Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cant run GMER rootkit test


  • Please log in to reply

#1
captainkill

captainkill

    Member

  • Member
  • PipPip
  • 19 posts
Hi I noticed my computer was a little slower so I did some virus tests and found some and they were removed. I was doing the GMER rootkit test and it never finishes. In the middle of it, the screen goes blue and an error appears that says Driver_IRQL_NOT_LESS_or_Equal. I was wondering if I had any rootkit problems or any other viruses still present.

Here's the Malwarebytes log:

Malwarebytes' Anti-Malware 1.44
Database version: 3574
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2/12/2010 1:33:53 AM
mbam-log-2010-02-12 (01-33-53).txt

Scan type: Quick Scan
Objects scanned: 150802
Time elapsed: 9 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here's the OTL log:

OTL logfile created on: 2/12/2010 2:22:57 AM - Run 2
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Steven\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.70 Gb Total Space | 7.06 Gb Free Space | 6.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVEN-D6FEFAC2
Current User Name: Steven
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/03 11:07:25 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/03 11:07:19 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/03 11:07:19 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/03 11:07:15 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/03 11:07:10 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/03 11:07:09 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/03 11:07:05 | 000,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/02/02 02:19:15 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven\My Documents\OTL.exe
PRC - [2010/01/24 13:47:53 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/18 23:45:07 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/15 21:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/08/24 19:22:36 | 001,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/06/03 13:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/13 14:40:08 | 006,345,840 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/04/21 17:26:52 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/04/21 17:26:50 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2008/10/25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/08/26 15:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/03/16 18:10:46 | 001,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2007/03/16 18:10:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2007/03/16 18:10:42 | 001,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2007/02/20 11:29:08 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/10/11 21:37:24 | 000,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/09/22 10:47:54 | 000,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/09/11 04:40:30 | 000,992,176 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2005/11/07 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/02/09 15:56:12 | 000,098,304 | ---- | M] (6XGate Incorporated) -- C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
PRC - [2004/08/04 04:00:00 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\freecell.exe
PRC - [2004/07/27 15:50:42 | 000,221,184 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe


========== Modules (SafeList) ==========

MOD - [2010/02/02 02:19:15 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven\My Documents\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/03 11:07:15 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/28 01:27:15 | 002,431,024 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3647.dll -- (Akamai)
SRV - [2010/01/18 23:45:07 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/03 10:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/24 19:22:36 | 001,205,760 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/04/21 17:26:52 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/12/16 19:38:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/08/26 15:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2007/10/11 09:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/04/23 10:43:54 | 000,310,008 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/04/23 10:43:54 | 000,166,648 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/04/23 10:43:46 | 001,010,424 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/04/22 20:29:34 | 000,088,824 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/04/22 20:29:32 | 000,359,160 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/03/16 18:10:46 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/11 21:37:24 | 000,430,080 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..keyword.URL: "http://bing.zugotool...s&site=Bing&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/07 14:00:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/02 00:03:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/27 17:57:15 | 000,000,000 | ---D | M]

[2008/12/02 01:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Extensions
[2010/02/11 22:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\0yc99hdj.default\extensions
[2010/02/02 00:17:23 | 000,000,000 | ---D | M] (Bing Toolbar) -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\0yc99hdj.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2010/01/15 13:30:38 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\0yc99hdj.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/09/10 10:25:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\0yc99hdj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/02/10 12:19:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/02 00:16:20 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{8d2292ad-c153-55e1-a33f-153e99dbe10d}(2)
[2008/06/30 13:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll

O1 HOSTS File: ([2010/01/04 18:19:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe (6XGate Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b72b4619-cd67-11dd-a050-0019b97fe94d}\Shell - "" = AutoRun
O33 - MountPoints2\{b72b4619-cd67-11dd-a050-0019b97fe94d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b72b4619-cd67-11dd-a050-0019b97fe94d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{caafd30a-b43d-11de-a16e-0019b97fe94d}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/12/16 15:33:23 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/09 02:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/02/09 02:36:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Steven\Recent
[2010/02/04 22:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steven\My Documents\Microbio
[2010/02/02 09:57:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/02/02 02:19:13 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steven\My Documents\OTL.exe
[2010/02/01 21:47:13 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/01 21:47:00 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/01 21:46:58 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/01 21:46:58 | 000,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/02/01 21:46:51 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/01 21:46:50 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/01 21:46:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/02/01 21:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/02/01 21:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2008/11/08 20:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/10/21 00:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/09/22 14:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/09/22 00:29:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/08/25 09:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/07/15 19:52:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2 C:\Documents and Settings\Steven\My Documents\*.tmp files -> C:\Documents and Settings\Steven\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/12 02:14:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/12 02:14:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/12 01:42:29 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Steven\NTUSER.DAT
[2010/02/12 01:09:56 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/12 00:33:42 | 000,565,751 | ---- | M] () -- C:\Documents and Settings\Steven\My Documents\03 Lab2.pdf
[2010/02/11 23:04:09 | 000,015,441 | ---- | M] () -- C:\Documents and Settings\Steven\My Documents\The.Office.S06E15.HDTV.XviD-LOL.avi.5356064.TPB.torrent
[2010/02/11 22:15:04 | 055,470,414 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/11 11:27:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/10 21:50:28 | 003,669,555 | ---- | M] () -- C:\Documents and Settings\Steven\My Documents\Vo0002.pdf
[2010/02/10 05:13:42 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Steven\My Documents\Microbio1.doc
[2010/02/10 04:57:30 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Steven\My Documents\Microbio.doc
[2010/02/10 04:26:41 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Steven\My Documents\~$crobio1.doc
[2010/02/10 03:08:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/10 00:39:24 | 001,299,968 | ---- | M] () -- C:\Documents and Settings\Steven\My Documents\Replication.ppt
[2010/02/09 02:56:53 | 000,229,888 | ---- | M] () -- C:\Documents and Settings\Steven\My Documents\FolderSize-2.4.msi
[2010/02/09 00:28:14 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Steven\My Documents\~$am 1 Compilation of Q&A.docx
[2010/02/08 21:39:38 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Steven\My Documents\Vietnamese cultures.doc
[2010/02/08 20:23:32 | 001,880,377 | ---- | M] () -- C:\Documents and Settings\Steven\My Documents\7 Dang, Thuy Vo 2005 Politics.pdf
[2010/02/08 14:27:09 | 000,034,190 | ---- | M] () -- C:\Documents and Settings\Steven\My Documents\Exam 1 Compilation of Q&A.docx
[2010/02/04 22:07:53 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Steven\My Documents\lab report 1.doc
[2010/02/03 23:13:01 | 001,454,094 | ---- | M] () -- C:\Documents and Settings\Steven\My Documents\6 Aguilar-San Juan Karin 2003 Place.pdf
[2010/02/03 11:07:23 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/03 11:07:19 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/03 11:07:19 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/03 11:07:07 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/02/02 22:26:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Steven\My Documents\~$crobio.doc
[2010/02/02 02:19:15 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven\My Documents\OTL.exe
[2010/02/02 00:07:37 | 007,411,934 | -H-- | M] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\IconCache.db
[2010/02/01 21:49:10 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/01 21:47:00 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 9.0.lnk
[2010/02/01 21:46:51 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/01 21:46:50 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/01 21:46:41 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/01 21:46:41 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/01 21:44:52 | 002,390,672 | ---- | M] () -- C:\Documents and Settings\Steven\My Documents\5 Dubois, Thomas 1993 Representation.pdf
[2010/02/01 13:23:24 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Steven\My Documents\Asian American Activism.doc
[2010/01/31 16:20:02 | 000,023,482 | ---- | M] () -- C:\Documents and Settings\Steven\My Documents\Peter_Pan_1953_Platinum_Edition_-_dublat_romana.4722800.TPB.torrent
[2010/01/31 15:58:57 | 000,000,038 | ---- | M] () -- C:\WINDOWS\osAviSplitter.INI
[2010/01/29 18:57:24 | 001,435,384 | ---- | M] () -- C:\Documents and Settings\Steven\My Documents\Erika Lee, The Chinese are Coming ..pdf
[2 C:\Documents and Settings\Steven\My Documents\*.tmp files -> C:\Documents and Settings\Steven\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/12 00:33:29 | 000,565,751 | ---- | C] () -- C:\Documents and Settings\Steven\My Documents\03 Lab2.pdf
[2010/02/11 23:04:08 | 000,015,441 | ---- | C] () -- C:\Documents and Settings\Steven\My Documents\The.Office.S06E15.HDTV.XviD-LOL.avi.5356064.TPB.torrent
[2010/02/10 21:49:55 | 003,669,555 | ---- | C] () -- C:\Documents and Settings\Steven\My Documents\Vo0002.pdf
[2010/02/10 04:26:41 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Steven\My Documents\~$crobio1.doc
[2010/02/10 04:26:40 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Steven\My Documents\Microbio1.doc
[2010/02/10 03:01:43 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 23:04:11 | 001,299,968 | ---- | C] () -- C:\Documents and Settings\Steven\My Documents\Replication.ppt
[2010/02/09 02:56:53 | 000,229,888 | ---- | C] () -- C:\Documents and Settings\Steven\My Documents\FolderSize-2.4.msi
[2010/02/09 00:28:14 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Steven\My Documents\~$am 1 Compilation of Q&A.docx
[2010/02/08 20:23:22 | 001,880,377 | ---- | C] () -- C:\Documents and Settings\Steven\My Documents\7 Dang, Thuy Vo 2005 Politics.pdf
[2010/02/08 14:27:05 | 000,034,190 | ---- | C] () -- C:\Documents and Settings\Steven\My Documents\Exam 1 Compilation of Q&A.docx
[2010/02/04 20:56:33 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Steven\My Documents\lab report 1.doc
[2010/02/03 23:13:01 | 001,454,094 | ---- | C] () -- C:\Documents and Settings\Steven\My Documents\6 Aguilar-San Juan Karin 2003 Place.pdf
[2010/02/02 22:26:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Steven\My Documents\~$crobio.doc
[2010/02/02 22:26:26 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Steven\My Documents\Microbio.doc
[2010/02/01 21:47:00 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 9.0.lnk
[2010/02/01 21:46:50 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/01 21:46:41 | 055,470,414 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/01 21:46:41 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/01 21:46:41 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/01 21:46:41 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/01 21:44:09 | 002,390,672 | ---- | C] () -- C:\Documents and Settings\Steven\My Documents\5 Dubois, Thomas 1993 Representation.pdf
[2010/01/31 16:20:01 | 000,023,482 | ---- | C] () -- C:\Documents and Settings\Steven\My Documents\Peter_Pan_1953_Platinum_Edition_-_dublat_romana.4722800.TPB.torrent
[2010/01/29 18:57:15 | 001,435,384 | ---- | C] () -- C:\Documents and Settings\Steven\My Documents\Erika Lee, The Chinese are Coming ..pdf
[2010/01/26 20:35:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\osAviSplitter.INI
[2010/01/20 20:20:31 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/01/20 20:20:30 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/12 13:42:30 | 000,000,369 | -HS- | C] () -- C:\Documents and Settings\Steven\Application Data\pacman_v1.01.exe
[2009/12/11 23:15:56 | 000,000,369 | -HS- | C] () -- C:\Documents and Settings\Steven\Application Data\MSLiveUpdate.exe
[2009/11/18 15:41:18 | 000,488,448 | ---- | C] () -- C:\WINDOWS\System32\apdfprintmon.dll
[2009/09/05 21:13:01 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/09/05 21:10:38 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX8400.ini
[2009/08/19 17:30:51 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\fusioncache.dat
[2009/01/02 20:43:10 | 000,000,206 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/02 19:15:51 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Steven\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/02 01:42:36 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/12/02 01:23:51 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/02 01:23:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/02 01:09:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/12/02 01:09:15 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/12/02 00:54:20 | 000,026,176 | ---- | C] () -- C:\WINDOWS\PHLASHNT.SYS
[2008/12/02 00:54:20 | 000,000,357 | ---- | C] () -- C:\WINDOWS\PHLASH.INI
[2005/11/28 18:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/03 18:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== LOP Check ==========

[2009/11/18 15:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\A-PDF
[2010/02/01 21:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/01/06 20:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
[2009/11/09 02:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
[2009/09/06 10:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
[2008/12/02 00:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC-Doctor
[2008/12/02 00:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PCDr
[2008/12/02 00:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SupportSoft
[2010/01/02 18:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2008/12/02 01:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
[2008/12/03 13:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/11/09 21:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
[2009/11/09 21:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2009/11/09 21:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[2010/01/28 01:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Aim
[2008/12/06 01:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Blackberry Desktop
[2009/10/08 22:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\DAEMON Tools Lite
[2009/02/01 23:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Leadertech
[2009/10/25 14:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Publish Providers
[2008/12/06 01:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Research In Motion
[2008/12/04 23:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\SanDisk
[2009/12/11 23:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Sony
[2010/02/12 00:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\uTorrent
[2009/04/25 11:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/23 14:44:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/12/23 14:44:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/23 14:44:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/12/23 14:44:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/04 04:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/10/18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\dell\nvraid\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/03/16 18:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2005/11/17 12:58:16 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\WINDOWS\dell\symmpi\symmpi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/01/06 20:31:26 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2009/12/16 09:01:16 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/13 00:58:47 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2009/12/16 09:01:16 | 042,467,328 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/12/16 09:01:16 | 005,767,168 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
< End of report >
  • 0

Advertisements


#2
captainkill

captainkill

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
http://www.geekstogo...st-t268492.html

I wasn't able to run the GMER rootkit test, it always gave me a blue screen and never finished. I had removed some viruses the day before so my computer might still be infected, I just want to make sure. I have Windows XP.

Date of post: 2-12-10
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP