Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

i need help removing spyware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

ok

Unread postby wakeboarder540 » April 19th, 2007, 6:57 pm

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-04-19 16:49:08
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.12 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? srescan.sys The system cannot find the file specified.
.text USBPORT.SYS!DllUnload BA46F62C 5 Bytes JMP 8A5EE1B8
? System32\Drivers\a2kgrb2k.SYS The system cannot find the file specified.
? C:\WINDOWS\System32\DRIVERS\update.sys

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8A70D1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 88A631D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLOSE 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_WRITE 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_INFORMATION 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_SET_INFORMATION 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DIRECTORY_CONTROL 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_LOCK_CONTROL 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLEANUP 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_PNP 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLOSE 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_WRITE 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_INFORMATION 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_SET_INFORMATION 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DIRECTORY_CONTROL 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_LOCK_CONTROL 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLEANUP 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_PNP 889971D8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B5827A80] vsdatant.sys
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 8A6531D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 8A6531D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 8A6531D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A6531D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 8A6531D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 8A6531D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 8A6531D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8A70F1D8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B5827A80] vsdatant.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 8A69F1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8A5EA768
Device \Driver\nvatabus \Device\00000080 IRP_MJ_DEVICE_CONTROL [BA446CBC] AnyDVD.sys
Device \Driver\nvatabus \Device\00000080 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA44775A] AnyDVD.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{11FC8FF4-D4EA-4752-8704-7EABBFEBCA2A} IRP_MJ_CREATE 88BB21D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{11FC8FF4-D4EA-4752-8704-7EABBFEBCA2A} IRP_MJ_CLOSE 88BB21D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{11FC8FF4-D4EA-4752-8704-7EABBFEBCA2A} IRP_MJ_DEVICE_CONTROL 88BB21D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{11FC8FF4-D4EA-4752-8704-7EABBFEBCA2A} IRP_MJ_INTERNAL_DEVICE_CONTROL 88BB21D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{11FC8FF4-D4EA-4752-8704-7EABBFEBCA2A} IRP_MJ_CLEANUP 88BB21D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{11FC8FF4-D4EA-4752-8704-7EABBFEBCA2A} IRP_MJ_PNP 88BB21D8
Device \Driver\nvatabus \Device\00000083 IRP_MJ_DEVICE_CONTROL [BA446CBC] AnyDVD.sys
Device \Driver\nvatabus \Device\00000083 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA44775A] AnyDVD.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 88BB21D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 88BB21D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 88BB21D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 88BB21D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 88BB21D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 88BB21D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 88BB21D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 88BB21D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 88BB21D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 88BB21D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 88BB21D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 88BB21D8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B5827A80] vsdatant.sys
Device \Driver\00000033 \Device\0000005d IRP_MJ_POWER [BA6DFD74] sptd.sys
Device \Driver\00000033 \Device\0000005d IRP_MJ_SYSTEM_CONTROL [BA6F92A2] sptd.sys
Device \Driver\00000033 \Device\0000005d IRP_MJ_PNP [BA6FA228] sptd.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B5827A80] vsdatant.sys
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 8A6531D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 8A6531D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 8A6531D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A6531D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 8A6531D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 8A6531D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 8A6531D8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_DEVICE_CONTROL [BA446CBC] AnyDVD.sys
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA44775A] AnyDVD.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 88BAC1D8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [B5827A80] vsdatant.sys
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_DEVICE_CONTROL [BA446CBC] AnyDVD.sys
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA44775A] AnyDVD.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 88BAC1D8
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_DEVICE_CONTROL [BA446CBC] AnyDVD.sys
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA44775A] AnyDVD.sys
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8A69F1D8
Device \Driver\nvatabus \Device\0000007f IRP_MJ_DEVICE_CONTROL [BA446CBC] AnyDVD.sys
Device \Driver\nvatabus \Device\0000007f IRP_MJ_INTERNAL_DEVICE_CONTROL [BA44775A] AnyDVD.sys
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1 IRP_MJ_CREATE 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1 IRP_MJ_CLOSE 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1 IRP_MJ_DEVICE_CONTROL [BA446CBC] AnyDVD.sys
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA44775A] AnyDVD.sys
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1 IRP_MJ_POWER 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1 IRP_MJ_SYSTEM_CONTROL 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1 IRP_MJ_PNP 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1Port3Path0Target0Lun0 IRP_MJ_CREATE 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1Port3Path0Target0Lun0 IRP_MJ_CLOSE 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL [BA446CBC] AnyDVD.sys
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA44775A] AnyDVD.sys
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1Port3Path0Target0Lun0 IRP_MJ_POWER 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1Port3Path0Target0Lun0 IRP_MJ_PNP 8A4F22A8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 88A631D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 889951D8

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-1220945662-1960408961-839522115-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xD6 0x46 0xA9 0xDA ...
Reg \Registry\USER\S-1-5-21-1220945662-1960408961-839522115-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xC7 0x55 0x0F 0xE3 ...

---- EOF - GMER 1.0.12 ----



--------------------------------------------------------------------------------
-------------------------------------------------------------------------
--------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT
Thursday, April 19, 2007 4:34:36 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/04/2007
Kaspersky Anti-Virus database records: 299444
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 50379
Number of viruses found 5
Number of infected objects 29 / 0
Number of suspicious objects 0
Duration of the scan process 00:23:02

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Dan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Desktop\OphCrack\ophcrack\ophcrack-win32-installer-2.3.3.exe/data0036 Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\Dan\Desktop\OphCrack\ophcrack\ophcrack-win32-installer-2.3.3.exe/data0064 Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
C:\Documents and Settings\Dan\Desktop\OphCrack\ophcrack\ophcrack-win32-installer-2.3.3.exe/data0065 Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
C:\Documents and Settings\Dan\Desktop\OphCrack\ophcrack\ophcrack-win32-installer-2.3.3.exe Inno: infected - 3 skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-04-18.22-15-07.log Object is locked skipped
C:\Program Files\Cain\Abel.exe Infected: not-a-virus:PSWTool.Win32.Cain.284 skipped
C:\Program Files\ophcrack\win32_tools\LsaExt.dll Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
C:\Program Files\ophcrack\win32_tools\pwservice.exe Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
C:\Program Files\ophcrack\win32_tools\samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\pwdump2\pwdump2.exe Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\pwdump2\samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\DANS-T3DDE2KLTB.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\3ti.exe.exe Infected: Packed.Win32.Tibs.r skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\pdp.exe.exe Infected: Packed.Win32.Tibs.r skipped
C:\WINDOWS\system32\v7.exe Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\zup.exe.exe Infected: Packed.Win32.Tibs.r skipped
C:\WINDOWS\Temp\ZLT032b3.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT04ad4.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000008-00000000-00000008-00001102-00000008-10011102}.CDF Object is locked skipped
F:\setup files\C&A\C&A.exe/WISE0025.BIN Infected: not-a-virus:PSWTool.Win32.Cain.284 skipped
F:\setup files\C&A\C&A.exe WiseSFX: infected - 1 skipped
F:\setup files\pwdump2.zip/pwdump2/pwdump2.exe Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
F:\setup files\pwdump2.zip/pwdump2/samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
F:\setup files\pwdump2.zip ZIP: infected - 2 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\utilities\New Folder\ophcrack-livecd-1.1.3.iso/ophcrack/ophcrack-win32-installer-2.3.3.exe/data0036 Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
F:\utilities\New Folder\ophcrack-livecd-1.1.3.iso/ophcrack/ophcrack-win32-installer-2.3.3.exe/data0064 Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
F:\utilities\New Folder\ophcrack-livecd-1.1.3.iso/ophcrack/ophcrack-win32-installer-2.3.3.exe/data0065 Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
F:\utilities\New Folder\ophcrack-livecd-1.1.3.iso/ophcrack/ophcrack-win32-installer-2.3.3.exe Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
F:\utilities\New Folder\ophcrack-livecd-1.1.3.iso ISO image: infected - 4 skipped
F:\utilities\New Folder\pwdump2\pwdump2.exe Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
F:\utilities\New Folder\pwdump2\samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
F:\utilities\VNC\vnc-4_1_2-x86_win32.exe/data0001 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\utilities\VNC\vnc-4_1_2-x86_win32.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\utilities\VNC\vnc-4_1_2-x86_win32.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\utilities\VNC\vnc-4_1_2-x86_win32.exe Inno: infected - 3 skipped
Scan process completed.

--------------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------

µTorrent
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 6.0.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
AI - Series
AnyDVD
AsusUpdate
AVG 7.5
Cain & Abel v3.5
CloneDVD2
Condemned - Criminal Origins
Creative System Information
EAX Unified
EAX4 Unified Redist
FEAR
GeoForms Screensaver by NVIDIA (remove only)
Hamachi 1.0.1.5
HijackThis 1.99.1
Introduction to Help Desk Concepts and Skills
J2SE Runtime Environment 5.0 Update 3
Kaspersky Online Scanner
LimeWire 4.10.9
Microsoft .NET Framework 2.0
Microsoft LifeCam
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.1)
Mozilla Firefox (2.0.0.3)
Need for Speedâ„¢ Carbon
Nero Suite
NTFS4DOS
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
ophcrack 2.3.3
PokerStars.net
PowerDVD
QuickTime
Skype 2.5
SnagIt 8
Soldier of Fortune II - Double Helix MP TEST
Sound Blaster Audigy 2
Steam(TM)
TeamSpeak 2 RC2
Tom Clancy's Rainbow Six 3: Athena Sword 1.10.016
Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
Tom Clancy's Rainbow Six Vegas
Tom Clancy's Splinter Cell Double Agent
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 2
WinISO 5.3
winpcap-nmap 3.1
WinRAR archiver
WinZip
Xbox 360 Controller for Windows
ZoneAlarm
wakeboarder540
Regular Member
 
Posts: 72
Joined: March 12th, 2006, 5:06 am
Advertisement
Register to Remove

Unread postby John B. » April 21st, 2007, 10:04 am

Hi,

Can you please tell me why you use pwdump and ophcrack together with VNC?

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

hey

Unread postby wakeboarder540 » April 21st, 2007, 1:47 pm

I'm assuming that you know what pwdump2 and ophcrack are and what they are used for...

I used pwdump2 and ophcrack when I couldn't remember what my Administrator account password was, and I use VNC to do demonstrations and tutorials with my grandma, I'm teaching her how to use a computer, now usually I teach people in person but she lives in toronto and I'm in BC :( So that's why I had to download VNC


anyways


did you find anything in my post

what were those infected files about in the kaspersky scan?
wakeboarder540
Regular Member
 
Posts: 72
Joined: March 12th, 2006, 5:06 am

Unread postby John B. » April 21st, 2007, 2:06 pm

Hi,

Thanks for the information, just wanted to be sure I'm not helping a hacker ;)

wakeboarder540 wrote:what were those infected files about in the kaspersky scan?

One virus which dropped some files and a lot of 'not-a-virus' files which where pwdump, ophcrack and VNC because they are risktools if not used correctly.

P2P Warning!
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation
Additional information on the safety of Peer to Peer programs themselves is here :
Clean/Infected P2P Programs
Please decide if you want to keep using P2P so I can put it in my next speech if you don't want to keep it.

Step 1: Show your hidden files
To enable the viewing of Hidden files follow these steps:
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon (or click Start, then select My Computer)
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
    Now your computer is configured to show all hidden files.
Step 2: Delete bad files
Use Explorer to navigate to and delete the following files (if present):

C:\WINDOWS\system32\3ti.exe.exe
C:\WINDOWS\system32\pdp.exe.exe
C:\WINDOWS\system32\zup.exe.exe

Now just exit Explorer.

Step 3: Update Adobe Reader
It looks like your version of Adobe Reader is out of date and you're vulnarable for infections.
Please download the newest version here:
http://www.adobe.com/uk/products/reader/

Install it, then go to Add Remove Programs and remove any older versions that may remain.

Step 4: Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java(TM) SE Runtime Environment 6u1.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Step 5: Run ATF Cleaner
Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Step 6: Run Kaspersky Online Scan
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
Step 7: Post logs
  • Kaspersky log
  • Fresh HJT log
  • Tell me if you want to keep using P2P programs
  • Tell me about any problems/questions you've still got

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

ok

Unread postby wakeboarder540 » April 22nd, 2007, 10:43 pm

You mean you didn't want to be helping a cracker, hackers are good, crackers are bad!

I'm not a hacker yet, but some day I hope to be



heres the logs

-------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:35:07 PM, on 22/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\vVX1000.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\System32\svchost.exe
F:\utilities\HJT\Hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.malwareremoval.com/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {6697AFA6-1CD3-462E-AC0A-363EF8BCD102} (SyScan2 Control) - http://www.evga.com/Support/SyScan/SyScan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b47946.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-------------------------------------------------------------------------------
--------------------------------------------------------------------------
---------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT
Sunday, April 22, 2007 1:25:51 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/04/2007
Kaspersky Anti-Virus database records: 300358
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 51003
Number of viruses found 4
Number of infected objects 26 / 0
Number of suspicious objects 0
Duration of the scan process 00:25:42

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\Dan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Desktop\OphCrack\ophcrack\ophcrack-win32-installer-2.3.3.exe/data0036 Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\Dan\Desktop\OphCrack\ophcrack\ophcrack-win32-installer-2.3.3.exe/data0064 Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
C:\Documents and Settings\Dan\Desktop\OphCrack\ophcrack\ophcrack-win32-installer-2.3.3.exe/data0065 Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
C:\Documents and Settings\Dan\Desktop\OphCrack\ophcrack\ophcrack-win32-installer-2.3.3.exe Inno: infected - 3 skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\History\History.IE5\MSHist012007042220070423\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-04-22.00-40-00.log Object is locked skipped
C:\Program Files\Cain\Abel.exe Infected: not-a-virus:PSWTool.Win32.Cain.284 skipped
C:\Program Files\ophcrack\win32_tools\LsaExt.dll Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
C:\Program Files\ophcrack\win32_tools\pwservice.exe Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
C:\Program Files\ophcrack\win32_tools\samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\pwdump2\pwdump2.exe Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\pwdump2\samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\DANS-T3DDE2KLTB.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\v7.exe Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT0241e.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT03424.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000008-00000000-00000008-00001102-00000008-10011102}.CDF Object is locked skipped
F:\setup files\C&A\C&A.exe/WISE0025.BIN Infected: not-a-virus:PSWTool.Win32.Cain.284 skipped
F:\setup files\C&A\C&A.exe WiseSFX: infected - 1 skipped
F:\setup files\pwdump2.zip/pwdump2/pwdump2.exe Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
F:\setup files\pwdump2.zip/pwdump2/samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
F:\setup files\pwdump2.zip ZIP: infected - 2 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\utilities\New Folder\ophcrack-livecd-1.1.3.iso/ophcrack/ophcrack-win32-installer-2.3.3.exe/data0036 Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
F:\utilities\New Folder\ophcrack-livecd-1.1.3.iso/ophcrack/ophcrack-win32-installer-2.3.3.exe/data0064 Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
F:\utilities\New Folder\ophcrack-livecd-1.1.3.iso/ophcrack/ophcrack-win32-installer-2.3.3.exe/data0065 Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
F:\utilities\New Folder\ophcrack-livecd-1.1.3.iso/ophcrack/ophcrack-win32-installer-2.3.3.exe Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
F:\utilities\New Folder\ophcrack-livecd-1.1.3.iso ISO image: infected - 4 skipped
F:\utilities\New Folder\pwdump2\pwdump2.exe Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
F:\utilities\New Folder\pwdump2\samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
F:\utilities\VNC\vnc-4_1_2-x86_win32.exe/data0001 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\utilities\VNC\vnc-4_1_2-x86_win32.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\utilities\VNC\vnc-4_1_2-x86_win32.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\utilities\VNC\vnc-4_1_2-x86_win32.exe Inno: infected - 3 skipped
Scan process completed.
wakeboarder540
Regular Member
 
Posts: 72
Joined: March 12th, 2006, 5:06 am

Unread postby John B. » April 23rd, 2007, 12:52 pm

Hi,

This is my normal post for when you are clear - which you now are - or seem to be.
Please advise of any problems you still have. If you think you're clean please give one more reply so that I can archive this topic.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    Turn off System Restore.
    On the Desktop, right-click My Computer
    Click Properties
    Click the System Restore tab
    Check Turn off System Restore
    Click Apply, and then click OK

    Reboot.

    Turn on System Restore.
    On the Desktop, right-click My Computer
    Click Properties
    Click the System Restore tab
    Uncheck Turn off System Restore
    Click Apply, and then click OK
    NOTE: only do this ONCE, NOT on a regular basis!
  • Re hide your system files. To do so, please follow the steps below:
    • Double-click My Computer.
    • Click the Tools menu, and then click Folder Options.
    • Click the View tab.
    • Put a check by "Hide file extensions for known file types."
    • Under the "Hidden files" folder, select "Do not show hidden files and folders."
    • Check "Hide protected operating system files."
    • Click Apply, and then click OK.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

>> Here << you can see how you can help us.

May your God go with you..

John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

ok thanks

Unread postby wakeboarder540 » April 23rd, 2007, 9:08 pm

Thanks a lot John I apeciate your help very much! :D
wakeboarder540
Regular Member
 
Posts: 72
Joined: March 12th, 2006, 5:06 am

Unread postby NonSuch » April 30th, 2007, 9:13 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27299
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 39 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware