All times are -0000 (UTC)
IP Address Timestamp
----------------------------------------
128.12.155.6 2009-03-13.01:38:25-0000 SrcPort:TCP/17835 MalwareType:Torpig
128.12.190.51 2009-03-12.11:42:12-0000 SrcPort:TCP/1624 MalwareType:Torpig
128.12.52.106 2009-03-13.01:26:38-0000 SrcPort:TCP/38028 MalwareType:Torpig
So I'm not absolutely sure I have malware, but I have noticed a slowdown in my computer and I can't put it in standby. I have sophos antivirus and it doesn't detect anything when I do a full scan. the log does give me this, though:
20090314 061727 Scanning "C:\Documents and Settings\Andy\Local Settings\Temp\etilqs_qXyePs2wpewj9Hw" returned SAV Interface error 0xa0040210: The file could not be accessed.
20090314 061727 Scanning "C:\Documents and Settings\Andy\Local Settings\Temp\etilqs_ZYzegXkxF9ecSnZ" returned SAV Interface error 0xa0040210: The file could not be accessed.
20090314 062154 Scanning "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll" returned SAV Interface error 0xa0040210: The file could not be accessed.
20090314 063627 Scanning "C:\WINDOWS\system32\drivers\sptd.sys" returned SAV Interface error 0xa0040210: The file could not be accessed.
20090314 063703 Scanning "C:\WINDOWS\Temp\hsperfdata_SYSTEM\1492" returned SAV Interface error 0xa0040210: The file could not be accessed.
I followed the steps in the malware cleaning guide. ran atf cleaner. windows update. and malware bytes.
**************************Malware Bytes Log:**************************
Malwarebytes' Anti-Malware 1.34
Database version: 1848
Windows 5.1.2600 Service Pack 3
3/14/2009 2:08:45 AM
mbam-log-2009-03-14 (02-08-45).txt
Scan type: Quick Scan
Objects scanned: 66079
Time elapsed: 3 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
*******************************Here is my rooter log:****************************
Microsoft Windows XP Professional (5.1.2600) Service Pack 3
C:\ [Fixed] - NTFS - (Total:49999 Mo/Free:2325 Mo)
D:\ [Fixed] - NTFS - (Total:426930 Mo/Free:761 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Sat 03/14/2009| 2:09
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\WINDOWS\system32\cisvc.exe
---------- C:\WINDOWS\system32\CTsvcCDA.exe
---------- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\system32\PnkBstrA.exe
---------- C:\WINDOWS\system32\PnkBstrB.exe
---------- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
---------- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
---------- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
---------- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
---------- C:\Program Files\ASUS\Ai Gear\GearHelp.exe
---------- C:\Program Files\ASUS\Ai Nap\AiNap.exe
---------- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
---------- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
---------- C:\WINDOWS\system32\RUNDLL32.EXE
---------- C:\WINDOWS\system32\CTHELPER.EXE
---------- C:\WINDOWS\system32\CTXFIHLP.EXE
---------- C:\WINDOWS\system32\taskswitch.exe
---------- C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
---------- D:\Program Files\iTunes\iTunesHelper.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
---------- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
---------- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
---------- C:\Program Files\OpenOffice.org 3\program\soffice.exe
---------- C:\Program Files\OpenOffice.org 3\program\soffice.bin
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\system32\cidaemon.exe
---------- C:\WINDOWS\system32\cidaemon.exe
---------- C:\WINDOWS\notepad.exe
---------- C:\WINDOWS\system32\notepad.exe
---------- C:\WINDOWS\system32\NOTEPAD.EXE
---------- C:\Documents and Settings\Andy\My Documents\Downloads\Rooter.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - Sat 03/14/2009| 1:13
2 - "C:\Rooter$\Rooter_2.txt" - Sat 03/14/2009| 1:14
3 - "C:\Rooter$\Rooter_3.txt" - Sat 03/14/2009| 2:10
----------------------\\ Scan completed at 2:10
****************************Here is my OTLstIt2 Log*************************************
OTListIt logfile created on: 3/14/2009 2:12:15 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.3.6 Folder = C:\Documents and Settings\Andy\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.17% Memory free
3.85 Gb Paging File | 3.44 Gb Available in Paging File | 89.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 14.27 Gb Free Space | 29.23% Space Free | Partition Type: NTFS
Drive D: | 416.92 Gb Total Space | 264.74 Gb Free Space | 63.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ANDY-DESKTOP
Current User Name: Andy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: Off
========== Processes (SafeList) ==========
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\WINDOWS\system32\PnkBstrB.exe ()
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
PRC - C:\Program Files\ASUS\Ai Gear\GearHelp.exe ()
PRC - C:\Program Files\ASUS\Ai Nap\AiNap.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CTXFIHLP.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\taskswitch.exe ()
PRC - C:\WINDOWS\SYSTEM32\CTXFISPI.EXE (Creative Technology Ltd)
PRC - D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Andy\My Documents\Downloads\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\system32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (CTAudSvcService [Auto | Running]) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (gusvc [Auto | Running]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (matlabserver [Auto | Stopped]) -- D:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe ()
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (PnkBstrB [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrB.exe ()
SRV - (SandraDataSrv [On_Demand | Stopped]) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe (SiSoftware)
SRV - (SandraTheSrv [On_Demand | Stopped]) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe (SiSoftware)
SRV - (SAVAdminService [Unknown | Running]) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (SAVService [Unknown | Running]) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (Sophos AutoUpdate Service [Auto | Running]) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (ADIDTSFiltService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\adidts.sys (Analog Devices, Inc.)
DRV - (ADIHdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (AEAudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\AEAudio.sys (Andrea Electronics Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (AsIO [System | Running]) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (COMMONFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL [On_Demand | Running]) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (ctac32k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (CTAUDFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (ctdvda2k [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPSY.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEXFIFX.DLL [On_Demand | Running]) -- C:\WINDOWS\system32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL [On_Demand | Running]) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (CTSBLFX.DLL [On_Demand | Stopped]) -- C:\WINDOWS\system32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ENTECH [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys (EnTech Taiwan)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ha20x2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (HDAudBus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ASACPI.sys ()
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PnkBstrK [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTLWUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (SAVOnAccessControl [System | Running]) -- C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys (Sophos Plc)
DRV - (SAVOnAccessFilter [System | Running]) -- C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys (Sophos Plc)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SI3132 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SI3132.sys (Silicon Image, Inc)
DRV - (SiFilter [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc)
DRV - (SiRemFil [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc)
DRV - (SjyPkt [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SjyPkt.sys (Windows ® 2000 DDK provider)
DRV - (SophosBootDriver [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys (Sophos Plc)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
========== Files/Folders - Created Within 30 Days ==========
[9 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/03/14 01:03:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\logs
[2009/03/14 01:00:15 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/14 00:57:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Malwarebytes
[2009/03/14 00:57:22 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/14 00:57:22 | 00,000,562 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/14 00:57:20 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/14 00:57:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/14 00:56:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/14 00:56:09 | 00,000,511 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\NTREGOPT.lnk
[2009/03/14 00:56:09 | 00,000,498 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\ERUNT.lnk
[2009/03/14 00:23:37 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\HijackThis.lnk
[2009/03/14 00:09:05 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Andy\Desktop\ATF-Cleaner.exe
[2009/03/13 23:03:52 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/03/13 22:13:22 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/03/13 21:50:55 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/13 21:50:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/04 01:18:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\NV9483836.TMP
[2009/02/26 03:45:26 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/02/25 12:16:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/02/19 01:46:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
========== Files - Modified Within 30 Days ==========
[177 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/03/14 01:09:23 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/14 01:08:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/14 01:08:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/14 01:07:55 | 00,055,300 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2009/03/14 01:07:55 | 00,055,300 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2009/03/14 01:07:55 | 00,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2009/03/14 00:57:22 | 00,000,562 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/14 00:56:09 | 00,000,511 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\NTREGOPT.lnk
[2009/03/14 00:56:09 | 00,000,498 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\ERUNT.lnk
[2009/03/14 00:23:37 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\HijackThis.lnk
[2009/03/14 00:09:05 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Andy\Desktop\ATF-Cleaner.exe
[2009/03/13 23:04:07 | 00,000,912 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/03/13 22:13:37 | 00,000,640 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/13 21:50:55 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/13 21:16:02 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1677128483-682003330-1003.job
[2009/03/13 16:51:22 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/11 01:09:25 | 01,473,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 00:00:30 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/08 13:09:52 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 13:09:52 | 00,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 13:09:52 | 00,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/06 03:20:12 | 00,000,285 | ---- | M] () -- C:\WINDOWS\matlab.ini
[2009/03/04 12:08:19 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/03/02 23:34:54 | 00,143,360 | ---- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/02 05:32:56 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/02/26 03:45:07 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/25 12:27:24 | 00,000,439 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
========== Alternate Data Streams ==========
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Andy\My Documents\Thumbs.db:encryptable
< End of report >