I scanned those files you mentioned with
http://www.virustotal.com/xhtml/index_en.html and no viruses were found, couldn't much information about them in their properties or on the internet.
Gmer log:
GMER 1.0.12.12011 -
http://www.gmer.net
Rootkit scan 2007-01-25 17:55:04
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT sptd.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
---- Kernel code sections - GMER 1.0.12 ----
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 60, 8C, EF, B6, E0, EE, EF, ... ]
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 60, 8C, EF, B6, E0, EE, EF, ... ]
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 81B950E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 81B950E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 818520E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 818520E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 818520E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 818520E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 818520E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 818520E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 818520E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 818520E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 818520E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 818520E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 818520E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 818520E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 818520E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 818520E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 818520E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 818520E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 818520E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 818520E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2A2AD24C-77A5-4F1B-A5CC-D9982F5F5460} IRP_MJ_CREATE 8157ACA8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2A2AD24C-77A5-4F1B-A5CC-D9982F5F5460} IRP_MJ_CLOSE 8157ACA8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2A2AD24C-77A5-4F1B-A5CC-D9982F5F5460} IRP_MJ_DEVICE_CONTROL 8157ACA8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2A2AD24C-77A5-4F1B-A5CC-D9982F5F5460} IRP_MJ_INTERNAL_DEVICE_CONTROL 8157ACA8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2A2AD24C-77A5-4F1B-A5CC-D9982F5F5460} IRP_MJ_CLEANUP 8157ACA8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2A2AD24C-77A5-4F1B-A5CC-D9982F5F5460} IRP_MJ_PNP 8157ACA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B6F0A2A0] vsdatant.sys
Device \Driver\00000048 \Device\00000046 IRP_MJ_POWER [F994DEA8] sptd.sys
Device \Driver\00000048 \Device\00000046 IRP_MJ_SYSTEM_CONTROL [F9961A70] sptd.sys
Device \Driver\00000048 \Device\00000046 IRP_MJ_PNP [F995A728] sptd.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B6F0A2A0] vsdatant.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 81BDF878
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 819504D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 819504D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 819504D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 819504D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 819504D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 819504D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 819504D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 819504D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 819504D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 819504D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 819504D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 81BDF878
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 81BDF878
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 81424EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 81424EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 819504D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 819504D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 819504D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 819504D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 819504D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 819504D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 819504D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 819504D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 819504D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 819504D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 819504D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 819504D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 819504D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 819504D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 819504D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 819504D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 819504D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 819504D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 819504D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 819504D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 819504D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 819504D8
Device \Driver\usbstor \Device\00000069 IRP_MJ_CREATE 8167F0E8
Device \Driver\usbstor \Device\00000069 IRP_MJ_CLOSE 8167F0E8
Device \Driver\usbstor \Device\00000069 IRP_MJ_READ 8167F0E8
Device \Driver\usbstor \Device\00000069 IRP_MJ_WRITE 8167F0E8
Device \Driver\usbstor \Device\00000069 IRP_MJ_DEVICE_CONTROL 8167F0E8
Device \Driver\usbstor \Device\00000069 IRP_MJ_INTERNAL_DEVICE_CONTROL 8167F0E8
Device \Driver\usbstor \Device\00000069 IRP_MJ_POWER 8167F0E8
Device \Driver\usbstor \Device\00000069 IRP_MJ_SYSTEM_CONTROL 8167F0E8
Device \Driver\usbstor \Device\00000069 IRP_MJ_PNP 8167F0E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8157ACA8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8157ACA8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8157ACA8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8157ACA8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8157ACA8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8157ACA8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8157ACA8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8157ACA8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8157ACA8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8157ACA8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8157ACA8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 8157ACA8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B6F0A2A0] vsdatant.sys
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 81BDF308
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 81BDF308
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 81BDF308
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 81BDF308
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 81BDF308
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 81BDF308
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81BDF308
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 81BDF308
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 81BDF308
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 81BDF308
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 81BDF308
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B6F0A2A0] vsdatant.sys
Device \Driver\Disk \Device\Harddisk1\DR2 IRP_MJ_CREATE 81BDF308
Device \Driver\Disk \Device\Harddisk1\DR2 IRP_MJ_CLOSE 81BDF308
Device \Driver\Disk \Device\Harddisk1\DR2 IRP_MJ_READ 81BDF308
Device \Driver\Disk \Device\Harddisk1\DR2 IRP_MJ_WRITE 81BDF308
Device \Driver\Disk \Device\Harddisk1\DR2 IRP_MJ_FLUSH_BUFFERS 81BDF308
Device \Driver\Disk \Device\Harddisk1\DR2 IRP_MJ_DEVICE_CONTROL 81BDF308
Device \Driver\Disk \Device\Harddisk1\DR2 IRP_MJ_INTERNAL_DEVICE_CONTROL 81BDF308
Device \Driver\Disk \Device\Harddisk1\DR2 IRP_MJ_SHUTDOWN 81BDF308
Device \Driver\Disk \Device\Harddisk1\DR2 IRP_MJ_POWER 81BDF308
Device \Driver\Disk \Device\Harddisk1\DR2 IRP_MJ_SYSTEM_CONTROL 81BDF308
Device \Driver\Disk \Device\Harddisk1\DR2 IRP_MJ_PNP 81BDF308
Device \Driver\usbstor \Device\0000006b IRP_MJ_CREATE 8167F0E8
Device \Driver\usbstor \Device\0000006b IRP_MJ_CLOSE 8167F0E8
Device \Driver\usbstor \Device\0000006b IRP_MJ_READ 8167F0E8
Device \Driver\usbstor \Device\0000006b IRP_MJ_WRITE 8167F0E8
Device \Driver\usbstor \Device\0000006b IRP_MJ_DEVICE_CONTROL 8167F0E8
Device \Driver\usbstor \Device\0000006b IRP_MJ_INTERNAL_DEVICE_CONTROL 8167F0E8
Device \Driver\usbstor \Device\0000006b IRP_MJ_POWER 8167F0E8
Device \Driver\usbstor \Device\0000006b IRP_MJ_SYSTEM_CONTROL 8167F0E8
Device \Driver\usbstor \Device\0000006b IRP_MJ_PNP 8167F0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 81411EB0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [B6F0A2A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [B6F0A2A0] vsdatant.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 81411EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 81411EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 81897B40
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 81897B40
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 81897B40
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 81897B40
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 81897B40
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 81897B40
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 81897B40
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 81897B40
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 81897B40
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 81897B40
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 81897B40
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 81897B40
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 81897B40
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 81897B40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 81BDF878
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 81BDF878
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 81BDF878
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 81BDF878
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 81BDF878
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 81BDF878
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 81BDF878
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 81BDF878
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 81BDF878
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 81BDF878
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 81BDF878
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 81586200
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 81586200
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 81586200
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 81586200
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 81586200
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 81586200
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 81586200
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 81586200
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 81586200
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 81586200
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 81586200
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 81586200
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 81586200
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CREATE 81982A60
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CLOSE 81982A60
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_DEVICE_CONTROL 81982A60
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81982A60
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_POWER 81982A60
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_SYSTEM_CONTROL 81982A60
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_PNP 81982A60
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 81982A60
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 81982A60
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 81982A60
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81982A60
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 81982A60
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 81982A60
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 81982A60
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 818520E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 818520E8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 818520E8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 818520E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 818520E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 818520E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 818520E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 818520E8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 818520E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 818520E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 818520E8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 818520E8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 818520E8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 818520E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 818520E8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 818520E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 818520E8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 818520E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8187C0E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8187C0E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8187C0E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8187C0E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8187C0E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8187C0E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8187C0E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8187C0E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8187C0E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8187C0E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8187C0E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8187C0E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8187C0E8
---- Files - GMER 1.0.12 ----
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C4252FE0
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DA868A70
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
ADS C:\Documents and Settings\Katrina\Favorites\Panda ActiveScan :favicon
---- EOF - GMER 1.0.12 ----
That one was done without all files shown my system like you were talking about but I assume that's only relevant to find those other files.
StartDreck log:
StartDreck (build 2.1.7 public stable) - 2007-01-25 @ 18:10:21 (GMT +11:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 7.0.5730.11
Logged in as Katrina at SPUNKETTE
»Registry
»Run Keys
»Current User
»Run
*ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
»RunOnce
»Default User
»Run
*CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE
»RunOnce
*SSS7="C:\Program Files\Steganos Security Suite 7\SSS7.exe" -firstboot
»Local Machine
»Run
*vptray=C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
*Zone Labs Client="C:\Program Files\ZoneAlarm\zlclient.exe"
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Files
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+596=\SystemRoot\System32\smss.exe
+664=\??\C:\WINDOWS\system32\csrss.exe
+688=\??\C:\WINDOWS\system32\winlogon.exe
+736=C:\WINDOWS\system32\services.exe
+748=C:\WINDOWS\system32\lsass.exe
+900=C:\WINDOWS\system32\svchost.exe
+976=C:\WINDOWS\system32\svchost.exe
+1072=C:\Program Files\Windows Defender\MsMpEng.exe
+1112=C:\WINDOWS\System32\svchost.exe
+1164=C:\WINDOWS\System32\svchost.exe
+1364=C:\WINDOWS\System32\svchost.exe
+1504=C:\WINDOWS\system32\spoolsv.exe
+1792=C:\WINDOWS\Explorer.EXE
+1992=C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
+204=C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
+272=C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
+280=C:\Program Files\ZoneAlarm\zlclient.exe
+348=C:\Program Files\SpywareGuard\sgmain.exe
+1036=C:\Program Files\SpywareGuard\sgbhp.exe
+1608=C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+1740=C:\WINDOWS\System32\alg.exe
+2192=C:\WINDOWS\system32\wuauclt.exe
+3112=C:\Program Files\PeerGuardian2\pg2.exe
+3300=C:\WINDOWS\system32\ctfmon.exe
+3512=C:\WINDOWS\system32\notepad.exe
+2764=C:\WINDOWS\System32\svchost.exe
+2760=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
+872=C:\Program Files\Virtual Villagers\VirtualVillagers.exe
+660=C:\Program Files\Virtual Villagers\VirtualVillagers.RWG
+3576=C:\Program Files\Virtual Villagers\ReflexiveArcade\RAW_003.wdt
+4092=C:\StartDeck\StartDreck.exe
»Application specific
HijackThis Uninstall:
3ivx D4 4.5.1 (remove only)
4Diskclean Gold
ActorStudio
Ad-Aware SE Professional
Add/Remove 4Good
Add/Remove Plus! 2003
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Advanced System Optimizer (Shareware Release)
Advanced WindowsCare 2.30 Personal
Astral Tournament 1.7
Autoplay Repair 1.0.2
AVG Anti-Spyware 7.5
Beat The Broker
Book Writer
Car Thief 5.1 Demo
Car Thief 6 Demo
CCleaner (remove only)
CounterSpy
Crooked Money 1 Demo
Currency Converter 1.0
DemocracyDemo
D-Fend v2
DOSBox Frontend
DriveImage XML
DVD Identifier
DVD Shrink 3.2
Easy Ebook Creator ©
Easy Uninstaller
eBook Compiler Demo
Ebook Creator 2.0
eBookGuard V3.1
Enable S3 for USB Device
Finders Keepers
FireTune
Flash Designer 4
Genie Backup Manager V4.0
GoldWave v5.18
GTK+ 2.6.8-1 runtime environment
Guns Girls Lawyers Dollars
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
ICQ 5.1
Idea Tracker
Interstellar Law
IObit SmartDefrag Beta 2.01
J2SE Runtime Environment 5.0 Update 9
JD Secure 3.1
Just Banners
Karen's Computer Profiler
Karen's Cookie Viewer
Karen's Hasher
Karen's Registry Ripper
Karen's Version Browser
KC Softwares VideoInspector
KoolMoves Lite 4.3.6
LinkLaunch
LiveUpdate 1.7 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Script Debugger
Microsoft User-Mode Driver Framework Feature Pack 1.0
MiniMinder 7.26
Movie Outline 2.0
Mozilla Firefox (2.0.0.1)
MSXML 4.0 SP2 (KB927978)
Mystery Case Files Huntsville
Name Maker LE 4.0
NameSpire v1.2
NATATA eBook Compiler Free 2.1
Nero 7 Ultra Edition
Newspaper Manager II
NoteStudio 2.0.9
Nvu 1.0
PageFour 1.50
Panda ActiveScan
Paparazzi Free Trial
PC Inspector File Recovery
PeerGuardian 2.0
Personal Knowbase 3.0.4
PracticalScriptwriter
QuadQuest II - SHAREWARE
Quiz-Tac-Toe v1.2
Registry Mechanic 4.0
Rhymesaurus
RoughDraft 2.11
Search and Replace 98
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
simGangster
single-step
Snooker&Pool 1.0
SoftCAT
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SpywareGuard v2.2
Steganos Security Suite 7.1.6
Stellar Phoenix Deleted File Recovery 1.0
Store Manager
SunRav BookOffice
Symantec AntiVirus Client
The Apprentice Free Trial
The GIMP 2.2.10
TheSage
Trend Micro Anti-Spyware
TrojanHunter 4.6
UltimateDefrag
Unistall eBook Blaster
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Useful File Utilities (remove only)
VIA Audio Driver Setup Program
VIA Rhine-Family Fast-Ethernet Adapter
VideoLAN VLC media player 0.8.5
Virtual Villagers
Westward Free Trial
Winamp (remove only)
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
Xara Webstyle 3.0
XviD MPEG-4 Video Codec
XXXTYCOON
yWriter2
ZoneAlarm Pro
HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 7:41:09 PM, on 25/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 2247132000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file:///E:/SuperCD/IntraLaunch.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - C:\Program Files\Common Files\eztools\eztoolslib2.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe