleted and System Restore is off but still no luck. Wireshark is still going nuts.

Would Wireshark logs (hopefully) explaining this network traffic help in diagnosing the problem?