Rootkit scan 2007-04-19 16:49:08
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
---- Kernel code sections - GMER 1.0.12 ----
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? srescan.sys The system cannot find the file specified.
.text USBPORT.SYS!DllUnload BA46F62C 5 Bytes JMP 8A5EE1B8
? System32\Drivers\a2kgrb2k.SYS The system cannot find the file specified.
? C:\WINDOWS\System32\DRIVERS\update.sys
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8A70D1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8A70D1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 88A631D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 88A631D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLOSE 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_WRITE 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_INFORMATION 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_SET_INFORMATION 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DIRECTORY_CONTROL 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_LOCK_CONTROL 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLEANUP 889971D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_PNP 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLOSE 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_WRITE 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_INFORMATION 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_SET_INFORMATION 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DIRECTORY_CONTROL 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_LOCK_CONTROL 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLEANUP 889971D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_PNP 889971D8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B5827A80] vsdatant.sys
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 8A6531D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 8A6531D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 8A6531D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A6531D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 8A6531D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 8A6531D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 8A6531D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8A70F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8A70F1D8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B5827A80] vsdatant.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 8A69F1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8A5EA768
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8A5EA768
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8A5EA768
Device \Driver\nvatabus \Device\00000080 IRP_MJ_DEVICE_CONTROL [BA446CBC] AnyDVD.sys
Device \Driver\nvatabus \Device\00000080 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA44775A] AnyDVD.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{11FC8FF4-D4EA-4752-8704-7EABBFEBCA2A} IRP_MJ_CREATE 88BB21D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{11FC8FF4-D4EA-4752-8704-7EABBFEBCA2A} IRP_MJ_CLOSE 88BB21D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{11FC8FF4-D4EA-4752-8704-7EABBFEBCA2A} IRP_MJ_DEVICE_CONTROL 88BB21D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{11FC8FF4-D4EA-4752-8704-7EABBFEBCA2A} IRP_MJ_INTERNAL_DEVICE_CONTROL 88BB21D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{11FC8FF4-D4EA-4752-8704-7EABBFEBCA2A} IRP_MJ_CLEANUP 88BB21D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{11FC8FF4-D4EA-4752-8704-7EABBFEBCA2A} IRP_MJ_PNP 88BB21D8
Device \Driver\nvatabus \Device\00000083 IRP_MJ_DEVICE_CONTROL [BA446CBC] AnyDVD.sys
Device \Driver\nvatabus \Device\00000083 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA44775A] AnyDVD.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 88BB21D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 88BB21D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 88BB21D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 88BB21D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 88BB21D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 88BB21D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 88BB21D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 88BB21D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 88BB21D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 88BB21D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 88BB21D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 88BB21D8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B5827A80] vsdatant.sys
Device \Driver\00000033 \Device\0000005d IRP_MJ_POWER [BA6DFD74] sptd.sys
Device \Driver\00000033 \Device\0000005d IRP_MJ_SYSTEM_CONTROL [BA6F92A2] sptd.sys
Device \Driver\00000033 \Device\0000005d IRP_MJ_PNP [BA6FA228] sptd.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B5827A80] vsdatant.sys
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 8A6531D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 8A6531D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 8A6531D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A6531D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 8A6531D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 8A6531D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 8A6531D8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_DEVICE_CONTROL [BA446CBC] AnyDVD.sys
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA44775A] AnyDVD.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 88BAC1D8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [B5827A80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [B5827A80] vsdatant.sys
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_DEVICE_CONTROL [BA446CBC] AnyDVD.sys
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA44775A] AnyDVD.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 88BAC1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 88BAC1D8
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_DEVICE_CONTROL [BA446CBC] AnyDVD.sys
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA44775A] AnyDVD.sys
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8A69F1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8A69F1D8
Device \Driver\nvatabus \Device\0000007f IRP_MJ_DEVICE_CONTROL [BA446CBC] AnyDVD.sys
Device \Driver\nvatabus \Device\0000007f IRP_MJ_INTERNAL_DEVICE_CONTROL [BA44775A] AnyDVD.sys
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1 IRP_MJ_CREATE 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1 IRP_MJ_CLOSE 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1 IRP_MJ_DEVICE_CONTROL [BA446CBC] AnyDVD.sys
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA44775A] AnyDVD.sys
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1 IRP_MJ_POWER 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1 IRP_MJ_SYSTEM_CONTROL 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1 IRP_MJ_PNP 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1Port3Path0Target0Lun0 IRP_MJ_CREATE 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1Port3Path0Target0Lun0 IRP_MJ_CLOSE 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL [BA446CBC] AnyDVD.sys
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA44775A] AnyDVD.sys
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1Port3Path0Target0Lun0 IRP_MJ_POWER 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8A4F22A8
Device \Driver\a2kgrb2k \Device\Scsi\a2kgrb2k1Port3Path0Target0Lun0 IRP_MJ_PNP 8A4F22A8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 88A631D8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 88A631D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 889951D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 889951D8
---- Registry - GMER 1.0.12 ----
Reg \Registry\USER\S-1-5-21-1220945662-1960408961-839522115-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xD6 0x46 0xA9 0xDA ...
Reg \Registry\USER\S-1-5-21-1220945662-1960408961-839522115-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xC7 0x55 0x0F 0xE3 ...
---- EOF - GMER 1.0.12 ----
--------------------------------------------------------------------------------
-------------------------------------------------------------------------
--------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, April 19, 2007 4:34:36 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/04/2007
Kaspersky Anti-Virus database records: 299444
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 50379
Number of viruses found 5
Number of infected objects 29 / 0
Number of suspicious objects 0
Duration of the scan process 00:23:02
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Dan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Desktop\OphCrack\ophcrack\ophcrack-win32-installer-2.3.3.exe/data0036 Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\Dan\Desktop\OphCrack\ophcrack\ophcrack-win32-installer-2.3.3.exe/data0064 Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
C:\Documents and Settings\Dan\Desktop\OphCrack\ophcrack\ophcrack-win32-installer-2.3.3.exe/data0065 Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
C:\Documents and Settings\Dan\Desktop\OphCrack\ophcrack\ophcrack-win32-installer-2.3.3.exe Inno: infected - 3 skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-04-18.22-15-07.log Object is locked skipped
C:\Program Files\Cain\Abel.exe Infected: not-a-virus:PSWTool.Win32.Cain.284 skipped
C:\Program Files\ophcrack\win32_tools\LsaExt.dll Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
C:\Program Files\ophcrack\win32_tools\pwservice.exe Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
C:\Program Files\ophcrack\win32_tools\samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\pwdump2\pwdump2.exe Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\pwdump2\samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\DANS-T3DDE2KLTB.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\3ti.exe.exe Infected: Packed.Win32.Tibs.r skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\pdp.exe.exe Infected: Packed.Win32.Tibs.r skipped
C:\WINDOWS\system32\v7.exe Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\zup.exe.exe Infected: Packed.Win32.Tibs.r skipped
C:\WINDOWS\Temp\ZLT032b3.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT04ad4.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000008-00000000-00000008-00001102-00000008-10011102}.CDF Object is locked skipped
F:\setup files\C&A\C&A.exe/WISE0025.BIN Infected: not-a-virus:PSWTool.Win32.Cain.284 skipped
F:\setup files\C&A\C&A.exe WiseSFX: infected - 1 skipped
F:\setup files\pwdump2.zip/pwdump2/pwdump2.exe Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
F:\setup files\pwdump2.zip/pwdump2/samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
F:\setup files\pwdump2.zip ZIP: infected - 2 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\utilities\New Folder\ophcrack-livecd-1.1.3.iso/ophcrack/ophcrack-win32-installer-2.3.3.exe/data0036 Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
F:\utilities\New Folder\ophcrack-livecd-1.1.3.iso/ophcrack/ophcrack-win32-installer-2.3.3.exe/data0064 Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
F:\utilities\New Folder\ophcrack-livecd-1.1.3.iso/ophcrack/ophcrack-win32-installer-2.3.3.exe/data0065 Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
F:\utilities\New Folder\ophcrack-livecd-1.1.3.iso/ophcrack/ophcrack-win32-installer-2.3.3.exe Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped
F:\utilities\New Folder\ophcrack-livecd-1.1.3.iso ISO image: infected - 4 skipped
F:\utilities\New Folder\pwdump2\pwdump2.exe Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
F:\utilities\New Folder\pwdump2\samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
F:\utilities\VNC\vnc-4_1_2-x86_win32.exe/data0001 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\utilities\VNC\vnc-4_1_2-x86_win32.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\utilities\VNC\vnc-4_1_2-x86_win32.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\utilities\VNC\vnc-4_1_2-x86_win32.exe Inno: infected - 3 skipped
Scan process completed.
--------------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------
µTorrent
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 6.0.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
AI - Series
AnyDVD
AsusUpdate
AVG 7.5
Cain & Abel v3.5
CloneDVD2
Condemned - Criminal Origins
Creative System Information
EAX Unified
EAX4 Unified Redist
FEAR
GeoForms Screensaver by NVIDIA (remove only)
Hamachi 1.0.1.5
HijackThis 1.99.1
Introduction to Help Desk Concepts and Skills
J2SE Runtime Environment 5.0 Update 3
Kaspersky Online Scanner
LimeWire 4.10.9
Microsoft .NET Framework 2.0
Microsoft LifeCam
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.1)
Mozilla Firefox (2.0.0.3)
Need for Speedâ„¢ Carbon
Nero Suite
NTFS4DOS
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
ophcrack 2.3.3
PokerStars.net
PowerDVD
QuickTime
Skype 2.5
SnagIt 8
Soldier of Fortune II - Double Helix MP TEST
Sound Blaster Audigy 2
Steam(TM)
TeamSpeak 2 RC2
Tom Clancy's Rainbow Six 3: Athena Sword 1.10.016
Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
Tom Clancy's Rainbow Six Vegas
Tom Clancy's Splinter Cell Double Agent
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 2
WinISO 5.3
winpcap-nmap 3.1
WinRAR archiver
WinZip
Xbox 360 Controller for Windows
ZoneAlarm