Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

think my computer is infected with a bot


  • Please log in to reply

#1
dillpickle2

dillpickle2

    New Member

  • Member
  • Pip
  • 2 posts
Hi, really appreciate the help. I'm on a university campus network and the system administrator has been complaining that they've detected some kind of bot infection on my machines, this is what they included in their email:

All times are -0000 (UTC)

IP Address Timestamp
----------------------------------------
128.12.155.6 2009-03-13.01:38:25-0000 SrcPort:TCP/17835 MalwareType:Torpig
128.12.190.51 2009-03-12.11:42:12-0000 SrcPort:TCP/1624 MalwareType:Torpig
128.12.52.106 2009-03-13.01:26:38-0000 SrcPort:TCP/38028 MalwareType:Torpig

So I'm not absolutely sure I have malware, but I have noticed a slowdown in my computer and I can't put it in standby. I have sophos antivirus and it doesn't detect anything when I do a full scan. the log does give me this, though:

20090314 061727 Scanning "C:\Documents and Settings\Andy\Local Settings\Temp\etilqs_qXyePs2wpewj9Hw" returned SAV Interface error 0xa0040210: The file could not be accessed.
20090314 061727 Scanning "C:\Documents and Settings\Andy\Local Settings\Temp\etilqs_ZYzegXkxF9ecSnZ" returned SAV Interface error 0xa0040210: The file could not be accessed.
20090314 062154 Scanning "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll" returned SAV Interface error 0xa0040210: The file could not be accessed.
20090314 063627 Scanning "C:\WINDOWS\system32\drivers\sptd.sys" returned SAV Interface error 0xa0040210: The file could not be accessed.
20090314 063703 Scanning "C:\WINDOWS\Temp\hsperfdata_SYSTEM\1492" returned SAV Interface error 0xa0040210: The file could not be accessed.


I followed the steps in the malware cleaning guide. ran atf cleaner. windows update. and malware bytes.

**************************Malware Bytes Log:**************************

Malwarebytes' Anti-Malware 1.34
Database version: 1848
Windows 5.1.2600 Service Pack 3

3/14/2009 2:08:45 AM
mbam-log-2009-03-14 (02-08-45).txt

Scan type: Quick Scan
Objects scanned: 66079
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



*******************************Here is my rooter log:****************************

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:49999 Mo/Free:2325 Mo)
D:\ [Fixed] - NTFS - (Total:426930 Mo/Free:761 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sat 03/14/2009| 2:09

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\WINDOWS\system32\cisvc.exe
---------- C:\WINDOWS\system32\CTsvcCDA.exe
---------- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\system32\PnkBstrA.exe
---------- C:\WINDOWS\system32\PnkBstrB.exe
---------- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
---------- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
---------- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
---------- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
---------- C:\Program Files\ASUS\Ai Gear\GearHelp.exe
---------- C:\Program Files\ASUS\Ai Nap\AiNap.exe
---------- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
---------- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
---------- C:\WINDOWS\system32\RUNDLL32.EXE
---------- C:\WINDOWS\system32\CTHELPER.EXE
---------- C:\WINDOWS\system32\CTXFIHLP.EXE
---------- C:\WINDOWS\system32\taskswitch.exe
---------- C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
---------- D:\Program Files\iTunes\iTunesHelper.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
---------- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
---------- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
---------- C:\Program Files\OpenOffice.org 3\program\soffice.exe
---------- C:\Program Files\OpenOffice.org 3\program\soffice.bin
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\system32\cidaemon.exe
---------- C:\WINDOWS\system32\cidaemon.exe
---------- C:\WINDOWS\notepad.exe
---------- C:\WINDOWS\system32\notepad.exe
---------- C:\WINDOWS\system32\NOTEPAD.EXE
---------- C:\Documents and Settings\Andy\My Documents\Downloads\Rooter.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sat 03/14/2009| 1:13
2 - "C:\Rooter$\Rooter_2.txt" - Sat 03/14/2009| 1:14
3 - "C:\Rooter$\Rooter_3.txt" - Sat 03/14/2009| 2:10

----------------------\\ Scan completed at 2:10




****************************Here is my OTLstIt2 Log*************************************

OTListIt logfile created on: 3/14/2009 2:12:15 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.3.6 Folder = C:\Documents and Settings\Andy\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.17% Memory free
3.85 Gb Paging File | 3.44 Gb Available in Paging File | 89.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 14.27 Gb Free Space | 29.23% Space Free | Partition Type: NTFS
Drive D: | 416.92 Gb Total Space | 264.74 Gb Free Space | 63.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDY-DESKTOP
Current User Name: Andy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: Off

========== Processes (SafeList) ==========

PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\WINDOWS\system32\PnkBstrB.exe ()
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
PRC - C:\Program Files\ASUS\Ai Gear\GearHelp.exe ()
PRC - C:\Program Files\ASUS\Ai Nap\AiNap.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CTXFIHLP.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\taskswitch.exe ()
PRC - C:\WINDOWS\SYSTEM32\CTXFISPI.EXE (Creative Technology Ltd)
PRC - D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Andy\My Documents\Downloads\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\system32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (CTAudSvcService [Auto | Running]) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (gusvc [Auto | Running]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (matlabserver [Auto | Stopped]) -- D:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe ()
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (PnkBstrB [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrB.exe ()
SRV - (SandraDataSrv [On_Demand | Stopped]) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe (SiSoftware)
SRV - (SandraTheSrv [On_Demand | Stopped]) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe (SiSoftware)
SRV - (SAVAdminService [Unknown | Running]) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (SAVService [Unknown | Running]) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (Sophos AutoUpdate Service [Auto | Running]) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ADIDTSFiltService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\adidts.sys (Analog Devices, Inc.)
DRV - (ADIHdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (AEAudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\AEAudio.sys (Andrea Electronics Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (AsIO [System | Running]) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (COMMONFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL [On_Demand | Running]) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (ctac32k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (CTAUDFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (ctdvda2k [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPSY.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEXFIFX.DLL [On_Demand | Running]) -- C:\WINDOWS\system32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL [On_Demand | Running]) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (CTSBLFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ENTECH [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys (EnTech Taiwan)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ha20x2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (HDAudBus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ASACPI.sys ()
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PnkBstrK [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTLWUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (SAVOnAccessControl [System | Running]) -- C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys (Sophos Plc)
DRV - (SAVOnAccessFilter [System | Running]) -- C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys (Sophos Plc)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SI3132 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SI3132.sys (Silicon Image, Inc)
DRV - (SiFilter [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc)
DRV - (SiRemFil [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc)
DRV - (SjyPkt [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SjyPkt.sys (Windows ® 2000 DDK provider)
DRV - (SophosBootDriver [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys (Sophos Plc)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[9 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/03/14 01:03:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\logs
[2009/03/14 01:00:15 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/14 00:57:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Malwarebytes
[2009/03/14 00:57:22 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/14 00:57:22 | 00,000,562 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/14 00:57:20 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/14 00:57:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/14 00:56:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/14 00:56:09 | 00,000,511 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\NTREGOPT.lnk
[2009/03/14 00:56:09 | 00,000,498 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\ERUNT.lnk
[2009/03/14 00:23:37 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\HijackThis.lnk
[2009/03/14 00:09:05 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Andy\Desktop\ATF-Cleaner.exe
[2009/03/13 23:03:52 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/03/13 22:13:22 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/03/13 21:50:55 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/13 21:50:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/04 01:18:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\NV9483836.TMP
[2009/02/26 03:45:26 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/02/25 12:16:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/02/19 01:46:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

========== Files - Modified Within 30 Days ==========

[177 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/03/14 01:09:23 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/14 01:08:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/14 01:08:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/14 01:07:55 | 00,055,300 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2009/03/14 01:07:55 | 00,055,300 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2009/03/14 01:07:55 | 00,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2009/03/14 00:57:22 | 00,000,562 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/14 00:56:09 | 00,000,511 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\NTREGOPT.lnk
[2009/03/14 00:56:09 | 00,000,498 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\ERUNT.lnk
[2009/03/14 00:23:37 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\HijackThis.lnk
[2009/03/14 00:09:05 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Andy\Desktop\ATF-Cleaner.exe
[2009/03/13 23:04:07 | 00,000,912 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/03/13 22:13:37 | 00,000,640 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/13 21:50:55 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/13 21:16:02 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1677128483-682003330-1003.job
[2009/03/13 16:51:22 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/11 01:09:25 | 01,473,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 00:00:30 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/08 13:09:52 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 13:09:52 | 00,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 13:09:52 | 00,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/06 03:20:12 | 00,000,285 | ---- | M] () -- C:\WINDOWS\matlab.ini
[2009/03/04 12:08:19 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/03/02 23:34:54 | 00,143,360 | ---- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/02 05:32:56 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/02/26 03:45:07 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/25 12:27:24 | 00,000,439 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Andy\My Documents\Thumbs.db:encryptable
< End of report >
  • 0

Advertisements


#2
dillpickle2

dillpickle2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I installed kaspersky antivirus and it removed a trojan. I believe the problem is solved. Thanks anyway.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP