Solved: Unable to run Msconfig, Task Manager and Creates Photos.exe, support.exe, etc.

FlourishDNA · 27-May-2012, 05:02 AM #1

Hi,

Description of the issue:
I am unable to run Msconfig and Task Manager. Whenever I insert my brand new US drive it automatically creates Photos.exe, support.exe, songs.exe, sources.exe, upgrade.exe and Documents.exe directry in the USB drive. I cant even install Antivirus or go to Safe Mode. Whenever I try to go to Safe Mode my laptop automatically reboots.

My Laptop Details:
OS: Windows XP Tablet PC Edition 2005 (SP 2).
System: Toshiba Portege

HijackThis Report
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:39:08 PM, on 1/3/2000
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Toshiba\TapButton\TapButt.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\windows\SYSTEMIL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SVCHOST32.EXE
C:\WINDOWS\system32\XP-1718E4C3.EXE
C:\WINDOWS\songs.exe
C:\windows\SYSTEMIL.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SYSTEMIL2.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\System Center Operations Manager 2007\HealthService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\IT Connection Manager\SRUserService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = itgproxy.redmond.corp.microsoft.com:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
O4 - HKLM\..\Run: [TapButt] C:\Program Files\Toshiba\TapButton\TapButt.exe
O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [Sensiva] "C:\Symbol Commander\Sensiva.exe"
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SystemIL] c:\windows\SYSTEMIL.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MyApp] C:\WINDOWS\system32\SVCHOST32.EXE
O4 - HKLM\..\Run: [XP-1718E4C3] C:\WINDOWS\system32\XP-1718E4C3.EXE
O4 - HKLM\..\Run: [System File] C:\WINDOWS\songs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SystemIL] c:\windows\SYSTEMIL.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-1718E4C3.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: SYSTEMIL2.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://msw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147211606575
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fareast.corp.microsoft.com
O17 - HKLM\Software\..\Telephony: DomainName = fareast.corp.microsoft.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fareast.corp.microsoft.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

--
End of file - 9689 bytes

Thanks

FlourishDNA · 30-May-2012, 10:17 AM #2

anyone around? My laptop is unusable for last 3 days. I cant do any work without it. I have been waiting for more then 3 days. I am sorry but I had to reply.

mambass · 30-May-2012, 11:03 AM #3

Hi FlourishDNA,

Welcome to the Tech Support Guy's Virus & Other Malware Removal forum.

My nickname is mambass and I'll be helping you with any malware problems.

Before we begin...please read and follow these important guidelines so things will proceed smoothly.

The instructions being given are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
Please read all instructions carefully before executing them and perform the steps in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed but rather post back with the question or problem.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured that any links I give are safe.
You must have Administrator rights permissions for this computer.
DO NOT run any other fix or removal tools unless instructed to do so!
DO NOT install any other software or hardware during the cleaning process. This adds more items to be researched.
Only post your problem at one (1) help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread. Do not start another thread.
The absence of symptoms does not imply the absence of malware. Please, continue responding, until I give you the "All Clean".
You might want to place a link to this thread in your Favorites/Bookmarks for easy access.
The logs I request can take a while to research, so please be patient.

Quote:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

How to back up or transfer your data on a Windows-based computer

-----------------------------------------------------------

Please read the post entitled Everyone MUST read this BEFORE posting for help in this forum. You performed Step 1 of the instructions. Please perform the remaining instruction steps beginning at Step 2.

Note also the statement concerning Corporate/Company owned computers. I notice that you are running program C:\WINDOWS\system32\CCM\CcmExec.exe which is a component of the SMS product which is usually only used in a business environment. Please let me know if this computer is used in a business network.

Finally, the log indicates that you are running XP SP2 (Service Pack 2). Is there a reason that you haven't upgraded to XP SP3 which was released 4 years ago?

Thanks,

mambass

FlourishDNA · 30-May-2012, 11:15 AM #4

Hi mambass,

Thanks a lot for the reply. This laptop was given to me by my uncle who works for Microsoft and he use to use it for his business purpose. It looks like he has installed bunch of Business software which I dont need them any more. I didnt upgrade the software because I was not using it, but my brother was using it to watch movies and do some school assignments. The system got infected when he inserted his friends pen driver. Now I want to upgrade the OS but the virus is not allowing me to do so.

Thanks

mambass · 30-May-2012, 11:27 AM #5

Hi FlourishDNA,

It's important that you DO NOT upgrade to SP3 until after I tell you that we have removed all malware from your computer. At that point it will be essential that you upgrade to SP3.

I look forward to seeing your DDS and GMER logs.

mambass

FlourishDNA · 06:35 PM

Hi mambass,

Sorry for the delay. It took ages for me to scan GMER Log. Here are the log details.

::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GMER :::::::::::::::::::::::::::::::::::::::::::::::::::::::::

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2000-01-07 01:50:06
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 rev.
Running: 3u01rgkv.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwliipob.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9FCD340, 0x1066EF, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D6300, 0x234BE0, 0xF8000020]
? C:\WINDOWS\system32\drivers\npgil.sys The system cannot find the file specified. !
? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwliipob.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ino_flpy.sys (CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/XP/2003/Vista/Computer Associates)
AttachedDevice \FileSystem\Fastfat \Fat ino_flpy.sys (CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/XP/2003/Vista/Computer Associates)
---- Processes - GMER 1.0.15 ----

Library C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\krnln.fnr (*** hidden *** ) @ C:\WINDOWS\system32\XP-1718E4C3.EXE [1400] 0x10000000
Library C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\com.run (*** hidden *** ) @ C:\WINDOWS\system32\XP-1718E4C3.EXE [1400] 0x00B80000
Library C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\dp1.fne (*** hidden *** ) @ C:\WINDOWS\system32\XP-1718E4C3.EXE [1400] 0x016B0000
Library C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\shell.fne (*** hidden *** ) @ C:\WINDOWS\system32\XP-1718E4C3.EXE [1400] 0x017E0000
Library C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\eAPI.fne (*** hidden *** ) @ C:\WINDOWS\system32\XP-1718E4C3.EXE [1400] 0x01910000
Library C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\internet.fne (*** hidden *** ) @ C:\WINDOWS\system32\XP-1718E4C3.EXE [1400] 0x029E0000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\tlntsvr.exe (*** hidden *** ) [DISABLED] TlntSvr <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg@Description Registry Server
Reg HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths
Reg HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths @Machine System\CurrentControlSet\Control\ProductOptions?System\CurrentControlSet\Co ntrol\Print\Printers?System\CurrentControlSet\Control\Server Applications?System\CurrentControlSet\Services\Eventlog?Software\Microsoft\ OLAP Server?Software\Microsoft\Windows NT\CurrentVersion?System\CurrentControlSet\Control\ContentIndex?System\Curr entControlSet\Control\Terminal Server?System\CurrentControlSet\Control\Terminal Server\UserConfig?System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration?
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000250
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000250 @04180fd5a30c 0x9A 0x8E 0x3F 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@DisplayNameFile %SystemRoot%\System32\els.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@DisplayNameID 257
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@File %SystemRoot%\System32\config\SecEvent.Evt
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@MaxSize 30736384
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@PrimaryModule Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@Retention 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@Sources Spooler?ServiceModel 3.0.0.0?Security Account Manager?SC Manager?NetDDE Object?LSA?DS?Security?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@RestrictGuestAcces s 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS@ParameterMessag eFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames@Dir ectory Service Object 7680
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA@ParameterMessa geFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@Po licyObject 5632
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@Se cretObject 5648
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@Tr ustedDomainObject 5664
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@Us erAccountObject 5680
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames@DDE Share 7424
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames@SC_MANAGER Object 7168
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@CategoryC ount 9
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@CategoryM essageFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@GuidMessa geFile %SystemRoot%\System32\NtMarta.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@EventMess ageFile %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\xpsp2res.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@Parameter MessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@TypesSupp orted 28
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@Channel 5120
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@Desktop 6672
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@Device 4352
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@Directory 4368
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@Event 4384
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@EventPair 4400
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@File 4416
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@IoCompletion 4864
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@Job 5136
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@Key 4432
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@MailSlot 4416
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@Mutant 4448
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@NamedPipe 4416
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@Port 4464
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@Process 4480
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@Profile 4496
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@Section 4512
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@Semaphore 4528
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@SymbolicLink 4544
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@Thread 4560
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@Timer 4576
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@Token 4592
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@Type 4608
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@WaitablePort 4464
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNam es@WindowStation 6656
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_ALIAS 5424
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_DOMAIN 5392
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_GROUP 5408
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_SERVER 5376
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_USER 5440
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@TypesSupported 31
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryCount 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@ParameterMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventSourceFlags 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler@ParameterM essageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectName s
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectName s@Document 6944
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectName s@Printer 6928
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectName s@Server 6912
Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@Type 16
Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@Start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@ImagePath C:\WINDOWS\system32\tlntsvr.exe
Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@DisplayName Telnet
Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@DependOnService RPCSS?TCPIP?NTLMSSP?
Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@DependOnGroup
Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@Description Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Library C:\WINDOWS\system32\wbem\wmiaprpl.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Open WmiOpenPerfData
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Collect WmiCollectPerfData
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Close WmiClosePerfData
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 8042
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 8043
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 8018
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 8019
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 8018 8024 8036
Reg HKLM\SYSTEM\ControlSet003\Control\SecurePipeServers\winreg@Description Registry Server
Reg HKLM\SYSTEM\ControlSet003\Control\SecurePipeServers\winreg\AllowedPaths (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Control\SecurePipeServers\winreg\AllowedPaths@Mac hine System\CurrentControlSet\Control\ProductOptions?System\CurrentControlSet\Co ntrol\Print\Printers?System\CurrentControlSet\Control\Server Applications?System\CurrentControlSet\Services\Eventlog?Software\Microsoft\ OLAP Server?Software\Microsoft\Windows NT\CurrentVersion?System\CurrentControlSet\Control\ContentIndex?System\Curr entControlSet\Control\Terminal Server?System\CurrentControlSet\Control\Terminal Server\UserConfig?System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration?
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f81000250 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f81000250@041 80fd5a30c 0x9A 0x8E 0x3F 0xA6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@DisplayNameFile %SystemRoot%\System32\els.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@DisplayNameID 257
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@File %SystemRoot%\System32\config\SecEvent.Evt
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@MaxSize 30736384
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@PrimaryModule Security
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@Retention 0
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@Sources Spooler?ServiceModel 3.0.0.0?Security Account Manager?SC Manager?NetDDE Object?LSA?DS?Security?
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@RestrictGuestAccess 1
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS@ParameterMessageFil e %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS\ObjectNames@Directo ry Service Object 7680
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA@ParameterMessageFi le %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@Policy Object 5632
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@Secret Object 5648
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@Truste dDomainObject 5664
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@UserAc countObject 5680
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\NetDDE Object (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\NetDDE Object@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\NetDDE Object\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\NetDDE Object\ObjectNames@DDE Share 7424
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager\ObjectNames@SC_MANAGER Object 7168
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@CategoryCount 9
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@CategoryMessa geFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@GuidMessageFi le %SystemRoot%\System32\NtMarta.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@EventMessageF ile %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\xpsp2res.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@ParameterMess ageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@TypesSupporte d 28
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@C hannel 5120
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@D esktop 6672
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@D evice 4352
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@D irectory 4368
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@E vent 4384
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@E ventPair 4400
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@F ile 4416
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@I oCompletion 4864
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@J ob 5136
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@K ey 4432
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@M ailSlot 4416
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@M utant 4448
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@N amedPipe 4416
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@P ort 4464
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@P rocess 4480
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@P rofile 4496
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@S ection 4512
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@S emaphore 4528
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@S ymbolicLink 4544
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@T hread 4560
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@T imer 4576
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@T oken 4592
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@T ype 4608
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@W aitablePort 4464
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@W indowStation 6656
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_ALIAS 5424
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_DOMAIN 5392
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_GROUP 5408
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_SERVER 5376
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_USER 5440
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@TypesSupported 31
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryCount 3
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@ParameterMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventSourceFlags 1
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler@ParameterMessa geFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames@Do cument 6944
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames@Pr inter 6928
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames@Se rver 6912
Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@Type 16
Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@Start 4
Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@ImagePath C:\WINDOWS\system32\tlntsvr.exe
Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@DisplayName Telnet
Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@DependOnService RPCSS?TCPIP?NTLMSSP?
Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@DependOnGroup
Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@Description Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr\Security (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@Library C:\WINDOWS\system32\wbem\wmiaprpl.dll
Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@Open WmiOpenPerfData
Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@Collect WmiCollectPerfData
Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@Close WmiClosePerfData
Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@Last Counter 7390
Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@Last Help 7391
Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@First Counter 7366
Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@First Help 7367
Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@Object List 7366 7372 7384
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@Options 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@Version 7536755
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@DSPath LDAP://CN=User,CN={774A3570-8052-439C-9D05-89CA8071C483},CN=POLICIES,CN=SYSTEM,DC=REDMOND,DC=CORP,DC=MICROSOFT,DC=COM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@FileSysPath \\redmond.corp.microsoft.com\SysVol\redmond.corp.microsoft.com\Policies\{77 4A3570-8052-439C-9D05-89CA8071C483}\User
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@DisplayName WW-FolderRedirection-CBSS
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@Extensions [{25537BA6-77A8-11D2-9B6C-0000F8080861}{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}]
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@Link LDAP://DC=redmond,DC=corp,DC=microsoft,DC=com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@GPOName {774A3570-8052-439C-9D05-89CA8071C483}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@GPOLink 3
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@lParam 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@Options 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@Version 786444
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@DSPath LDAP://CN=User,CN={9B24F3C4-0581-446B-92DF-6B4F3DBA65AA},CN=POLICIES,CN=SYSTEM,DC=REDMOND,DC=CORP,DC=MICROSOFT,DC=COM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@FileSysPath \\redmond.corp.microsoft.com\SysVol\redmond.corp.microsoft.com\Policies\{9B 24F3C4-0581-446B-92DF-6B4F3DBA65AA}\User
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@DisplayName EU-TrustedApplicationSigning - CSIT
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@Extensions [{C6DC5466-785A-11D2-84D0-00C04FB169F7}{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}]
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@Link LDAP://DC=redmond,DC=corp,DC=microsoft,DC=com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@GPOName {9B24F3C4-0581-446B-92DF-6B4F3DBA65AA}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@GPOLink 3
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@lParam 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@Options 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@Version 333190108
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@DSPath LDAP://CN=User,CN={C52B5368-2A6F-11D3-BB3C-00805FC792AD},CN=POLICIES,CN=SYSTEM,DC=REDMOND,DC=CORP,DC=MICROSOFT,DC=COM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@FileSysPath \\redmond.corp.microsoft.com\SysVol\redmond.corp.microsoft.com\Policies\{C5 2B5368-2A6F-11D3-BB3C-00805FC792AD}\User
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@DisplayName WW-RedmondAppPublish-ArpSupp
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@Extensions [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{C6DC5466-785A-11D2-84D0-00C04FB169F7}{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}]
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@Link LDAP://DC=redmond,DC=corp,DC=microsoft,DC=com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@GPOName {C52B5368-2A6F-11D3-BB3C-00805FC792AD}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@GPOLink 3
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@lParam 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@Options 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@Version 786444
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@DSPath LDAP://CN=User,CN={9B24F3C4-0581-446B-92DF-6B4F3DBA65AA},CN=POLICIES,CN=SYSTEM,DC=REDMOND,DC=CORP,DC=MICROSOFT,DC=COM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@FileSysPath \\redmond.corp.microsoft.com\SysVol\redmond.corp.microsoft.com\Policies\{9B 24F3C4-0581-446B-92DF-6B4F3DBA65AA}\User
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@DisplayName EU-TrustedApplicationSigning - CSIT
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@Extensions [{C6DC5466-785A-11D2-84D0-00C04FB169F7}{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}]
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@Link LDAP://DC=redmond,DC=corp,DC=microsoft,DC=com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@GPOName {9B24F3C4-0581-446B-92DF-6B4F3DBA65AA}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@GPOLink 3
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@lParam 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@Options 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@Version 301011441
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@DSPath LDAP://CN=User,CN={C52B5368-2A6F-11D3-BB3C-00805FC792AD},CN=POLICIES,CN=SYSTEM,DC=REDMOND,DC=CORP,DC=MICROSOFT,DC=COM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@FileSysPath \\redmond.corp.microsoft.com\SysVol\redmond.corp.microsoft.com\Policies\{C5 2B5368-2A6F-11D3-BB3C-00805FC792AD}\User
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@DisplayName WW-RedmondAppPublish-ArpSupp
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@Extensions [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{C6DC5466-785A-11D2-84D0-00C04FB169F7}{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}]
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@Link LDAP://DC=redmond,DC=corp,DC=microsoft,DC=com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@GPOName {C52B5368-2A6F-11D3-BB3C-00805FC792AD}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@GPOLink 3
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@lParam 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Shutdown
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0@GPO-ID CN={6539F1D3-7704-4FC7-BBD7-43155D5F6153},CN=POLICIES,CN=SYSTEM,DC=FAREAST,DC=CORP,DC=MICROSOFT,DC=COM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0@SOM-ID DC=fareast,DC=corp,DC=microsoft,DC=com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0@FileSysPath \\fareast.corp.microsoft.com\SysVol\fareast.corp.microsoft.com\Policies\{65 39F1D3-7704-4FC7-BBD7-43155D5F6153}\Machine
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0@DisplayName WW-VistaAuditPolicy-IdM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0@GPOName {6539F1D3-7704-4FC7-BBD7-43155D5F6153}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0\0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0\0@Script \\fareast.corp.microsoft.com\NETLOGON\AuditPolicy.cmd
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0\0@Parameters
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0\0@ExecTime 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1@GPO-ID CN={3BFB239E-3F7F-477C-B870-D6EB8801C65E},CN=POLICIES,CN=SYSTEM,DC=FAREAST,DC=CORP,DC=MICROSOFT,DC=COM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1@SOM-ID DC=fareast,DC=corp,DC=microsoft,DC=com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1@FileSysPath \\fareast.corp.microsoft.com\SysVol\fareast.corp.microsoft.com\Policies\{3B FB239E-3F7F-477C-B870-D6EB8801C65E}\Machine
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1@DisplayName WW-SMSDeployment-IdM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1@GPOName {3BFB239E-3F7F-477C-B870-D6EB8801C65E}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1\0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1\0@Script \\fareast.corp.microsoft.com\netlogon\sms\smsls.bat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1\0@Parameters
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1\0@ExecTime 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2@GPO-ID CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=POLICIES,CN=SYSTEM,DC=FAREAST,DC=CORP,DC=MICROSOFT,DC=COM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2@SOM-ID DC=fareast,DC=corp,DC=microsoft,DC=com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2@FileSysPath \\fareast.corp.microsoft.com\sysvol\fareast.corp.microsoft.com\Policies\{31 B2F340-016D-11D2-945F-00C04FB984F9}\Machine
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2@DisplayName WW-Default Account Policy-IdM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2@GPOName {31B2F340-016D-11D2-945F-00C04FB984F9}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2\0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2\0@Script killbrow.vbs
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2\0@Parameters
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2\0@ExecTime 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logoff
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0@GPO-ID CN={87FD9CA5-0937-4258-A39E-24EAAD3117AA},CN=POLICIES,CN=SYSTEM,DC=REDMOND,DC=CORP,DC=MICROSOFT,DC=COM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0@SOM-ID DC=redmond,DC=corp,DC=microsoft,DC=com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0@FileSysPath \\redmond.corp.microsoft.com\SysVol\redmond.corp.microsoft.com\Policies\{87 FD9CA5-0937-4258-A39E-24EAAD3117AA}\User
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0@DisplayName WW-VistaSelfHostEnroll-IdM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0@GPOName {87FD9CA5-0937-4258-A39E-24EAAD3117AA}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0\0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0\0@Script script_wrapper.cmd
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0\0@Parameters idwrac.vbs
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0\0@ExecTime 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1@GPO-ID CN={7638BB4B-99A9-457C-9341-7D07C0C52399},CN=POLICIES,CN=SYSTEM,DC=REDMOND,DC=CORP,DC=MICROSOFT,DC=COM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1@SOM-ID DC=redmond,DC=corp,DC=microsoft,DC=com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1@FileSysPath \\redmond.corp.microsoft.com\SysVol\redmond.corp.microsoft.com\Policies\{76 38BB4B-99A9-457C-9341-7D07C0C52399}\User
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1@DisplayName WW-OfficeSQMSettings-IdM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1@GPOName {7638BB4B-99A9-457C-9341-7D07C0C52399}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1\0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1\0@Script script_wrapper.cmd
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1\0@Parameters empidtool.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1\0@ExecTime 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf@
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services@
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services\WpdMtpDr
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services\WpdMtpDr@ImagePath WpdMtpDr.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services\WpdMtpDr@WdfHostProcessGUID {63432f85-815a-4a44-be78-cbdf484acd93}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services\{63432f85-815a-4a44-be78-cbdf484acd93}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services\{63432f85-815a-4a44-be78-cbdf484acd93}@WdfHostProcessImagePath C:\WINDOWS\system32\uWDF.exe
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services\{63432f85-815a-4a44-be78-cbdf484acd93}@WdfHostProcessExitTimeout 10
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services\{63432f85-815a-4a44-be78-cbdf484acd93}@WdfHostProcessStartTimeout 10
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership@Group0 S-1-5-21-4070297603-538264583-3767469655-513
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership@Group1 S-1-1-0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership@Group2 S-1-5-32-544
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership@Group3 S-1-5-32-545
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership@Group4 S-1-5-4
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership@Group5 S-1-5-11
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership@Group6 S-1-2-0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership@Count 7

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

::::::::::::::::::::::::::::::::::::::::::::::::::::::::: DDS :::::::::::::::::::::::::::::::::::::::::::::::::::::::::

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 23:32:50 on 2000-01-06
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1056 [GMT 5.5:30]
.
AV: eTrust Antivirus *Enabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Toshiba\TapButton\TapButt.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\windows\SYSTEMIL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SVCHOST32.EXE
C:\WINDOWS\songs.exe
C:\windows\SYSTEMIL.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SYSTEMIL2.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\XP-1718E4C3.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\System Center Operations Manager 2007\HealthService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\IT Connection Manager\SRUserService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
D:\3u01rgkv.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = itgproxy.redmond.corp.microsoft.com:80
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SystemIL] c:\windows\SYSTEMIL.EXE
uRun: [msnmsgr] "c:\progra~1\msnmes~1\MsnMsgr.Exe" /background
mRun: [Realtime Monitor] c:\progra~1\ca\etrust~1\realmon.exe -s
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [CrossMenu] c:\program files\toshiba\crossmenu\CrossMenu.exe
mRun: [TapButt] c:\program files\toshiba\tapbutton\TapButt.exe
mRun: [TAcelMgr] c:\program files\toshiba\acceleration utilities\tacelmgr\TAcelMgr.exe
mRun: [TSkrMain] c:\program files\toshiba\acceleration utilities\shaker\TSkrMain.exe
mRun: [TosRotation] "c:\program files\toshiba\toshiba rotation utility\TRot.exe"
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
mRun: [Sensiva] "c:\symbol commander\Sensiva.exe"
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
mRun: [MXOBG] c:\windows\MXOALDR.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [SystemIL] c:\windows\SYSTEMIL.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [MyApp] c:\windows\system32\SVCHOST32.EXE
mRun: [XP-1718E4C3] c:\windows\system32\XP-1718E4C3.EXE
mRun: [System File] c:\windows\songs.exe
dRun: [TabletWizard] %windir%\help\wizard.hta
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [Realtime Monitor] c:\program files\ca\etrust antivirus\realmon.exe -s
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\75cd~1.lnk - c:\windows\system32\XP-1718E4C3.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\SYSTEMIL2.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147211606575
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
STS: IE Component Categories cache daemon: {553858a7-4922-4e7e-b1c1-97140c1c16ef} - c:\windows\system32\ieframe.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
============= SERVICES / DRIVERS ===============
.
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2005-2-8 5888]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 HealthService;MOM Health Service;c:\program files\system center operations manager 2007\HealthService.exe [2006-8-29 12800]
R2 SRUserService;IT Connection Manager;c:\program files\it connection manager\SRUserService.exe [2005-1-19 228152]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2005-2-8 200704]
R3 amsint32;amsint32;\??\c:\windows\system32\drivers\npgil.sys --> c:\windows\system32\drivers\npgil.sys [?]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2005-2-8 8832]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2005-2-7 13568]
S3 cmbp0wdm;CardMan 4000;c:\windows\system32\drivers\cmbp0wdm.sys [2005-4-7 33142]
S3 GPCCARD;GPCCARD;c:\windows\system32\drivers\gpccard.sys [2006-6-10 82176]
S3 GPR400;GEMPLUS GPR400 PCMCIA Smart Card Reader;c:\windows\system32\drivers\gpr400.sys [2005-4-20 17408]
S3 OMNCMBP;Omnikey AG CardMan 4000 PCMCIA Smart Card Reader;c:\windows\system32\drivers\cmbp0wdm.sys [2005-4-7 33142]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [2001-2-4 107776]
S4 AdtAgent;Event Forwarder;c:\windows\system32\AdtAgent.exe [2006-8-29 249856]
.
=============== Created Last 30 ================
.
2011-05-15 05:31:57 147456 ----a-w- c:\windows\songs.exe
2010-10-15 18:07:11 -------- d-----w- c:\documents and settings\administrator\local settings\application data\WMTools Downloaded Files
2010-05-23 06:33:04 -------- d-----w- c:\windows\ie8updates
2010-05-22 06:48:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-22 06:48:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-22 06:48:23 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-22 06:48:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-22 06:48:19 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-05-17 07:24:04 -------- d-----w- c:\documents and settings\all users\application data\Seagate
2010-05-17 07:23:21 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Downloaded Installations
2010-05-17 07:23:14 -------- d-----w- c:\program files\Carbonite
2010-05-17 07:23:13 -------- d-sh--w- c:\windows\ftpcache
2010-05-17 07:21:59 -------- d-----w- c:\program files\Seagate
2010-05-17 07:21:59 -------- d-----w- c:\program files\common files\muvee Technologies
2010-05-17 04:31:40 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
2010-05-17 04:30:36 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2010-05-17 04:24:44 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2010-05-17 04:06:23 -------- d-----w- C:\fdefcdb7e35ca747655eff4d2dee
2010-05-17 03:53:34 -------- dc-h--w- c:\windows\ie8
2010-05-17 03:51:28 -------- d-----w- c:\documents and settings\administrator\local settings\application data\PCHealth
2010-05-16 06:34:09 -------- d-----w- c:\windows\ServicePackFiles
2010-05-15 11:21:25 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Microsoft Help
2010-02-04 00:06:10 17204608 ----a-w- c:\program files\common files\microsoft shared\office12\MSO.DLL
2010-01-02 23:59:32 282624 ----a-w- c:\windows\SYSTEMIL.EXE
2010-01-02 23:59:32 282624 ----a-w- C:\Games.exe
2009-11-27 17:33:35 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 16:37:27 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:37:27 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2009-10-20 14:58:48 263552 -c----w- c:\windows\system32\dllcache\http.sys
2009-10-09 17:40:46 2594632 ----a-w- c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL
2009-08-19 11:37:18 1415000 ----a-w- c:\windows\system32\msxml6.dll
2009-08-17 18:03:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-07-20 18:35:40 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-02 12:38:01 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Temp
2009-06-12 19:45:00 1661792 ----a-w- c:\program files\common files\microsoft shared\office12\OGL.DLL
2009-06-04 03:25:58 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Logitech-LS
2009-05-26 06:04:14 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Google
2009-05-26 06:01:58 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Deployment
2009-05-26 05:28:04 -------- d-----w- c:\program files\MSXML 6.0
2009-05-25 19:44:48 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-05-25 19:18:13 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe
2009-05-25 19:08:43 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-05-25 19:08:43 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-04-03 13:16:26 97640 ----a-w- c:\program files\common files\microsoft shared\office12\EXP_PDF.DLL
2009-04-03 12:29:44 79728 ----a-w- c:\program files\common files\microsoft shared\office12\1033\xlsrvintl.dll
2009-04-02 07:37:44 186240 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\office.en-us\OSETUPUI.DLL
2009-04-02 07:37:10 6540120 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\OSETUP.DLL
2009-04-02 07:36:52 439160 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\SETUP.EXE
2009-04-02 07:36:42 231848 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\ODEPLOY.EXE
2009-04-02 06:32:04 11632 ----a-w- c:\program files\common files\microsoft shared\office12\1033\OLBINTL.DLL
2009-04-02 06:32:04 10339712 ----a-w- c:\program files\common files\microsoft shared\office12\1033\MSOINTL.DLL
2009-04-02 06:32:02 45968 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\OSETUPPS.DLL
2009-04-02 06:32:02 14720 ----a-w- c:\program files\common files\microsoft shared\smart tag\SmartTagInstall.exe
2009-04-02 06:32:00 552816 ----a-w- c:\program files\common files\microsoft shared\office12\OFFLB.EXE
2009-04-02 06:32:00 17792 ----a-w- c:\program files\common files\microsoft shared\office12\OPHPROXY.DLL
2009-04-02 06:32:00 15760 ----a-w- c:\program files\common files\microsoft shared\office12\OPTINPS.DLL
2009-04-02 06:32:00 12616 ----a-w- c:\program files\common files\microsoft shared\office12\OFFREL.DLL
2009-04-02 06:31:58 6637936 ----a-w- c:\program files\common files\microsoft shared\office12\MSORES.DLL
2009-04-02 06:31:58 42864 ----a-w- c:\program files\common files\microsoft shared\office12\MSSH.DLL
2009-04-02 06:31:46 18816 ----a-w- c:\program files\common files\microsoft shared\office12\MSMH.DLL
2009-04-02 06:31:44 70000 ----a-w- c:\program files\common files\microsoft shared\office12\LBGHOST.DLL
2009-04-02 06:31:44 56680 ----a-w- c:\program files\common files\microsoft shared\office12\EXP_XPS.DLL
2009-04-02 06:31:44 177520 ----a-w- c:\program files\common files\microsoft shared\smart tag\IETAG.DLL
2009-03-08 08:52:46 1241088 ------w- c:\windows\system32\ieframe.dll.mui
2009-03-08 08:52:30 49152 ------w- c:\windows\system32\msrating.dll.mui
2009-03-08 08:52:18 2560 ------w- c:\windows\system32\mshta.exe.mui
2009-03-08 08:51:06 4096 ------w- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 08:51:06 10240 ------w- c:\windows\system32\advpack.dll.mui
2009-03-08 08:50:54 81920 ------w- c:\windows\system32\iedkcs32.dll.mui
2009-03-07 23:05:32 742912 ------w- c:\program files\internet explorer\iedvtool.dll
2009-03-07 23:05:12 233984 ------w- c:\program files\internet explorer\jsprofilerui.dll
2009-03-07 23:05:04 2048 ------w- c:\program files\internet explorer\iecompat.dll
2009-03-07 23:05:04 144384 ------w- c:\program files\internet explorer\ExtExport.exe
2009-03-07 23:05:04 118272 ------w- c:\program files\internet explorer\JSProfilerCore.dll
2009-03-07 23:05:02 521216 ------w- c:\program files\internet explorer\jsdbgui.dll
2009-03-07 23:05:02 121344 ------w- c:\program files\internet explorer\jsdebuggeride.dll
2009-03-07 23:03:18 12800 ----a-w- c:\program files\internet explorer\xpshims.dll
2009-03-05 23:40:32 47472 ----a-w- c:\program files\common files\microsoft shared\office12\MSE7.EXE
2009-03-05 21:17:58 575416 ----a-w- c:\program files\common files\microsoft shared\office12\ACEDAO.DLL
2009-03-05 21:17:58 47008 ----a-w- c:\program files\common files\microsoft shared\office12\ACEERR.DLL
2009-03-05 21:17:58 190400 ----a-w- c:\program files\common files\microsoft shared\office12\ACEES.DLL
2009-03-05 21:17:56 1759136 ----a-w- c:\program files\common files\microsoft shared\office12\ACECORE.DLL
2009-02-13 23:34:38 756040 ----a-w- c:\program files\common files\microsoft shared\office12\MSPTLS.DLL
2009-02-05 06:07:00 1117568 ----a-w- c:\program files\common files\microsoft shared\filters\offfiltx.dll
2009-01-07 12:50:54 134144 -c----w- c:\windows\system32\dllcache\sqmapi.dll
2009-01-07 12:50:54 134144 ------w- c:\program files\internet explorer\sqmapi.dll
2009-01-07 12:50:38 24576 ----a-w- c:\windows\system32\nlsdl.dll
2009-01-07 12:50:18 355832 ------w- c:\program files\internet explorer\pdm.dll
2009-01-07 12:50:18 265720 ----a-w- c:\windows\system32\msdbg2.dll
2008-12-15 10:34:33 122880 ----a-w- c:\windows\system32\SVCHOST32.EXE
2008-12-03 23:30:58 969552 ----a-r- c:\program files\common files\microsoft shared\textconv\wkcvqd01.dll
2008-12-03 23:30:58 279904 ----a-r- c:\program files\common files\microsoft shared\textconv\wkls31.dll
2008-12-03 23:30:58 162640 ----a-r- c:\program files\common files\microsoft shared\textconv\wkcvqr01.dll
2008-11-24 16:47:18 983944 ----a-w- c:\program files\common files\microsoft shared\web server extensions\12\bin\FPWEC.DLL
2008-11-20 18:32:30 988040 ----a-w- c:\program files\common files\microsoft shared\office12\msoshext.dll
2008-11-20 18:28:22 972632 ----a-w- c:\program files\common files\microsoft shared\web folders\MSONSEXT.DLL
2008-11-20 18:28:20 1011544 ----a-w- c:\program files\common files\system\ole db\MSDAIPP.DLL
2008-11-10 06:08:42 27000 ----a-w- c:\program files\common files\microsoft shared\euro\MSOEURO.DLL
2008-11-09 20:57:52 31592 ----a-w- c:\program files\common files\microsoft shared\filters\msgfilt.dll
2008-11-03 22:43:02 118128 ----a-w- c:\program files\common files\microsoft shared\textconv\MSCONV97.DLL
2008-11-03 22:36:08 208816 ----a-w- c:\program files\common files\microsoft shared\office12\ACEWSS.DLL
2008-11-03 22:19:02 66424 ----a-w- c:\program files\common files\microsoft shared\office12\MSOMSE.DLL
2008-11-03 22:19:02 460680 ----a-w- c:\program files\common files\microsoft shared\office12\MODHELP.DLL
2008-11-03 21:39:04 77200 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWSTRUCT.DLL
2008-11-03 21:39:04 532872 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\XPAGE3C.DLL
2008-11-03 21:39:04 19840 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWRECS.DLL
2008-11-03 21:39:04 1196944 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\XIMAGE3B.DLL
2008-11-03 21:39:02 58224 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWLAY32.DLL
2008-11-03 21:39:02 51576 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWRECE.DLL
2008-11-03 21:39:02 33656 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWRECC.DLL
2008-11-03 21:39:02 27520 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWORIENT.DLL
2008-11-03 21:39:00 87928 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWCUTLIN.DLL
2008-11-03 21:39:00 127360 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWCUTCHR.DLL
2008-11-03 21:38:58 77208 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\PSOM.DLL
2008-11-03 21:38:58 76152 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\FORM.DLL
2008-11-03 21:38:58 30032 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\THOCRAPI.DLL
2008-11-03 21:38:58 20360 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\BINDER.DLL
2008-11-03 21:38:58 19840 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\REVERSE.DLL
2008-11-03 20:30:08 1079136 ----a-w- c:\program files\common files\microsoft shared\office12\RICHED20.DLL
2008-11-03 20:14:24 814464 ----a-w- c:\program files\common files\microsoft shared\dw\DW20.EXE
2008-11-03 20:14:24 439632 ----a-w- c:\program files\common files\microsoft shared\dw\DWDCW20.DLL
2008-11-03 20:14:24 435096 ----a-w- c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE
2008-11-03 19:36:30 2872688 ----a-w- c:\program files\common files\microsoft shared\office12\OFFDIAG.EXE
2008-11-03 19:36:28 441712 ----a-w- c:\program files\common files\microsoft shared\office12\ODSERV.EXE
2008-11-03 18:09:44 179128 ----a-w- c:\program files\common files\microsoft shared\office12\1033\ACEINTL.DLL
2008-11-03 17:07:08 50040 ----a-w- c:\program files\common files\system\msmapi\1033\MSMAPI32.DLL
2008-10-26 00:12:18 16216 ----a-w- c:\program files\common files\microsoft shared\portal\1033\PortalConnect.dll
2008-10-26 00:12:16 482656 ----a-w- c:\program files\common files\microsoft shared\portal\PortalConnectCore.dll
2008-10-25 08:09:38 290632 ----a-w- c:\program files\common files\microsoft shared\msclientdatamgr\MSCDM.DLL
2008-10-25 03:57:54 44408 ----a-w- c:\program files\common files\microsoft shared\office12\MSOXMLMF.DLL
2008-10-25 01:08:38 145224 ----a-w- c:\program files\common files\microsoft shared\office12\1033\ALRTINTL.DLL
2008-10-25 00:48:52 89464 ----a-w- c:\program files\common files\microsoft shared\smart tag\METCONV.DLL
2008-10-25 00:01:28 15224 ----a-w- c:\program files\common files\microsoft shared\office12\ACEODTXT.DLL
2008-10-25 00:01:28 15224 ----a-w- c:\program files\common files\microsoft shared\office12\ACEODPDX.DLL
2008-10-25 00:01:28 15224 ----a-w- c:\program files\common files\microsoft shared\office12\ACEODEXL.DLL
2008-10-25 00:01:28 15224 ----a-w- c:\program files\common files\microsoft shared\office12\ACEODDBS.DLL
2008-10-24 22:08:36 1682800 ----a-w- c:\program files\common files\microsoft shared\web server extensions\12\bin\FPSRVUTL.DLL
2008-10-24 17:20:52 436584 ----a-w- c:\program files\common files\microsoft shared\msorun\MSORUN.DLL
2008-10-24 16:51:26 505192 ----a-w- c:\program files\common files\microsoft shared\office12\MSSOAP30.DLL
2008-10-24 15:44:58 6040432 ----a-w- c:\program files\common files\system\ole db\msmgdsrv.dll
2008-10-24 15:44:58 4298096 ----a-w- c:\program files\common files\system\ole db\msolap90.dll
2008-10-24 15:44:58 276336 ----a-w- c:\program files\common files\system\ole db\msolui90.dll
2008-10-24 15:44:58 15926640 ----a-w- c:\program files\common files\system\ole db\msmdlocal.dll
2008-09-17 16:47:08 1425912 ----a-w- c:\program files\common files\microsoft shared\office11\msxml5.dll
2008-08-25 17:20:22 155648 ----a-w- c:\program files\common files\microsoft shared\vba\vba6\1033\VBE6INTL.DLL
2008-07-29 15:40:04 73720 ----a-w- c:\windows\system32\dxva2.dll
2008-07-29 15:40:04 493048 ----a-w- c:\windows\system32\evr.dll
2008-07-29 15:40:04 26112 ----a-w- c:\windows\system32\TsWpfWrp.exe
2008-07-29 15:05:46 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2008-07-29 14:29:58 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2008-07-29 14:29:58 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2008-07-29 14:29:58 161296 ----a-w- c:\windows\system32\UIAutomationCore.dll
2008-07-29 14:29:58 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 13:54:50 97800 ----a-w- c:\windows\system32\infocardapi.dll
2008-07-29 13:54:50 622080 ----a-w- c:\windows\system32\icardagt.exe
2008-07-29 13:54:50 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2008-07-29 13:54:50 11264 ----a-w- c:\windows\system32\icardres.dll
2008-07-29 00:19:58 586240 ----a-w- c:\windows\system32\icardres.dll.mui
2008-07-25 05:46:58 83968 ----a-w- c:\windows\system32\mscories.dll
2008-07-25 05:46:58 282112 ----a-w- c:\windows\system32\mscoree.dll
2008-07-25 05:46:58 158720 ----a-w- c:\windows\system32\mscorier.dll
2008-07-25 05:46:58 158720 ----a-w- c:\program files\internet explorer\mui\0409\mscorier.dll
2008-07-25 05:46:46 96760 ----a-w- c:\windows\system32\dfshim.dll
2007-06-24 01:44:32 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2007-06-22 01:19:23 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2007-06-22 01:19:23 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2007-06-22 01:19:23 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2007-06-22 01:19:23 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2007-05-25 05:07:22 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2007-05-25 05:07:22 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2007-05-25 05:07:22 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2007-05-25 05:07:22 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2007-05-25 05:07:22 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2007-05-25 05:07:22 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2007-05-25 05:07:22 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2007-05-16 14:33:59 -------- d-----w- c:\program files\Microsoft Letteris
2007-05-16 14:32:21 -------- d-----w- c:\program files\Microsoft Dots
2007-05-16 13:47:51 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Identities
2007-05-16 13:47:48 -------- d-----w- c:\documents and settings\administrator\application data\Windows Desktop Search
2007-05-07 06:54:33 -------- d-----w- C:\Root C
2007-05-07 06:46:49 -------- d-----w- C:\My Documents
2007-04-27 04:12:00 65536 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2007-04-27 04:12:00 49152 ----a-w- c:\windows\system32\QuickTime.qts
2007-04-04 07:21:24 -------- d-----w- c:\program files\Windows Installer Clean Up
2007-03-15 09:17:14 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2007-03-15 09:17:13 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2007-03-12 11:26:11 -------- d-----w- c:\windows\system32\XPSViewer
2007-03-12 11:24:43 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2007-03-12 11:24:21 14048 ------w- c:\windows\system32\spmsg2.dll
2007-02-22 13:17:36 444064 ----a-w- c:\windows\system32\VSFLEX7L.OCX
2007-02-22 13:17:36 362200 ----a-w- c:\windows\system32\VSPRINT7.ocx
2007-02-22 13:17:36 238512 ----a-w- c:\windows\system32\SizerOne.ocx
2007-02-22 13:17:36 -------- d-----w- c:\program files\DesktopOrganizer6
2007-02-02 06:11:14 36864 ----a-w- c:\windows\system32\SDDEVMGR.dll
2007-01-16 08:18:58 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2007-01-04 07:04:50 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2007-01-04 07:04:50 32656 ----a-w- c:\windows\system32\msonpmon.dll
2007-01-04 06:11:30 -------- d-----w- c:\windows\SxsCaPendDel
2007-01-02 04:36:15 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2007-01-02 04:36:15 22016 ----a-w- c:\windows\system32\drivers\MSIRCOMM.sys
2006-12-15 03:35:28 2362184 ----a-w- c:\windows\system32\SET82.tmp
2006-12-01 20:38:40 625152 ----a-w- c:\program files\common files\microsoft shared\vc\msdia80.dll
2006-11-27 06:22:10 -------- d-----w- c:\windows\pss
2006-11-15 06:31:27 -------- d-----w- C:\e2013d93f184e6446c0b56
2006-11-13 08:09:16 105256 ----a-w- c:\program files\common files\microsoft shared\notesync forms\VCOMCtl.dll
2006-11-13 08:09:14 84776 ----a-w- c:\program files\common files\microsoft shared\notesync forms\FormDll.dll
2006-11-13 08:09:14 76584 ----a-w- c:\program files\common files\microsoft shared\notesync forms\InkProps.dll
2006-11-13 08:08:58 47912 ----a-w- c:\program files\common files\microsoft shared\notesync forms\VoiceBar.dll
2006-11-13 08:08:52 36136 ----a-w- c:\program files\common files\microsoft shared\notesync forms\inkx.dll
2006-11-13 08:08:28 95016 ----a-w- c:\program files\common files\microsoft shared\notesync forms\InkForm.exe
2006-11-13 08:08:26 95016 ----a-w- c:\program files\common files\microsoft shared\notesync forms\VoiceFrm.exe
2006-10-27 09:40:08 44304 ----a-w- c:\program files\common files\microsoft shared\office12\MSOXEV.DLL
2006-10-26 16:11:50 59152 ----a-w- c:\program files\common files\microsoft shared\office12\MSOXMLED.EXE
2006-10-26 14:43:46 826232 ----a-w- c:\program files\common files\microsoft shared\office12\ACEWDAT.DLL
2006-10-26 14:43:44 764800 ----a-w- c:\program files\common files\microsoft shared\office12\ACECNF.DLL
2006-10-26 14:43:24 125824 ----a-w- c:\program files\common files\microsoft shared\office12\ACECNFLT.EXE
2006-10-26 14:43:20 52024 ----a-w- c:\program files\common files\microsoft shared\office12\1033\ACEODBCI.DLL
2006-10-26 14:43:16 49536 ----a-w- c:\program files\common files\microsoft shared\office12\1033\ACECNFRC.DLL
2006-10-26 14:43:14 35640 ----a-w- c:\program files\common files\microsoft shared\office12\1033\ACERECR.DLL
2006-10-26 14:42:48 153424 ----a-w- c:\program files\common files\microsoft shared\translat\MSB1CORE.DLL
2006-10-26 14:42:40 87352 ----a-w- c:\program files\common files\microsoft shared\msinfo\OINFOP12.EXE
2006-10-26 14:42:28 56656 ----a-w- c:\program files\common files\microsoft shared\translat\MSB1XTOR.DLL
2006-10-26 14:42:26 40256 ----a-w- c:\program files\common files\microsoft shared\web folders\MSOSV.DLL
2006-10-26 14:42:16 18744 ----a-w- c:\program files\common files\microsoft shared\msinfo\OINFOS12.DLL
2006-10-26 14:42:06 11072 ----a-w- c:\program files\common files\microsoft shared\web folders\1033\MSOSVINT.DLL
2006-10-26 14:22:42 59736 ----a-w- c:\program files\common files\microsoft shared\office12\1033\MSEINTL.DLL
2006-10-26 14:22:40 12104 ----a-w- c:\program files\common files\microsoft shared\office12\1033\MODHLPUI.DLL
2006-10-26 14:19:44 75552 ----a-w- c:\program files\common files\microsoft shared\web folders\1033\NSEXTINT.DLL
2006-10-26 14:19:44 163104 ----a-w- c:\program files\common files\system\ole db\MSDAPML.DLL
2006-10-26 14:19:36 30512 ----a-w- c:\program files\common files\microsoft shared\office12\1033\ODINTL.DLL
2006-10-26 14:18:12 108872 ----a-w- c:\program files\common files\microsoft shared\dw\1033\DWINTL20.DLL
2006-10-26 14:17:10 20304 ----a-w- c:\program files\common files\microsoft shared\office12\MUOPTIN.DLL
2006-10-26 13:51:52 256312 ----a-w- c:\program files\common files\microsoft shared\smart tag\MOFL.DLL
2006-10-26 13:51:52 149816 ----a-w- c:\program files\common files\microsoft shared\smart tag\FPERSON.DLL
2006-10-26 13:51:50 131896 ----a-w- c:\program files\common files\microsoft shared\smart tag\FPLACE.DLL
2006-10-26 13:51:48 82232 ----a-w- c:\program files\common files\microsoft shared\smart tag\FBIBLIO.DLL
2006-10-26 13:51:48 73016 ----a-w- c:\program files\common files\microsoft shared\smart tag\FNAME.DLL
2006-10-26 13:51:48 115512 ----a-w- c:\program files\common files\microsoft shared\smart tag\FSTOCK.DLL
2006-10-26 13:51:44 72504 ----a-w- c:\program files\common files\microsoft shared\smart tag\FDATE.DLL
2006-10-26 13:51:44 19256 ----a-w- c:\program files\common files\microsoft shared\smart tag\1033\STINTL.DLL
2006-10-26 08:40:06 33088 ----a-w- c:\windows\system32\FM20ENU.DLL
2006-10-26 08:36:22 93968 ----a-w- c:\program files\common files\microsoft shared\office12\MSOICONS.EXE
2006-10-26 08:33:08 145184 ----a-w- c:\program files\common files\microsoft shared\source engine\OSE.EXE
2006-10-26 08:28:12 14656 ----a-w- c:\program files\common files\microsoft shared\textconv\WPEQU532.DLL
2006-10-26 08:26:38 123720 ----a-w- c:\program files\common files\microsoft shared\office12\WISC30.DLL
2006-10-26 08:26:34 41288 ----a-w- c:\program files\common files\microsoft shared\office12\1033\MSSOAPR3.DLL
2006-10-26 08:15:06 31960 ----a-w- c:\program files\common files\microsoft shared\vsta\8.0\x86\VSTARemotingServer.dll
2006-10-26 08:15:06 20160 ----a-w- c:\program files\common files\microsoft shared\vsta\8.0\x86\vsta_ep32.exe
2006-10-26 08:15:02 873216 ----a-w- c:\program files\common files\microsoft shared\help\hxds.dll
2006-10-26 08:15:02 268552 ----a-w- c:\program files\common files\microsoft shared\help\msitss55.dll
2006-10-26 08:15:02 1659656 ----a-w- c:\program files\common files\microsoft shared\help\ITIRCL55.DLL
2006-10-26 08:15:00 4608 ----a-w- c:\program files\common files\microsoft shared\msenv\publicassemblies\extensibility.dll
2006-10-26 08:13:02 274432 ----a-w- c:\program files\common files\microsoft shared\ink\IACom.dll
2006-10-26 08:13:02 155488 ----a-w- c:\program files\common files\microsoft shared\ink\rtscom.dll
2006-10-26 08:11:56 91912 ----a-w- c:\program files\common files\microsoft shared\office11\1033\msxml5r.dll
2006-10-26 08:11:16 167200 ----a-w- c:\program files\common files\system\ole db\xmlrw.dll
2006-10-26 08:11:16 121120 ----a-w- c:\program files\common files\system\ole db\xmlrwbin.dll
2006-10-24 07:00:20 412160 ------w- c:\windows\system32\photometadatahandler.dll
2006-10-24 07:00:06 716288 ------w- c:\windows\system32\WindowsCodecs.dll
2006-10-24 07:00:00 276992 ------w- c:\windows\system32\WMPhoto.dll
2006-10-24 06:59:50 352256 ------w- c:\windows\system32\WindowsCodecsExt.dll
2006-10-23 22:43:55 -------- d-----w- c:\program files\Windows Desktop Search
2006-10-22 17:54:32 91768 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2006-10-20 16:00:06 1980704 ----a-w- c:\windows\system32\milcore.dll
2006-10-14 18:42:39 -------- d-----w- c:\program files\MSXML 4.0
2006-10-14 14:52:00 1676288 -c--a-w- c:\windows\system32\dllcache\xpssvcs.dll
2006-10-14 14:52:00 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2006-10-14 14:51:58 575488 -c--a-w- c:\windows\system32\dllcache\xpsshhdr.dll
2006-10-14 14:51:58 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2006-10-14 11:14:44 597504 -c--a-w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2006-10-14 11:14:44 597504 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2006-10-14 11:13:38 117760 ----a-w- c:\windows\system32\prntvpt.dll
2006-10-14 11:13:18 89088 -c--a-w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2006-10-05 05:47:18 633664 ----a-w- c:\program files\common files\microsoft shared\proof\MSTH3FR.DLL
2006-09-26 15:31:30 2113536 ----a-w- c:\program files\common files\system\ole db\MSOLAP80.DLL
2006-09-14 17:33:20 -------- d-----w- c:\program files\System Center Operations Manager 2007
2006-09-12 11:06:12 21256 ----a-w- c:\program files\common files\microsoft shared\help\1031\hxdsui.dll
2006-09-12 11:06:12 20744 ----a-w- c:\program files\common files\microsoft shared\help\3082\hxdsui.dll
2006-09-12 11:06:12 19720 ----a-w- c:\program files\common files\microsoft shared\help\1049\hxdsui.dll
2006-09-12 11:06:12 18696 ----a-w- c:\program files\common files\microsoft shared\help\1028\hxdsui.dll
2006-09-12 11:06:10 19720 ----a-w- c:\program files\common files\microsoft shared\help\1046\hxdsui.dll
2006-09-12 11:06:08 18696 ----a-w- c:\program files\common files\microsoft shared\help\1042\hxdsui.dll
2006-09-12 11:06:08 18696 ----a-w- c:\program files\common files\microsoft shared\help\1041\hxdsui.dll
2006-09-12 11:06:06 20744 ----a-w- c:\program files\common files\microsoft shared\help\1040\hxdsui.dll
2006-09-12 11:06:06 20744 ----a-w- c:\program files\common files\microsoft shared\help\1036\hxdsui.dll
2006-09-12 11:06:04 18696 ----a-w- c:\program files\common files\microsoft shared\help\2052\hxdsui.dll
2006-09-12 11:06:04 18696 ----a-w- c:\program files\common files\microsoft shared\help\1033\hxdsui.dll
2006-08-29 05:02:10 249856 ----a-w- c:\windows\system32\AdtAgent.exe
2006-08-29 04:52:26 40960 ----a-w- c:\windows\system32\AcsMsgs.dll
2006-08-24 10:45:06 150808 ----a-w- c:\windows\system32\rgb9rast_2.dll
2006-08-21 21:43:34 -------- d-----w- c:\program files\MS Review
2006-08-21 08:38:18 551232 ----a-w- c:\program files\common files\microsoft shared\proof\MSSP3FR.DLL
2006-08-11 20:24:52 348160 ----a-w- c:\program files\common files\microsoft shared\office12\vs runtime\MSVCR71.DLL
2006-08-01 08:20:00 1100560 ----a-w- c:\program files\common files\microsoft shared\proof\3082\MSGR3ES.DLL
2006-08-01 08:19:52 408336 ----a-w- c:\program files\common files\microsoft shared\proof\MSHY3FR.DLL
2006-08-01 08:19:48 68440 ----a-w- c:\program files\common files\microsoft shared\proof\MSHYPH2.DLL
2006-07-28 03:43:59 -------- d-----w- c:\program files\MSECache
2006-07-26 10:57:18 576320 ----a-w- c:\program files\common files\microsoft shared\proof\MSLID.DLL
2006-07-25 07:50:22 6317328 ----a-w- c:\program files\common files\microsoft shared\proof\1036\MSGR3FR.DLL
2006-07-24 05:20:40 47920 ----a-w- c:\windows\system32\VBAME.DLL
2006-07-24 05:20:40 39728 ----a-w- c:\windows\system32\SCP32.DLL
2006-07-24 05:20:38 125744 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2006-07-13 08:03:08 3152704 ----a-w- c:\program files\common files\microsoft shared\proof\1033\MSGR3EN.DLL
2006-07-10 04:18:30 27920 ----a-w- c:\windows\system32\drivers\ino_flpy.sys
2006-07-07 03:34:58 161296 ----a-w- c:\windows\system32\drivers\ino_fltr.sys
2006-06-10 07:42:56 82176 ----a-w- c:\windows\system32\drivers\gpccard.sys
2006-06-01 18:47:07 27648 -c----w- c:\windows\system32\dllcache\jgpl400.dll
2006-06-01 18:47:07 163840 -c----w- c:\windows\system32\dllcache\jgdw400.dll
2006-05-10 13:42:35 274288 ----a-w- c:\windows\system32\mucltui.dll
2006-05-05 09:41:45 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2006-04-24 04:05:00 854152 ----a-w- c:\program files\common files\microsoft shared\proof\MSTH3ES.DLL
2006-04-24 03:28:00 919696 ----a-w- c:\program files\common files\microsoft shared\proof\MSHY3ES.DLL
2006-04-15 06:58:58 28672 ------w- c:\windows\system32\verclsid.exe
2006-04-14 06:29:58 33792 ------w- c:\program files\internet explorer\custsat.dll
2006-04-14 06:29:58 247808 ----a-w- c:\program files\internet explorer\ieproxy.dll
2006-04-14 06:29:58 11070976 -c--a-w- c:\windows\system32\dllcache\ieframe.dll
2006-03-30 15:22:53 -------- d-----w- c:\windows\ms
2006-03-30 14:55:55 109264 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\IPSecCheck.exe
2006-03-30 14:55:54 109264 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\IPSecCheckServer.exe
2006-03-20 08:06:08 26112 ----a-w- c:\windows\system32\idndl.dll
2006-03-20 08:06:08 23552 ----a-w- c:\windows\system32\normaliz.dll
2006-03-10 06:08:46 96960 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\SRUDiags.exe
2006-03-10 06:08:46 58624 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\ConfigureOneCare.exe
2006-02-18 00:37:13 101176 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\PatchIT.exe
2006-02-18 00:37:12 117560 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\PatchITServer.exe
2006-02-09 10:50:00 334560 ----a-w- c:\windows\system32\ccmcore.dll
2006-02-09 10:50:00 13536 ----a-w- c:\windows\ISMIF32.dll
2005-12-05 16:52:37 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2005-12-05 16:52:37 21504 ----a-w- c:\windows\system32\hidserv.dll
2005-10-07 14:03:15 -------- d-----w- c:\program files\Plaxo
2005-10-05 00:38:04 720384 ------w- C:\theme generator 1.0.msi
2005-10-04 23:41:04 -------- d-----w- c:\program files\Audio Converter
2005-09-11 07:09:42 -------- d-----w- c:\program files\Skype
2005-09-08 08:03:50 86728 ----a-w- c:\windows\system32\msxml6r.dll
2005-09-06 20:46:53 90416 ------w- c:\windows\system32\drivers\meiudf.sys
2005-09-06 20:46:53 155648 ------w- c:\windows\system32\RAMASST.exe
2005-09-06 20:46:53 135168 ------w- c:\windows\system32\DVDMenu.dll
2005-09-06 20:46:53 106496 ------w- c:\windows\system32\DVDRAMSV.exe
2005-09-06 20:46:52 -------- d-----w- c:\program files\DVD-RAM
2005-09-06 20:44:36 -------- d-----w- C:\DVDRam.temp
2005-09-06 20:43:34 -------- d-----w- c:\program files\Maxtor
2005-09-05 15:42:11 -------- d-----w- c:\program files\Visimation
2005-07-22 20:18:33 -------- d-----w- c:\program files\PRM
2005-07-19 20:45:22 25792 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lmdippr.dll
2005-07-19 20:45:21 43200 ----a-w- c:\windows\system32\lmdimon.dll
2005-07-13 16:50:35 -------- d-----w- c:\program files\Potala Software
2005-07-08 02:23:15 -------- d-----w- c:\documents and settings\all users\application data\Trymedia
2005-07-05 19:24:58 1160904 ----a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPSRVUTL.DLL
2005-06-29 19:00:51 -------- d-----w- c:\windows\system32\PreInstall
2005-06-18 14:19:34 -------- d-----w- c:\program files\Yahoo!
2005-06-18 14:14:52 28672 ----a-w- c:\windows\system32\vidcap.ax
2005-06-18 14:14:51 90624 ----a-w- c:\windows\system32\kswdmcap.ax
2005-06-18 14:14:51 61952 ----a-w- c:\windows\system32\kstvtune.ax
2005-06-18 14:14:46 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2005-06-18 14:14:46 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2005-06-18 14:14:46 43008 ----a-w- c:\windows\system32\ksxbar.ax
2005-06-18 06:48:21 53248 ----a-r- c:\windows\system32\InstMed.exe
2005-06-18 06:48:17 372736 ----a-w- c:\windows\system32\LVUI2RC.dll
2005-06-18 06:48:17 22016 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2005-06-18 06:48:17 204800 ----a-w- c:\windows\system32\LVUI2.dll
2005-06-18 06:48:17 204800 ----a-w- c:\windows\system32\LVCodec2.dll
2005-06-18 06:48:17 106496 ----a-w- c:\windows\system32\lvcoinst.dll
2005-06-18 06:48:16 348160 ----a-w- c:\windows\system\msvcr71.dll
2005-06-18 06:48:16 326656 ----a-w- c:\windows\system32\drivers\Camdrl.sys
2005-06-18 06:48:16 2180096 ----a-w- c:\windows\system32\drivers\lvsvf2.sys
2005-06-18 06:48:16 139264 ----a-w- c:\windows\system\CamExL20.dll
2005-06-18 06:46:52 724992 -c--a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iKernel.dll
2005-06-18 06:46:52 69715 -c--a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\ctor.dll
2005-06-18 06:46:52 5632 -c--a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\DotNetInstaller.exe
2005-06-18 06:46:52 266240 -c--a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iscript.dll
2005-06-18 06:46:52 192512 -c--a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iuser.dll
2005-06-18 06:46:51 184452 -c--a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iGdi.dll
2005-06-18 06:46:50 311428 -c--a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\Setup.dll
2005-06-18 05:47:45 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2005-06-18 05:47:45 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2005-06-18 05:45:25 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2005-06-18 05:45:25 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2005-06-15 19:35:40 -------- d-----w- c:\program files\Microsoft Money 2005
2005-06-08 17:52:10 -------- d-----w- c:\program files\Microsoft Voice Command
2005-06-02 16:44:41 -------- d-----w- c:\program files\Enhanced Telephony
2005-05-26 11:19:32 215920 ----a-w- c:\windows\system32\muweb.dll
2005-05-19 21:17:53 -------- d-----w- c:\windows\system32\DRM
2005-05-18 13:29:18 203976 ----a-r- c:\windows\system32\RICHTX32.OCX
2005-05-18 13:29:16 24064 ----a-r- c:\windows\system32\msxml3a.dll
2005-05-18 13:29:11 -------- d-----w- c:\program files\swift
2005-05-09 21:59:38 1716736 ----a-w- c:\program files\messenger\Msmsgs.exe
2005-05-09 21:59:26 72704 ----a-w- c:\program files\messenger\Msgsc.dll
2005-05-09 21:59:26 196096 -c--a-w- c:\program files\messenger\msimnetc.dll
2005-05-09 21:59:24 201216 -c--a-w- c:\program files\messenger\msimmsgr.dll
2005-05-09 21:58:54 348160 ----a-w- c:\program files\messenger\msvcr71.dll
2005-05-09 21:58:54 28672 -c--a-w- c:\program files\messenger\custsat.dll
2005-05-09 21:57:50 182784 ----a-w- c:\program files\messenger\msgslang.dll
2005-05-09 21:54:34 215232 -c--a-w- c:\program files\messenger\rtcimsp.dll
2005-05-09 16:24:51 -------- d-----w- c:\program files\Microsoft
2005-05-04 07:06:32 1411816 ----a-w- c:\program files\common files\system\ole db\MSDMINE.DLL
2005-05-04 07:06:30 1071856 ----a-w- c:\program files\common files\system\ole db\MSMDGD80.DLL
2005-05-04 07:06:28 465640 ----a-w- c:\program files\common files\system\ole db\MSDMENG.DLL
2005-05-04 07:06:26 240360 ----a-w- c:\program files\common files\system\ole db\MSMDCB80.DLL
2005-05-04 07:06:26 228152 ----a-w- c:\program files\common files\system\ole db\MSOLUI80.DLL
2005-05-04 07:06:26 199408 ----a-w- c:\program files\common files\system\ole db\MSMDUN80.DLL
2005-04-24 20:27:38 5632 ----a-w- c:\windows\system32\ptpusb.dll
2005-04-24 20:27:36 159232 ----a-w- c:\windows\system32\ptpusd.dll
2005-04-24 20:27:34 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2005-04-24 20:27:34 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2005-04-22 06:26:12 362 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\CSCredH.reg
2005-04-22 06:26:12 26 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\ips5_2d.bat
2005-04-22 06:26:12 201 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\ips5_2e.bat
2005-04-22 06:26:12 142160 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\CSQFINST.EXE
2005-04-22 06:25:57 142152 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\CSPunchIt.exe
2005-04-22 06:25:57 113440 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\CSCredH.exe
2005-04-22 06:24:21 65536 ----a-w- c:\windows\system32\SMSRsGenCtl.dll
2005-04-22 06:24:21 19456 ----a-w- c:\windows\system32\SMSRsGen.dll
2005-04-19 23:29:10 -------- d-----w- c:\windows\system32\NtmsData
2005-04-19 21:11:25 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2005-04-19 21:11:25 17408 ----a-w- c:\windows\system32\drivers\gpr400.sys
2005-04-19 01:40:28 163840 ----a-w- c:\windows\system32\GemPCCardCoInstaller.dll
2005-04-15 22:23:48 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2005-04-11 16:50:05 -------- d-----w- c:\program files\ItsDeductibleEX
2005-04-11 16:48:57 110592 ----a-w- c:\windows\system32\tsccvid.dll
2005-04-11 16:48:12 -------- d-----w- c:\documents and settings\all users\application data\Intuit
2005-04-11 16:47:05 -------- d-----w- c:\program files\common files\Intuit
2005-04-11 16:45:03 -------- d-----w- c:\program files\TurboTax
2005-04-07 23:40:11 -------- d-----w- C:\WINNT
2005-04-07 23:39:33 -------- d-----w- C:\DTToys
2005-04-07 23:25:53 -------- d-----w- c:\program files\Theme Generator Smartphone
2005-04-07 21:56:55 -------- d-----w- c:\windows\system32\LogFiles
2005-04-07 21:47:51 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2005-04-07 21:47:51 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2005-04-07 21:47:51 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2005-04-07 21:47:51 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2005-04-07 16:37:06 -------- d-----w- c:\documents and settings\all users\SmsDm
2005-04-07 04:31:23 33142 -c--a-w- c:\windows\system32\dllcache\cmbp0wdm.sys
2005-04-07 04:31:23 33142 ----a-w- c:\windows\system32\drivers\cmbp0wdm.sys
2005-04-06 18:49:26 -------- d-----r- C:\Favorites
2005-04-06 09:50:02 469984 ----a-w- c:\windows\system32\RmActivate.exe
2005-04-06 09:50:02 467424 ----a-w- c:\windows\system32\RmActivate_isv.exe
2005-04-06 09:50:02 442336 ----a-w- c:\windows\system32\SecProc.dll
2005-04-06 09:50:02 429024 ----a-w- c:\windows\system32\SecProc_isv.dll
2005-04-06 09:50:02 355808 ----a-w- c:\windows\system32\RmActivate_ssp_isv.exe
2005-04-06 09:50:02 351712 ----a-w- c:\windows\system32\RmActivate_ssp.exe
2005-04-06 09:50:00 268768 ----a-w- c:\windows\system32\msdrm.dll
2005-04-06 09:50:00 191456 ----a-w- c:\windows\system32\SecProc_ssp_isv.dll
2005-04-06 09:50:00 191456 ----a-w- c:\windows\system32\SecProc_ssp.dll
2005-04-06 00:45:47 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2005-04-06 00:37:13 -------- d-----w- c:\program files\IT Connection Manager
2005-04-06 00:36:23 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2005-04-06 00:36:22 43008 --s-a-w- c:\windows\system32\pintool.exe
2005-04-06 00:13:32 221184 ----a-w- c:\windows\system32\wmpns.dll
2005-03-25 23:49:20 695488 ----a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPWEL.DLL
2005-03-25 23:49:06 800960 ----a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPWEC.DLL
2005-03-24 23:59:20 127366 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\RASPatch.vbe
2005-02-16 12:50:02 100864 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\cm_info.exe
2005-02-09 02:18:54 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2005-02-09 02:18:54 4992 ----a-w- c:\windows\system32\drivers\toside.sys
2005-02-09 02:17:02 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2005-02-09 02:17:02 5376 ----a-w- c:\windows\system32\drivers\viaide.sys
2005-02-09 02:13:00 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
2005-02-09 02:13:00 6656 ----a-w- c:\windows\system32\drivers\cmdide.sys
2005-02-09 02:11:59 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2005-02-09 02:11:59 5248 ----a-w- c:\windows\system32\drivers\aliide.sys
2005-02-09 02:07:49 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2005-02-09 02:07:49 36736 ----a-w- c:\windows\system32\drivers\ultra.sys
2005-02-09 02:06:40 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2005-02-09 02:06:40 16000 ----a-w- c:\windows\system32\drivers\ini910u.sys
2005-02-09 02:06:35 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2005-02-09 02:06:35 12032 ----a-w- c:\windows\system32\drivers\amsint.sys
2005-02-09 02:06:32 23552 -c--a-w- c:\windows\system32\dllcache\abp480n5.sys
2005-02-09 02:06:32 23552 ----a-w- c:\windows\system32\drivers\ABP480N5.SYS
2005-02-09 02:06:29 22400 -c--a-w- c:\windows\system32\dllcache\asc3350p.sys
2005-02-09 02:06:29 22400 ----a-w- c:\windows\system32\drivers\asc3350p.sys
2005-02-09 02:06:18 26496 -c--a-w- c:\windows\system32\dllcache\asc.sys
2005-02-09 02:06:18 26496 ----a-w- c:\windows\system32\drivers\asc.sys
2005-02-09 02:06:15 14848 -c--a-w- c:\windows\system32\dllcache\asc3550.sys
2005-02-09 02:06:15 14848 ----a-w- c:\windows\system32\drivers\asc3550.sys
2005-02-09 02:05:35 14720 -c--a-w- c:\windows\system32\dllcache\dac960nt.sys
2005-02-09 02:05:35 14720 ----a-w- c:\windows\system32\drivers\dac960nt.sys
2005-02-09 02:04:58 179584 -c--a-w- c:\windows\system32\dllcache\dac2w2k.sys
2005-02-09 02:04:58 179584 ----a-w- c:\windows\system32\drivers\dac2w2k.sys
2005-02-09 02:04:01 7680 -c--a-w- c:\windows\system32\dllcache\cd20xrnt.sys
2005-02-09 02:04:01 7680 ----a-w- c:\windows\system32\drivers\cd20xrnt.sys
2005-02-09 01:59:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2005-02-09 01:59:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2005-02-09 01:58:56 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2005-02-09 01:58:56 18560 ----a-w- c:\windows\system32\drivers\i2omp.sys
2005-02-09 01:58:07 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2005-02-09 01:58:07 45312 ----a-w- c:\windows\system32\drivers\ql12160.sys
2005-02-09 01:57:34 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2005-02-09 01:57:34 49024 ----a-w- c:\windows\system32\drivers\ql1280.sys
2005-02-09 01:57:17 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2005-02-09 01:57:17 40448 ----a-w- c:\windows\system32\drivers\ql1240.sys
2005-02-09 01:57:01 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2005-02-09 01:57:01 40320 ----a-w- c:\windows\system32\drivers\ql1080.sys
2005-02-09 01:56:44 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2005-02-09 01:56:44 33152 ----a-w- c:\windows\system32\drivers\ql10wnt.sys
2005-02-09 01:54:42 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2005-02-09 01:54:42 16256 ----a-w- c:\windows\system32\drivers\symc810.sys
2005-02-09 01:54:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2005-02-09 01:54:07 30688 ----a-w- c:\windows\system32\drivers\sym_u3.sys
2005-02-09 01:52:39 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2005-02-09 01:52:39 32640 ----a-w- c:\windows\system32\drivers\symc8xx.sys
2005-02-09 01:50:53 25952 -c--a-w- c:\windows\system32\dllcache\hpn.sys
2005-02-09 01:50:53 25952 ----a-w- c:\windows\system32\drivers\hpn.sys
2005-02-09 01:49:44 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
2005-02-09 01:49:44 5504 ----a-w- c:\windows\system32\drivers\perc2hib.sys
2005-02-09 01:48:56 27296 -c--a-w- c:\windows\system32\dllcache\perc2.sys
2005-02-09 01:48:56 27296 ----a-w- c:\windows\system32\drivers\perc2.sys
2005-02-09 01:46:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2005-02-09 01:46:52 17280 ----a-w- c:\windows\system32\drivers\mraid35x.sys
2005-02-09 01:46:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2005-02-09 01:46:07 28384 ----a-w- c:\windows\system32\drivers\sym_hi.sys
2005-02-09 01:46:01 14976 -c--a-w- c:\windows\system32\dllcache\cpqarray.sys
2005-02-09 01:46:01 14976 ----a-w- c:\windows\system32\drivers\cpqarray.sys
2005-02-09 01:43:16 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
2005-02-09 01:43:16 20192 ----a-w- c:\windows\system32\drivers\dpti2o.sys
2005-02-09 01:42:24 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2005-02-09 01:42:24 56960 ----a-w- c:\windows\system32\drivers\aic78xx.sys
2005-02-09 01:42:14 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2005-02-09 01:42:14 55168 ----a-w- c:\windows\system32\drivers\aic78u2.sys
2005-02-09 01:41:57 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2005-02-09 01:41:57 101888 ----a-w- c:\windows\system32\drivers\adpu160m.sys
2005-02-09 01:38:03 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2005-02-09 01:38:03 19072 ----a-w- c:\windows\system32\drivers\sparrow.sys
2005-02-09 01:37:53 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2005-02-09 01:37:53 12800 ----a-w- c:\windows\system32\drivers\aha154x.sys
2005-02-09 01:36:35 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
2005-02-09 01:36:35 42240 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS
2005-02-09 01:30:53 41088 -c--a-w- c:\windows\system32\dllcache\sisagp.sys
2005-02-09 01:30:53 41088 ----a-w- c:\windows\system32\drivers\SISAGP.SYS
2005-02-09 01:30:08 44928 -c--a-w- c:\windows\system32\dllcache\agpcpq.sys
2005-02-09 01:30:08 44928 ----a-w- c:\windows\system32\drivers\AGPCPQ.SYS
2005-02-09 01:15:54 43008 -c--a-w- c:\windows\system32\dllcache\amdagp.sys
2005-02-09 01:15:54 43008 ----a-w- c:\windows\system32\drivers\AMDAGP.SYS
2005-02-09 01:15:43 42752 -c--a-w- c:\windows\system32\dllcache\alim1541.sys
2005-02-09 01:15:43 42752 ----a-w- c:\windows\system32\drivers\ALIM1541.SYS
2005-02-09 01:09:16 352768 ----a-w- c:\windows\system32\MSDRMClient.msi
2005-02-08 22:25:03 -------- d-----w- c:\program files\OfficeUpdate11
2005-02-08 21:31:53 28726 ----a-w- c:\windows\system32\ismifcom.dll
2005-02-08 21:15:11 -------- d-----w- c:\program files\Windows Media Connect
2005-02-08 21:15:03 -------- d-----w- c:\program files\HighMAT CD Writing Wizard
2005-02-08 21:14:59 -------- d-----w- c:\windows\Downloaded Installations
2005-02-08 20:57:21 35552 -c--a-w- c:\windows\system32\dllcache\wups.dll
2005-02-08 20:57:18 575704 -c--a-w- c:\windows\system32\dllcache\wuapi.dll
2005-02-08 20:57:18 -------- d-----w- c:\windows\system32\SoftwareDistribution
2005-02-08 20:46:44 -------- d-sh--w- c:\documents and settings\administrator\UserData
2005-02-08 20:29:30 -------- d-----w- c:\windows\system32\VPCache
2005-02-08 08:48:59 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2005-02-08 08:48:59 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2005-02-08 08:43:32 53248 ----a-w- c:\windows\system32\Prounstl.exe
2005-02-08 08:43:32 23040 ----a-w- c:\windows\system32\IntelNic.dll
2005-02-08 08:43:32 16384 ----a-w- c:\windows\system32\e100bmsg.dll
2005-02-08 08:42:47 17232 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2005-02-08 08:41:14 -------- d-----w- c:\program files\InterVideo
2005-02-08 08:35:34 12032 ----a-w- c:\windows\system32\drivers\Netdevio.sys
2005-02-08 08:35:30 696320 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2005-02-08 08:35:30 57344 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2005-02-08 08:35:30 5632 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2005-02-08 08:35:30 237568 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2005-02-08 08:35:30 155648 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2005-02-08 08:35:29 282756 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2005-02-08 08:35:29 163972 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2005-02-08 08:35:01 -------- d-----w- c:\windows\system32\SDA
2005-02-08 08:34:22 53248 ----a-w- c:\windows\system32\TSigGina.dll
2005-02-08 08:34:22 131072 ----a-w- c:\windows\system32\TosSig.dll
2005-02-08 08:34:22 1302528 ----a-w- c:\windows\system32\TSigReco.dll
2005-02-08 08:31:57 372224 -c--a-w- c:\windows\IsUn0411.exe
2005-02-08 08:30:45 135168 -c--a-w- c:\windows\svae_unst.exe
2005-02-08 08:30:09 5888 ----a-w- c:\windows\system32\drivers\TMEI3E.sys
2005-02-08 08:30:09 49152 ----a-w- c:\windows\TMEVALDD.dll
2005-02-08 08:30:09 208896 ----a-w- c:\windows\system32\tmeprop.cpl
2005-02-08 08:28:01 520192 ----a-w- c:\windows\system32\HWSETUP.CPL
2005-02-08 08:28:01 36864 ----a-w- c:\windows\system32\tcleanup.exe
2005-02-08 08:28:01 24576 ----a-w- c:\windows\system32\TSCIEX.DLL
2005-02-08 08:28:01 184320 ----a-w- c:\windows\system32\TSCCALL.DLL
2005-02-08 08:28:01 135168 ----a-w- c:\windows\system32\TSDTOKEN.DLL
2005-02-08 08:28:01 126976 ----a-w- c:\windows\system32\tutildel.exe
2005-02-08 08:26:20 40960 ----a-w- c:\windows\system32\SetRot.exe
2005-02-08 08:23:27 262144 ----a-w- c:\windows\system32\SMBIOS.ocx
2005-02-08 08:23:02 6867 ----a-w- c:\windows\system32\drivers\tbiosdrv.sys
2005-02-08 08:23:02 1273856 -c--a-w- c:\windows\InstDrvr.exe
2005-02-08 08:21:09 53248 ----a-w- c:\windows\system32\TPwrCfg.dll
2005-02-08 08:21:09 45056 ----a-w- c:\windows\system32\TPSAddin.dll
2005-02-08 08:21:09 1257472 ----a-w- c:\windows\system32\TPwrSave.cpl
2005-02-08 08:21:08 90112 ----a-w- c:\windows\system32\CpuPerf.dll
2005-02-08 08:21:08 81920 ----a-w- c:\windows\system32\TPwrReg.dll
2005-02-08 08:21:08 53248 ----a-w- c:\windows\system32\TPSTrace.dll
2005-02-08 08:21:08 53248 ----a-w- c:\windows\system32\TPSDel.dll
2005-02-08 08:21:08 45056 ----a-w- c:\windows\system32\TPSMainCtl.dll
2005-02-08 08:21:08 45056 ----a-w- c:\windows\system32\TPSBattM.exe
2005-02-08 08:21:08 32768 ----a-w- c:\windows\system32\TPeculiarity.dll
2005-02-08 08:21:08 278528 ----a-w- c:\windows\system32\TPSMain.exe
2005-02-08 08:19:48 -------- d-----w- c:\documents and settings\administrator\WINDOWS
2005-02-08 08:19:33 892928 -c--a-w- c:\windows\tabtsb.dll
2005-02-08 08:19:22 8832 ----a-w- c:\windows\system32\drivers\TBtnKey.sys
2005-02-08 08:17:15 36864 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll
2005-02-08 08:17:14 172032 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe
2005-02-08 08:17:12 98304 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll
2005-02-08 08:14:16 9216 ----a-w- c:\windows\system32\drivers\TVALZ.SYS
2005-02-08 08:14:16 53248 ----a-w- c:\windows\system32\InsSecRc.scr
2005-02-08 08:14:16 53248 ----a-w- c:\windows\system32\InsSec.scr
2005-02-08 08:14:16 49152 ----a-w- c:\windows\system32\BrigthDL.dll
2005-02-08 08:14:16 40960 ----a-w- c:\windows\system32\Thkemrun.exe
2005-02-08 08:14:16 32768 ----a-w- c:\windows\system32\TWarnMsg.exe
2005-02-08 08:14:16 258048 ----a-w- c:\windows\system32\00THotkey.exe
2005-02-08 08:14:16 24576 ----a-w- c:\windows\system32\Tsci.dll
2005-02-08 08:14:16 24576 ----a-w- c:\windows\system32\Thci.dll
2005-02-08 08:14:16 24576 ----a-w- c:\windows\system32\000StTHK.exe
2005-02-08 08:14:15 -------- d-----w- c:\program files\Toshiba
2005-02-08 08:12:23 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2005-02-08 08:12:05 -------- d-----w- c:\documents and settings\administrator\local settings\application data\{7148F0A6-6813-11D6-A77B-00B0D0142050}
2005-02-08 08:11:19 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2005-02-08 08:11:19 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2005-02-08 08:11:11 27136 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2005-02-08 08:11:11 27136 ----a-w- c:\windows\system32\irmon.dll
2005-02-08 08:11:10 87424 -c--a-w- c:\windows\system32\dllcache\irda.sys
2005-02-08 08:11:10 87424 ----a-w- c:\windows\system32\drivers\irda.sys
2005-02-08 08:11:10 152576 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2005-02-08 08:11:10 152576 ----a-w- c:\windows\system32\irftp.exe
2005-02-08 08:11:09 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2005-02-08 08:11:09 8192 ----a-w- c:\windows\system32\wshirda.dll
2005-02-08 08:11:06 38425 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2005-02-08 08:11:06 38425 ----a-w- c:\windows\system32\drivers\smcirda.sys
2005-02-08 08:10:44 99577 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2005-02-08 08:10:44 81739 ----a-w- c:\windows\system32\Vxdif.dll
2005-02-08 08:10:44 -------- d-----w- c:\program files\Apoint2K
2005-02-08 08:10:41 212992 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2005-02-08 08:10:32 88363 ----a-w- c:\windows\agrsmmsg.exe
2005-02-08 08:10:32 77824 ----a-w- c:\windows\system32\tosmreg.exe
2005-02-08 08:10:32 45056 ----a-w- c:\windows\system32\csellang.dll
2005-02-08 08:10:32 130048 -c--a-w- c:\windows\agrsmdel.exe
2005-02-08 08:10:32 110592 ----a-w- c:\windows\system32\cselect.exe
2005-02-08 08:10:32 -------- d-----w- c:\program files\ltmoh
2005-02-08 08:10:14 -------- d-----w- c:\windows\Options
2005-02-08 08:08:11 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
2005-02-08 08:07:45 991232 ----a-w- c:\windows\system32\W22MLRES.DLL
2005-02-08 08:07:15 991232 ----a-w- c:\windows\system32\W70MLRES.DLL
2005-02-08 08:07:15 970752 ----a-w- c:\windows\system32\W20MLRES.DLL
2005-02-08 08:05:58 7552 -c--a-w- c:\windows\system32\dllcache\mskssrv.sys
2005-02-08 08:04:02 -------- d-----w- c:\windows\nview
2005-02-08 08:00:34 -------- d-----w- c:\windows\system32\ReinstallBackups
2005-02-08 08:00:23 225280 -c--a-w- c:\program files\common files\installshield\iscript\IScript.dll
2005-02-08 08:00:22 77824 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2005-02-08 08:00:22 32768 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2005-02-08 08:00:22 176128 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2005-02-08 08:00:21 692356 -c----w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2005-02-08 07:58:22 173 -c--a-w- c:\windows\CBCDDEL.BAT
2005-02-08 07:58:22 105 -c--a-w- c:\windows\BVER.BAT
.
==================== Find3M ====================
.
2011-03-26 05:07:12 107776 ----a-w- c:\windows\system32\drivers\ZTEusbvoice.sys
2011-03-26 05:07:12 107776 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-03-26 05:07:12 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-03-26 05:07:12 107776 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 06:24:35 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-02-24 12:31:30 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:19:55 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39:04 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47:05 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01:43 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-29 15:08:04 683520 ----a-w- c:\windows\system32\inetcomm.dll
2010-01-29 14:43:39 307260 ----a-w- c:\windows\system32\l3codeca.acm
2010-01-29 14:43:39 143422 ----a-w- c:\windows\system32\l3codecx.ax
2010-01-13 14:10:54 85504 ----a-w- c:\windows\system32\cabview.dll
2009-12-31 16:14:12 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-24 07:05:26 177664 ----a-w- c:\windows\system32\wintrust.dll
2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-11-27 17:33:35 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:33:35 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:37:27 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:37:27 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37:27 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37:27 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37:27 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 16:36:13 470528 ----a-w- c:\windows\apppatch\aclayers.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58:48 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 17:21:48 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-10-15 17:21:47 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-10-13 10:45:12 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 14:32:11 282654 ----a-w- c:\windows\system32\msaud32.acm
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 09:47:14 352256 ----a-w- c:\windows\system32\winhttp.dll
2009-08-14 12:19:41 1850112 ----a-w- c:\windows\system32\win32k.sys
2009-08-06 13:54:10 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2009-08-05 09:11:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 04:57:32 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-17 18:55:28 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:27:47 1435648 ----a-w- c:\windows\system32\query.dll
2009-07-13 04:38:14 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 18:36:08 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36:08 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36:08 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36:08 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36:08 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36:08 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36:08 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36:08 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36:08 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36:08 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36:08 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36:08 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:44:41 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44:41 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44:41 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44:41 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44:41 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-22 11:49:23 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49:23 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49:04 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48:44 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34:52 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 11:50:54 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50:53 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 06:32:40 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42:37 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-05-07 15:44:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-15 15:11:19 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 19:31:38 413032 ----a-w- c:\windows\system32\wmspdmod.dll
2009-03-07 23:05:10 385024 ----a-w- c:\windows\system32\html.iec
2009-03-07 23:04:30 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-07 23:03:40 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-07 23:02:56 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-07 23:02:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-07 23:01:38 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-07 23:01:18 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-07 23:01:02 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-07 23:01:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-03-07 23:00:56 66560 ----a-w- c:\windows\system32\tdc.ocx
2009-03-07 22:52:38 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:44:35 283648 ----a-w- c:\windows\system32\pdh.dll
2009-02-09 10:20:34 399360 ----a-w- c:\windows\system32\rpcss.dll
2009-02-09 10:20:33 714752 ----a-w- c:\windows\system32\ntdll.dll
2009-02-09 10:20:33 616960 ----a-w- c:\windows\system32\advapi32.dll
2009-02-09 10:20:33 473088 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 10:20:32 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-06 17:14:03 110592 ----a-w- c:\windows\system32\services.exe
2009-02-06 16:54:36 35328 ----a-w- c:\windows\system32\sc.exe
2009-02-06 16:39:29 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2008-10-23 13:01:36 283648 ----a-w- c:\windows\system32\gdi32.dll
2008-08-14 09:51:43 138368 ----a-w- c:\windows\system32\drivers\afd.sys
2008-07-07 20:32:22 253952 ----a-w- c:\windows\system32\es.dll
.
============= FINISH: 23:39:50.98 ===============

PS: I have as well attached the log files in case if you need them.

mambass · 30-May-2012, 08:44 PM #7

Hi FlourishDNA,

Per the instructions here, please upload as an attachment the Attach.txt log that was also produced by DDS. It should be in the same directory as DDS, which should be on your Desktop per the instructions provided.

Is there a reason that your system clock has today's date set as January 6, 2000? If not, please set it to the correct date.

mambass

FlourishDNA · 31-May-2012, 01:41 AM #8

Hi mambass,

The date is wrong because the virus wont allow me to adjust the time. When I click "Adjust Date/Time" a small window flick for second and closes it automatically. I have attached the file you requested.

Thanks

mambass · 31-May-2012, 09:28 PM #9

Hi FlourishDNA,

MGADiag
1. Click here to download MGADiag.exe from Microsoft and save it to your Desktop.
2. Double-click on MGADiag.exe to run it.
3. Click Continue. The program will run. It takes a while to finish the diagnosis, please be patient.
4. Click the Copy button once the scan is done.
5. Open Notepad and paste the contents in its window.
6. Save this file and post it in your next reply.
CKScanner
1. Click here to download CKScanner © askey127 and save to your Desktop.
2. Double-click on CKScanner.exe and then click Search For Files.
  Note: It's important that you run this program only one time.
3. Click Save List To File after a very short time when the cursor hourglass disappears.
4. Click OK when prompted.
5. Post the contents of file ckfiles.txt on your Desktop in your reply.
WVCheck
1. Click here to download WVCheck.exe and save it to your Desktop.
2. Double-click WVCheck.exe to run the program.
3. Read the comments on the screen and then press Enter.
  The scan can take a while, depending on the size of your hard drive.
4. Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
5. Please copy and paste the contents of the Notepad scan report in your next reply.
Run a Scan with OTL
1. Click here to download OTL.exe by Old Timer and save it to your Desktop.
2. Double-click the OTL icon on your Desktop to run the program.
3. Check the boxes labeled :
  - Scan All Users
  - LOP check
  - Purity check
  - Extra Registry > Use SafeList
4. Make sure all other windows are closed so that it can run uninterrupted.
5. Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan won't take long.
6. When the scan completes, it will open two notepad windows. OTL.Txt will be displayed and Extras.Txt will be minimized. These are saved in the same location as OTL. (desktop)
7. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
Download and run Panda USB Vaccine
Notes:
- This step will download a program that can vaccinate a USB drive by creating a protected autorun.inf file in the drive's root directory. Once that file has been created, the only way to remove the file will be to reformat the USB drive. Whereas that may be fine for drives that you own, you might want to get permission before vaccinating someone else's USB drive.
- To avoid vaccinating a USB drive that has not been vaccinated, do not click the Vaccinate USB button in the Panda window but rather just click the Close button.
- To protect your system from a potentially infected USB drive, holding down the shift key while inserting the drive will keep any existing autorun.inf on the drive from executing.
1. While holding down the Ctrl key, click here to display the Panda USB Vaccine download page in another tab.
2. Click the Download Now (CNET Secure Download) button to download USBVaccineSetup.exe and save it to your Desktop.
3. Right-click on the USBVaccineSetup.exe icon and select Run as Administrator to begin the installation.
4. Accept the EULA and all of the defaults. Panda USB Vaccine should run at the end of the installation.
5. For each USB drive you would like to vaccinate:
  1. While holding down the Shift key, insert the USB drive.
  2. Panda will recognize that a USB drive has been inserted and will display a USB Key Vaccination window.
  3. Click the Vaccinate USB button.
  4. Once the "This USB Key is now vaccinated" status is displayed, click the Close button.
6. You can delete USBVaccineSetup.exe on your Desktop.
aswMBR
1. Click here to download aswMBR.exe and save it to your Desktop.
2. Double-click the aswMBR.exe icon to run it.
3. Click Yes if prompted to download Avast! virus definitions. This may take a while so please be patient.
4. Set the AVscan to Quick Scan and then click the Scan button. The scan may take a while so please be patient.
5. After the "Scan finished successfully" message is displayed, click Save log & save the log to your desktop.
6. Click OK. Two files will be created, aswMBR.txt & a file named MBR.dat
7. Save MBR.dat to a USB flash drive. This is a backup of your MBR (Master Boot record). Do not delete this file.
8. NOTE: Do not click to fix anything at this stage!
9. Click EXIT.
10. Copy & Paste the contents of aswMBR.txt into your next reply.

Please include in your reply (use separate posts if more convenient):

The text of any error messages and/or a description of any problems you encountered while performing these steps.
The contents of the MGADiag log.
The contents of the CKScanner log.
The contents of the WVCheck log.
The contents of the OTL.txt and Extras.txt logs.
The contents of the aswMBR.txt log.

mambass

FlourishDNA · 04:21 AM

Here you go...

::::::::::::::::::::::::::::::::::::::::::::::::::: MGADiag :::::::::::::::::::::::::::::::::::::::::::::::::::

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-6VRQQ-7XR6D-8J268
Windows Product Key Hash: eYIq81QoQ+KvuTvzJ7GjYxzQsqw=
Windows Product ID: 76487-095-0205716-22598
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 5.1.2600.2.00010100.2.0.tab
ID: {CCBE4E28-835A-4F4B-A94A-3A18BAA245A3}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.5.723.1
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2ee7_E2AD56EA-148-80004005_16E0B333-89-80004005_78155E4D-232-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2ee7_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{CCBE4E28-835A-4F4B-A94A-3A18BAA245A3}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.2.0.tab</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-8J268</PKey><PID>76487-095-0205716-22598</PID><PIDType>5</PIDType><SID>S-1-5-21-4070297603-538264583-3767469655</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>PORTEGE M200</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>Version 1.10</Version><SMBIOSVersion major="2" minor="3"/><Date>20031031000000.000000+000</Date></BIOS><HWID>81990300018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>India Standard Time(GMT+05:30)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>2724689EE81F586</Val><Hash>UKU6I8j9l2ahEw78dZ20zsY5tHQ=</Hash><Pid>89388-707-0000034-65693</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 7AF7:Semp Toshiba Informatica Ltda|7AF7:TOSHIBA CORPORATION
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

::::::::::::::::::::::::::::::::::::::::::::::::::: CKScanner :::::::::::::::::::::::::::::::::::::::::::::::::::

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.JPAPTE
----- EOF -----

::::::::::::::::::::::::::::::::::::::::::::::::::: WVCheck :::::::::::::::::::::::::::::::::::::::::::::::::::
Windows Validation Check
Version: 1.9.12.5
Log Created On: 1229_08-01-2000
-----------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 2
Windows Mode: Normal
Systemroot Path: C:\WINDOWS

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2010-10-13 14:40:29
Last Success Time for Update Download: 2010-05-23 06:47:15
Last Success Time for Update Installation: 2000-12-18 02:31:05

WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------

WVCheck's File Dump
-----------------------
WVCheck found no known bad files.

WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.

WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.

WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.

WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b409909f6e2e8a7067076ed748abf1e7

-------- End of File, program close at 1232_08-01-2000 --------

FlourishDNA · 01-Jun-2012, 04:29 AM **#11**

Hi,

I was not able to copy and paste the OTL log so I am attaching in this reply.

Thanks

FlourishDNA · 01-Jun-2012, 04:30 AM **#12**

::::::::::::::::::::::::::::::::::::::::::::::::::: aswMBR :::::::::::::::::::::::::::::::::::::::::::::::::::

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2000-01-08 15:19:32
-----------------------------
15:19:32.944 OS Version: Windows 5.1.2600 Service Pack 2
15:19:32.954 Number of processors: 1 586 0x905
15:19:32.954 ComputerName: AMARESHR2 UserName:
15:19:35.127 Initialize success
15:33:38.760 AVAST engine defs: 12053101
15:38:44.150 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:38:44.150 Disk 0 Vendor: HTS726060M9AT00 MH4OA68A Size: 57231MB BusType: 3
15:38:44.160 Disk 0 MBR read successfully
15:38:44.160 Disk 0 MBR scan
15:38:44.240 Disk 0 Windows XP default MBR code
15:38:44.240 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57223 MB offset 63
15:38:44.260 Disk 0 scanning sectors +117194175
15:38:44.380 Disk 0 scanning C:\WINDOWS\system32\drivers
15:39:11.068 Service scanning
15:39:29.555 Service Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe **INFECTED** Win32:Sality
15:39:45.348 Service Tmesrv C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe **INFECTED** Win32:Sality
15:39:49.554 Service WmcCdsLs C:\Program Files\Windows Media Connect\mswmcls.exe **INFECTED** Win32:Sality
15:39:52.428 Modules scanning
15:40:09.512 Disk 0 trace - called modules:
15:40:09.542 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
15:40:09.542 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3aa030]
15:40:09.542 3 CLASSPNP.SYS[f76b805b] -> nt!IofCallDriver -> \Device\000000a5[0x8a33e9e8]
15:40:09.542 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a33ed98]
15:40:11.535 AVAST engine scan C:\WINDOWS
15:40:13.738 File: C:\WINDOWS\agrsmdel.exe **INFECTED** Win32:Sality
15:40:16.733 File: C:\WINDOWS\InstDrvr.exe **INFECTED** Win32:Sality
15:40:17.033 File: C:\WINDOWS\IsUn0411.exe **INFECTED** Win32:Sality
15:40:17.283 File: C:\WINDOWS\IsUninst.exe **INFECTED** Win32:Sality
15:40:24.854 File: C:\WINDOWS\MXOALDR.EXE **INFECTED** Win32:Sality
15:40:26.787 File: C:\WINDOWS\songs.exe **INFECTED** Win32:Malware-gen
15:40:27.007 File: C:\WINDOWS\svae_unst.exe **INFECTED** Win32:Sality
15:40:27.298 File: C:\WINDOWS\SYSTEMIL.EXE **INFECTED** Win32:VB-HJN [Wrm]
15:40:32.055 AVAST engine scan C:\WINDOWS\system32
15:42:34.491 File: C:\WINDOWS\system32\LVCOMSX.EXE **INFECTED** Win32:Sality
15:45:10.796 File: C:\WINDOWS\system32\SVCHOST32.EXE **INFECTED** Win32:Sality
15:45:57.292 File: C:\WINDOWS\system32\WindowsXP-KB824133-x86-ENU.exe **INFECTED** Win32:Sality
15:46:33.545 File: C:\WINDOWS\system32\XP-1718E4C3.EXE **INFECTED** Win32:AutoRun-BHJ [Wrm]
15:51:34.227 AVAST engine scan C:\WINDOWS\system32\drivers
15:52:08.737 AVAST engine scan C:\Documents and Settings\Administrator
15:52:21.084 File: C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe **INFECTED** Win32:Sality
15:52:46.361 File: C:\Documents and Settings\Administrator\Desktop\My Files\Images\Games.exe **INFECTED** Win32:VB-HJN [Wrm]
15:52:48.744 File: C:\Documents and Settings\Administrator\Desktop\My Files\Images\Photos.exe **INFECTED** Win32:VB-HJN [Wrm]
15:52:50.807 File: C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Audio.exe **INFECTED** Win32:AutoRun-BHJ [Wrm]
15:52:51.849 File: C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Ebook\Images.exe **INFECTED** Win32:AutoRun-BHJ [Wrm]
15:52:52.029 File: C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Games.exe **INFECTED** Win32:VB-HJN [Wrm]
15:52:54.132 File: C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\My Videos.exe **INFECTED** Win32:AutoRun-BHJ [Wrm]
15:52:56.776 File: C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Photos.exe **INFECTED** Win32:VB-HJN [Wrm]
15:52:56.956 File: C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Pictures.exe **INFECTED** Win32:VB-HJN [Wrm]
15:52:58.087 File: C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Received.exe **INFECTED** Win32:AutoRun-BHJ [Wrm]
15:52:58.218 File: C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\songs.exe **INFECTED** Win32:Malware-gen
15:54:08.519 File: C:\Documents and Settings\Administrator\Desktop\OTL.exe **INFECTED** Win32:Sality
15:54:12.114 File: C:\Documents and Settings\Administrator\Desktop\WVCheck.exe **INFECTED** Win32:Sality
15:54:25.513 File: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\G1JKAC6D.W7R\0B0KTNLQ.0AW\clic...exe_9a8dfcd080ccb114_000 1.0002_none_19406a39b53cc9ad\GoogleUpdateSetup.exe **INFECTED** Win32:Sality
15:54:26.194 File: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\G1JKAC6D.W7R\0B0KTNLQ.0AW\goog...app_9a8dfcd080ccb114_000 1.0002_7140c0fbcca31fb8\GoogleUpdateSetup.exe **INFECTED** Win32:Sality
15:54:28.868 File: C:\Documents and Settings\Administrator\Local Settings\Temp\set1CE.tmp **INFECTED** Win32:Sality
15:55:19.791 AVAST engine scan C:\Documents and Settings\All Users
15:55:22.675 File: C:\Documents and Settings\All Users\Application Data\DatacardService\Temp\Tata Photon+\Setup.exe **INFECTED** Win32:Sality
15:55:30.967 File: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CertRequest.exe **INFECTED** Win32:Sality
15:55:32.149 File: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CSCredH.exe **INFECTED** Win32:Sality
15:55:33.251 File: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CSIPSec.exe **INFECTED** Win32:Sality
15:55:33.561 File: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CSPunchIt.exe **INFECTED** Win32:Sality
15:55:33.902 File: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CSQFINST.EXE **INFECTED** Win32:Sality
15:57:22.598 File: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SYSTEMIL2.EXE **INFECTED** Win32:VB-HJN [Wrm]
15:57:24.010 Scan finished successfully
15:58:11.678 Disk 0 MBR has been saved successfully to "D:\Logs\MBR.dat"
15:58:11.698 The log file has been saved successfully to "D:\Logs\aswMBR.txt"

mambass · 01-Jun-2012, 12:23 PM **#13**

Hi FlourishDNA,

TDSSKiller
1. Click here to download TDSSKiller and save it to your Desktop.
2. Double click the TDSSKiller.exe icon on your Desktop to launch it.
3. Click on Start Scan, to start the scan.
4. When the scan has finished, if it finds anything where "Cure" is an option, please click on the drop down arrow next to Cure and select Skip
5. Now click on Report to open the log file created by TDSSKiller in your root directory C:\
6. To find the log go to Start > Computer > C:
7. Post the contents of that log in your next reply please.
8. DO NOT TRY TO FIX (CURE) ANYTHING AT THIS POINT
ESET online scannner
1. Please disable any Antivirus you have active, as shown in This Topic.
2. Hold down Ctrl then click on the following link to open a new window to ESET online scannner
  - If Internet Explorer is being used then check Yes, I accept the Terms of Use and then click the Start button.
    Allow the ESET Scanner Active-X component to be installed if asked and click the Retry button if prompted to restart the download.
  - If a browser other than Internet Explorer is being used then click the esetsmartinstaller_enu.exe link and save the installer to your Desktop.
    Double-click on the installer to run it.
    Check Yes, I accept the Terms of Use and click the Start button.
3. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
4. Now click on Advanced Settings and select the following:
  - Scan for potentially unwanted applications
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth Technology
5. Now click on Start.
6. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
7. When completed the Online Scan will begin automatically.
8. Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
9. When completed do not select Uninstall application on close.
10. Click on Finish.
11. Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
12. Copy and paste that log as a reply to this topic.
13. Re-enable your Antivirus software.

Please include in your reply:

The text of any error messages and/or a description of any problems you encountered while performing these steps.
The contents of the TDSSKiller log.
The contents of the ESET log.

mambass

FlourishDNA · 01-Jun-2012, 06:01 PM **#14**

Hi Mambass,

Here you go....

::::::::::::::::::::::::::::::::::: General Errors :::::::::::::::::::::::::::::::::::

I downloaded all the softwares on my another pc and copied it via USB and then placed them on the desktop of infected laptop after that I removed the USB and inserted my docomo 3G dongule. Whne I tried to connect it to net I got the following error.

Microsoft Visual C++ Runtime Library
Runtime Error!
Program : C:\Program Files\TATA DOCOMO 3G\TATA DOCOMO 3G.exe
R6002
-floating point support not loaded.

If I click OK the 3G diler would automatically close so I didnt click ok then ran EST Online Scanner

I was getting below error frequently with option Cancel, Try Again and Continue. I didnt do anything till ESET Online Scanner completed its job.

Windows - No Disk
Exception Processing Message c0000013 Parameters 75b6bf7v 4 75b6bf7c 75b6bf7c

::::::::::::::::::::::::::::::::::: TDSSKiller log :::::::::::::::::::::::::::::::::::
00:45:54.0061 2888 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
00:45:54.0122 2888 ============================================================
00:45:54.0122 2888 Current date / time: 2000/01/09 00:45:54.0122
00:45:54.0122 2888 SystemInfo:
00:45:54.0122 2888
00:45:54.0122 2888 OS Version: 5.1.2600 ServicePack: 2.0
00:45:54.0122 2888 Product type: Workstation
00:45:54.0122 2888 ComputerName: AMARESHR2
00:45:54.0122 2888 UserName: Administrator
00:45:54.0122 2888 Windows directory: C:\WINDOWS
00:45:54.0122 2888 System windows directory: C:\WINDOWS
00:45:54.0122 2888 Processor architecture: Intel x86
00:45:54.0122 2888 Number of processors: 1
00:45:54.0122 2888 Page size: 0x1000
00:45:54.0122 2888 Boot type: Normal boot
00:45:54.0122 2888 ============================================================
00:45:56.0755 2888 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:45:56.0755 2888 Drive \Device\Harddisk1\DR10 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:45:56.0765 2888 ============================================================
00:45:56.0765 2888 \Device\Harddisk0\DR0:
00:45:56.0765 2888 MBR partitions:
00:45:56.0765 2888 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
00:45:56.0765 2888 \Device\Harddisk1\DR10:
00:45:56.0765 2888 MBR partitions:
00:45:56.0765 2888 \Device\Harddisk1\DR10\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
00:45:56.0765 2888 ============================================================
00:45:56.0805 2888 C: <-> \Device\Harddisk0\DR0\Partition0
00:45:56.0805 2888 ============================================================
00:45:56.0805 2888 Initialize success
00:45:56.0805 2888 ============================================================
00:46:03.0115 3996 ============================================================
00:46:03.0115 3996 Scan started
00:46:03.0115 3996 Mode: Manual;
00:46:03.0115 3996 ============================================================
00:46:03.0846 3996 Abiosdsk - ok
00:46:03.0896 3996 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
00:46:03.0916 3996 abp480n5 - ok
00:46:04.0046 3996 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:46:04.0106 3996 ACPI - ok
00:46:04.0166 3996 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:46:04.0166 3996 ACPIEC - ok
00:46:04.0286 3996 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:46:04.0306 3996 adpu160m - ok
00:46:04.0456 3996 AdtAgent (90036cead6d1eaf1dec01962cfcb3d16) C:\WINDOWS\system32\AdtAgent.exe
00:46:04.0547 3996 AdtAgent - ok
00:46:04.0667 3996 aeaudio (75bee80a25fc7f690dcd57570dc159c1) C:\WINDOWS\system32\drivers\aeaudio.sys
00:46:04.0697 3996 aeaudio - ok
00:46:04.0817 3996 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
00:46:04.0867 3996 aec - ok
00:46:04.0997 3996 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
00:46:05.0047 3996 AFD - ok
00:46:05.0758 3996 AgereSoftModem (052343cd49c8da20c48958cfe73c7d44) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
00:46:06.0209 3996 AgereSoftModem - ok
00:46:06.0279 3996 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
00:46:06.0299 3996 agp440 - ok
00:46:06.0359 3996 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
00:46:06.0359 3996 agpCPQ - ok
00:46:06.0409 3996 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
00:46:06.0409 3996 Aha154x - ok
00:46:06.0469 3996 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:46:06.0479 3996 aic78u2 - ok
00:46:06.0539 3996 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:46:06.0559 3996 aic78xx - ok
00:46:06.0630 3996 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
00:46:06.0630 3996 Alerter - ok
00:46:06.0690 3996 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
00:46:06.0700 3996 ALG - ok
00:46:06.0760 3996 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
00:46:06.0760 3996 AliIde - ok
00:46:06.0810 3996 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
00:46:06.0830 3996 alim1541 - ok
00:46:06.0880 3996 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
00:46:06.0890 3996 amdagp - ok
00:46:06.0930 3996 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
00:46:06.0930 3996 amsint - ok
00:46:06.0960 3996 amsint32 - ok
00:46:07.0070 3996 ApfiltrService (25b063d45e57f06b175f29140c700a14) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
00:46:07.0100 3996 ApfiltrService - ok
00:46:07.0210 3996 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
00:46:07.0270 3996 AppMgmt - ok
00:46:07.0311 3996 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
00:46:07.0311 3996 asc - ok
00:46:07.0361 3996 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
00:46:07.0361 3996 asc3350p - ok
00:46:07.0411 3996 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
00:46:07.0421 3996 asc3550 - ok
00:46:07.0601 3996 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:46:07.0651 3996 aspnet_state - ok
00:46:07.0701 3996 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:46:07.0711 3996 AsyncMac - ok
00:46:07.0791 3996 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:46:07.0791 3996 atapi - ok
00:46:07.0811 3996 Atdisk - ok
00:46:07.0901 3996 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:46:07.0921 3996 Atmarpc - ok
00:46:08.0002 3996 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
00:46:08.0012 3996 AudioSrv - ok
00:46:08.0032 3996 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:46:08.0032 3996 audstub - ok
00:46:08.0092 3996 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:46:08.0092 3996 Beep - ok
00:46:08.0362 3996 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
00:46:08.0502 3996 BITS - ok
00:46:08.0572 3996 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
00:46:08.0602 3996 Browser - ok
00:46:08.0662 3996 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
00:46:08.0673 3996 BthEnum - ok
00:46:08.0763 3996 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
00:46:08.0803 3996 BthPan - ok
00:46:08.0993 3996 BTHPORT (95ef6f3f386d93ee1e4d9ca45a50252a) C:\WINDOWS\system32\Drivers\BTHport.sys
00:46:09.0093 3996 BTHPORT - ok
00:46:09.0143 3996 BthServ (a18cc8c9b3890b1b68bed213716fef6b) C:\WINDOWS\System32\bthserv.dll
00:46:09.0153 3996 BthServ - ok
00:46:09.0223 3996 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
00:46:09.0233 3996 BTHUSB - ok
00:46:09.0444 3996 CamDrL (cba8bce5bf67a3c619d5ce540bed9cf7) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
00:46:09.0554 3996 CamDrL - ok
00:46:09.0614 3996 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
00:46:09.0624 3996 cbidf - ok
00:46:09.0644 3996 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:46:09.0644 3996 cbidf2k - ok
00:46:09.0714 3996 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:46:09.0724 3996 CCDECODE - ok
00:46:10.0095 3996 CcmExec (258ca873ea70292af5968b4a1676b550) C:\WINDOWS\system32\CCM\CcmExec.exe
00:46:10.0285 3996 CcmExec - ok
00:46:10.0335 3996 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
00:46:10.0335 3996 cd20xrnt - ok
00:46:10.0385 3996 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:46:10.0395 3996 Cdaudio - ok
00:46:10.0485 3996 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
00:46:10.0485 3996 Cdfs - ok
00:46:10.0555 3996 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:46:10.0575 3996 Cdrom - ok
00:46:10.0695 3996 CFSvcs (527235c8109bf5d4dbda7d1948648c46) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
00:46:10.0695 3996 CFSvcs - ok
00:46:10.0705 3996 Changer - ok
00:46:10.0735 3996 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
00:46:10.0735 3996 CiSvc - ok
00:46:10.0796 3996 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
00:46:10.0806 3996 ClipSrv - ok
00:46:10.0996 3996 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:46:11.0096 3996 clr_optimization_v2.0.50727_32 - ok
00:46:11.0156 3996 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:46:11.0156 3996 CmBatt - ok
00:46:11.0276 3996 cmbp0wdm (25108c31b043b5fb985487b08e288f68) C:\WINDOWS\system32\DRIVERS\cmbp0wdm.sys
00:46:11.0286 3996 cmbp0wdm - ok
00:46:11.0386 3996 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
00:46:11.0386 3996 CmdIde - ok
00:46:11.0436 3996 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:46:11.0436 3996 Compbatt - ok
00:46:11.0477 3996 COMSysApp - ok
00:46:11.0567 3996 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
00:46:11.0567 3996 Cpqarray - ok
00:46:11.0637 3996 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
00:46:11.0657 3996 CryptSvc - ok
00:46:11.0807 3996 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
00:46:11.0857 3996 dac2w2k - ok
00:46:11.0907 3996 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
00:46:11.0907 3996 dac960nt - ok
00:46:12.0158 3996 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
00:46:12.0298 3996 DcomLaunch - ok
00:46:12.0408 3996 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
00:46:12.0448 3996 Dhcp - ok
00:46:12.0498 3996 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
00:46:12.0508 3996 Disk - ok
00:46:12.0548 3996 dmadmin - ok
00:46:12.0959 3996 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
00:46:13.0259 3996 dmboot - ok
00:46:13.0379 3996 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
00:46:13.0419 3996 dmio - ok
00:46:13.0459 3996 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:46:13.0459 3996 dmload - ok
00:46:13.0519 3996 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
00:46:13.0519 3996 dmserver - ok
00:46:13.0590 3996 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
00:46:13.0610 3996 DMusic - ok
00:46:13.0670 3996 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
00:46:13.0680 3996 Dnscache - ok
00:46:13.0730 3996 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:46:13.0740 3996 dpti2o - ok
00:46:13.0780 3996 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
00:46:13.0780 3996 drmkaud - ok
00:46:13.0900 3996 DVD-RAM_Service (77c4901986fc7a83e853b300e80d234b) C:\WINDOWS\system32\DVDRAMSV.exe
00:46:13.0930 3996 DVD-RAM_Service - ok
00:46:14.0070 3996 E100B (fae8b6b311f898df3d19bc638e980ca5) C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:46:14.0120 3996 E100B - ok
00:46:14.0190 3996 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
00:46:14.0200 3996 ERSvc - ok
00:46:14.0301 3996 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
00:46:14.0361 3996 Eventlog - ok
00:46:14.0531 3996 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll
00:46:14.0621 3996 EventSystem - ok
00:46:14.0741 3996 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
00:46:14.0781 3996 Fastfat - ok
00:46:14.0891 3996 FastUserSwitchingCompatibility (53d9184a21c5cbf600d918e51ef3a7e5) C:\WINDOWS\System32\shsvcs.dll
00:46:14.0942 3996 FastUserSwitchingCompatibility - ok
00:46:15.0002 3996 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
00:46:15.0012 3996 Fdc - ok
00:46:15.0082 3996 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
00:46:15.0092 3996 Fips - ok
00:46:15.0132 3996 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:46:15.0152 3996 Flpydisk - ok
00:46:15.0312 3996 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:46:15.0362 3996 FltMgr - ok
00:46:15.0512 3996 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:46:15.0522 3996 FontCache3.0.0.0 - ok
00:46:15.0693 3996 FreeAgentGoNext Service (9513b437b7adb1e6065b7f0d83d11ecf) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
00:46:15.0763 3996 FreeAgentGoNext Service - ok
00:46:15.0793 3996 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:46:15.0803 3996 Fs_Rec - ok
00:46:15.0903 3996 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:46:15.0923 3996 Ftdisk - ok
00:46:15.0973 3996 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:46:16.0013 3996 Gpc - ok
00:46:16.0113 3996 GPCCARD (d915e74e520aae46a71fd27cc519ac66) C:\WINDOWS\system32\DRIVERS\GPCCARD.sys
00:46:16.0143 3996 GPCCARD - ok
00:46:16.0213 3996 GPR400 (2c72e7b69a0f46d58371cd2148825d98) C:\WINDOWS\system32\DRIVERS\gpr400.sys
00:46:16.0223 3996 GPR400 - ok
00:46:16.0354 3996 HealthService (ec0b1ce26284dc42965c73cba3bfd8a1) C:\Program Files\System Center Operations Manager 2007\HealthService.exe
00:46:16.0364 3996 HealthService - ok
00:46:16.0474 3996 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:46:16.0494 3996 helpsvc - ok
00:46:16.0544 3996 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
00:46:16.0564 3996 HidServ - ok
00:46:16.0624 3996 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:46:16.0624 3996 HidUsb - ok
00:46:16.0694 3996 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
00:46:16.0704 3996 hpn - ok
00:46:16.0884 3996 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
00:46:16.0974 3996 HTTP - ok
00:46:17.0045 3996 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
00:46:17.0055 3996 HTTPFilter - ok
00:46:17.0105 3996 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
00:46:17.0115 3996 i2omgmt - ok
00:46:17.0145 3996 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
00:46:17.0155 3996 i2omp - ok
00:46:17.0235 3996 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:46:17.0245 3996 i8042prt - ok
00:46:17.0856 3996 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:46:18.0196 3996 idsvc - ok
00:46:18.0266 3996 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:46:18.0286 3996 Imapi - ok
00:46:18.0427 3996 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
00:46:18.0477 3996 ImapiService - ok
00:46:18.0547 3996 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
00:46:18.0547 3996 ini910u - ok
00:46:18.0697 3996 InoRPC (8e4c21cf8636bcbe9076ccd47730e0d1) C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
00:46:18.0727 3996 InoRPC - ok
00:46:18.0867 3996 InoRT (b291c8f51a8f1026b9a0c5caa834051b) C:\Program Files\CA\eTrust Antivirus\InoRT.exe
00:46:18.0937 3996 InoRT - ok
00:46:19.0097 3996 InoTask (ef833db3d72287c9227fc77d62acf01b) C:\Program Files\CA\eTrust Antivirus\InoTask.exe
00:46:19.0188 3996 InoTask - ok
00:46:19.0228 3996 INO_FLPY (a65cbc3158ec8b4652e38a6f302cab2f) C:\WINDOWS\system32\Drivers\ino_flpy.sys
00:46:19.0258 3996 INO_FLPY - ok
00:46:19.0378 3996 INO_FLTR (01f9562c64f5cccff0e3e974ae2417ed) C:\WINDOWS\system32\Drivers\ino_fltr.sys
00:46:19.0468 3996 INO_FLTR - ok
00:46:19.0488 3996 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:46:19.0498 3996 IntelIde - ok
00:46:19.0558 3996 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:46:19.0568 3996 intelppm - ok
00:46:19.0648 3996 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:46:19.0658 3996 Ip6Fw - ok
00:46:19.0728 3996 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:46:19.0738 3996 IpFilterDriver - ok
00:46:19.0788 3996 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:46:19.0798 3996 IpInIp - ok
00:46:19.0909 3996 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:46:19.0969 3996 IpNat - ok
00:46:20.0049 3996 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:46:20.0079 3996 IPSec - ok
00:46:20.0169 3996 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
00:46:20.0199 3996 irda - ok
00:46:20.0269 3996 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:46:20.0269 3996 IRENUM - ok
00:46:20.0319 3996 Irmon (a02512c315c84f475bd89f847048b27b) C:\WINDOWS\System32\irmon.dll
00:46:20.0329 3996 Irmon - ok
00:46:20.0409 3996 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:46:20.0419 3996 isapnp - ok
00:46:20.0479 3996 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:46:20.0489 3996 Kbdclass - ok
00:46:20.0530 3996 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:46:20.0540 3996 kbdhid - ok
00:46:20.0700 3996 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
00:46:20.0700 3996 kmixer - ok
00:46:20.0770 3996 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
00:46:20.0800 3996 KSecDD - ok
00:46:20.0890 3996 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
00:46:20.0920 3996 lanmanserver - ok
00:46:21.0070 3996 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
00:46:21.0110 3996 lanmanworkstation - ok
00:46:21.0120 3996 lbrtfdc - ok
00:46:21.0191 3996 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
00:46:21.0201 3996 LmHosts - ok
00:46:21.0251 3996 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\WINDOWS\system32\drivers\lvusbsta.sys
00:46:21.0251 3996 LVUSBSta - ok
00:46:21.0401 3996 massfilter (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys
00:46:21.0401 3996 massfilter - ok
00:46:21.0511 3996 meiudf (8f821dbe06ea5e1f1448a13f7faf649b) C:\WINDOWS\system32\Drivers\meiudf.sys
00:46:21.0531 3996 meiudf - ok
00:46:21.0581 3996 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
00:46:21.0591 3996 Messenger - ok
00:46:21.0801 3996 Microsoft Office Groove Audit Service (0209b71c7cc8cdd82925dc39e0121e77) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
00:46:21.0801 3996 Microsoft Office Groove Audit Service - ok
00:46:21.0851 3996 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:46:21.0851 3996 mnmdd - ok
00:46:21.0932 3996 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
00:46:21.0942 3996 mnmsrvc - ok
00:46:22.0002 3996 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
00:46:22.0002 3996 Modem - ok
00:46:22.0092 3996 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:46:22.0092 3996 Mouclass - ok
00:46:22.0142 3996 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:46:22.0142 3996 mouhid - ok
00:46:22.0202 3996 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
00:46:22.0212 3996 MountMgr - ok
00:46:22.0272 3996 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:46:22.0282 3996 mraid35x - ok
00:46:22.0392 3996 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:46:22.0442 3996 MRxDAV - ok
00:46:22.0693 3996 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:46:22.0843 3996 MRxSmb - ok
00:46:22.0873 3996 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
00:46:22.0873 3996 MSDTC - ok
00:46:22.0933 3996 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
00:46:22.0943 3996 Msfs - ok
00:46:23.0013 3996 MSIRCOMM (ee55f5c64417cc369866d7eafe9b07ab) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
00:46:23.0013 3996 MSIRCOMM - ok
00:46:23.0023 3996 MSIServer - ok
00:46:23.0103 3996 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:46:23.0113 3996 MSKSSRV - ok
00:46:23.0153 3996 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:46:23.0163 3996 MSPCLOCK - ok
00:46:23.0203 3996 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
00:46:23.0213 3996 MSPQM - ok
00:46:23.0294 3996 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:46:23.0294 3996 mssmbios - ok
00:46:23.0374 3996 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
00:46:23.0384 3996 MSTEE - ok
00:46:23.0454 3996 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
00:46:23.0474 3996 Mup - ok
00:46:23.0554 3996 MXOFX (ca68234d644aca94e7de0c90d2142f9d) C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
00:46:23.0574 3996 MXOFX - ok
00:46:23.0624 3996 MXOPSWD (e3dec7ca28a9870e24fff4e467af7328) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
00:46:23.0634 3996 MXOPSWD - ok
00:46:23.0744 3996 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:46:23.0774 3996 NABTSFEC - ok
00:46:23.0884 3996 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
00:46:23.0934 3996 NDIS - ok
00:46:23.0964 3996 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:46:23.0975 3996 NdisIP - ok
00:46:24.0035 3996 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:46:24.0035 3996 NdisTapi - ok
00:46:24.0085 3996 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:46:24.0095 3996 Ndisuio - ok
00:46:24.0205 3996 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:46:24.0235 3996 NdisWan - ok
00:46:24.0295 3996 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
00:46:24.0315 3996 NDProxy - ok
00:46:24.0555 3996 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:46:24.0565 3996 NetBIOS - ok
00:46:24.0676 3996 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:46:24.0726 3996 NetBT - ok
00:46:24.0826 3996 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
00:46:24.0866 3996 NetDDE - ok
00:46:24.0886 3996 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
00:46:24.0896 3996 NetDDEdsdm - ok
00:46:24.0966 3996 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
00:46:24.0966 3996 Netdevio - ok
00:46:25.0006 3996 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
00:46:25.0016 3996 Netlogon - ok
00:46:25.0146 3996 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
00:46:25.0216 3996 Netman - ok
00:46:25.0477 3996 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:46:25.0517 3996 NetTcpPortSharing - ok
00:46:25.0677 3996 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
00:46:25.0757 3996 Nla - ok
00:46:25.0827 3996 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
00:46:25.0837 3996 Npfs - ok
00:46:26.0168 3996 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
00:46:26.0368 3996 Ntfs - ok
00:46:26.0568 3996 NTIDrvr - ok
00:46:26.0608 3996 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
00:46:26.0608 3996 NtLmSsp - ok
00:46:26.0919 3996 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
00:46:27.0089 3996 NtmsSvc - ok
00:46:27.0169 3996 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:46:27.0169 3996 Null - ok
00:46:27.0890 3996 nv (f409d1bf29c59c94c62940d6fc0287ed) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:46:28.0391 3996 nv - ok
00:46:28.0491 3996 NVSvc (99cc8547111542f3607f05dff45328c0) C:\WINDOWS\system32\nvsvc32.exe
00:46:28.0521 3996 NVSvc - ok
00:46:28.0611 3996 NWCWorkstation (0cb5b94ea315b3caae5a3e03f6a4aa69) C:\WINDOWS\System32\nwwks.dll
00:46:28.0631 3996 NWCWorkstation - ok
00:46:28.0721 3996 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:46:28.0731 3996 NwlnkFlt - ok
00:46:28.0781 3996 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:46:28.0801 3996 NwlnkFwd - ok
00:46:28.0912 3996 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
00:46:28.0952 3996 NwlnkIpx - ok
00:46:29.0022 3996 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
00:46:29.0042 3996 NwlnkNb - ok
00:46:29.0102 3996 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
00:46:29.0122 3996 NwlnkSpx - ok
00:46:29.0232 3996 NWRDR (3f18d9365be71c7b2e43b7cf4a0c1a10) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
00:46:29.0282 3996 NWRDR - ok
00:46:29.0683 3996 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:46:29.0693 3996 odserv - ok
00:46:29.0773 3996 OMNCMBP (25108c31b043b5fb985487b08e288f68) C:\WINDOWS\system32\DRIVERS\cmbp0wdm.sys
00:46:29.0773 3996 OMNCMBP - ok
00:46:29.0913 3996 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:46:29.0913 3996 ose - ok
00:46:30.0023 3996 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
00:46:30.0073 3996 Parport - ok
00:46:30.0133 3996 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
00:46:30.0133 3996 PartMgr - ok
00:46:30.0193 3996 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:46:30.0193 3996 ParVdm - ok
00:46:30.0274 3996 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
00:46:30.0294 3996 PCI - ok
00:46:30.0334 3996 PCIDump - ok
00:46:30.0384 3996 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:46:30.0384 3996 PCIIde - ok
00:46:30.0494 3996 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
00:46:30.0524 3996 Pcmcia - ok
00:46:30.0544 3996 PDCOMP - ok
00:46:30.0594 3996 PDFRAME - ok
00:46:30.0634 3996 PDRELI - ok
00:46:30.0654 3996 PDRFRAME - ok
00:46:30.0714 3996 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
00:46:30.0734 3996 perc2 - ok
00:46:30.0754 3996 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:46:30.0754 3996 perc2hib - ok
00:46:30.0924 3996 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
00:46:30.0924 3996 PlugPlay - ok
00:46:30.0965 3996 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
00:46:30.0965 3996 PolicyAgent - ok
00:46:31.0005 3996 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:46:31.0025 3996 PptpMiniport - ok
00:46:31.0145 3996 prepdrvr (9b322103efe09f5f4a957af62b0387b1) C:\WINDOWS\system32\CCM\prepdrv.sys
00:46:31.0155 3996 prepdrvr - ok
00:46:31.0165 3996 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
00:46:31.0165 3996 ProtectedStorage - ok
00:46:31.0205 3996 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
00:46:31.0235 3996 PSched - ok
00:46:31.0265 3996 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:46:31.0275 3996 Ptilink - ok
00:46:31.0315 3996 PxHelp20 (352cf968df88760fef225c3fbe7184a7) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
00:46:31.0315 3996 PxHelp20 - ok
00:46:31.0355 3996 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:46:31.0385 3996 ql1080 - ok
00:46:31.0415 3996 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:46:31.0435 3996 Ql10wnt - ok
00:46:31.0475 3996 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:46:31.0485 3996 ql12160 - ok
00:46:31.0515 3996 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:46:31.0535 3996 ql1240 - ok
00:46:31.0575 3996 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:46:31.0595 3996 ql1280 - ok
00:46:31.0605 3996 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:46:31.0615 3996 RasAcd - ok
00:46:31.0666 3996 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
00:46:31.0706 3996 RasAuto - ok
00:46:31.0746 3996 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
00:46:31.0756 3996 Rasirda - ok
00:46:31.0786 3996 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:46:31.0806 3996 Rasl2tp - ok
00:46:31.0916 3996 RasMan (d4bd2eeab07fef323f0a0ceecc954f51) C:\WINDOWS\System32\rasmans.dll
00:46:31.0996 3996 RasMan - ok
00:46:32.0056 3996 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:46:32.0076 3996 RasPppoe - ok
00:46:32.0116 3996 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:46:32.0126 3996 Raspti - ok
00:46:32.0296 3996 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:46:32.0347 3996 Rdbss - ok
00:46:32.0407 3996 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:46:32.0407 3996 RDPCDD - ok
00:46:32.0617 3996 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:46:32.0687 3996 rdpdr - ok
00:46:32.0797 3996 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
00:46:32.0847 3996 RDPWD - ok
00:46:32.0957 3996 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
00:46:33.0007 3996 RDSessMgr - ok
00:46:33.0068 3996 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:46:33.0088 3996 redbook - ok
00:46:33.0158 3996 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
00:46:33.0178 3996 RemoteAccess - ok
00:46:33.0268 3996 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
00:46:33.0288 3996 RemoteRegistry - ok
00:46:33.0398 3996 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
00:46:33.0418 3996 RFCOMM - ok
00:46:33.0518 3996 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
00:46:33.0538 3996 RpcLocator - ok
00:46:33.0769 3996 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
00:46:33.0779 3996 RpcSs - ok
00:46:33.0899 3996 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
00:46:33.0939 3996 RSVP - ok
00:46:33.0999 3996 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
00:46:33.0999 3996 SamSs - ok
00:46:34.0079 3996 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
00:46:34.0109 3996 SCardSvr - ok
00:46:34.0229 3996 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
00:46:34.0299 3996 Schedule - ok
00:46:34.0430 3996 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
00:46:34.0450 3996 sdbus - ok
00:46:34.0490 3996 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:46:34.0500 3996 Secdrv - ok
00:46:34.0600 3996 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
00:46:34.0610 3996 seclogon - ok
00:46:34.0680 3996 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
00:46:34.0690 3996 SENS - ok
00:46:34.0760 3996 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
00:46:34.0780 3996 Serial - ok
00:46:34.0870 3996 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
00:46:34.0870 3996 sffdisk - ok
00:46:34.0920 3996 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
00:46:34.0920 3996 sffp_sd - ok
00:46:34.0980 3996 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
00:46:34.0990 3996 Sfloppy - ok
00:46:35.0191 3996 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
00:46:35.0321 3996 SharedAccess - ok
00:46:35.0421 3996 ShellHWDetection (53d9184a21c5cbf600d918e51ef3a7e5) C:\WINDOWS\System32\shsvcs.dll
00:46:35.0431 3996 ShellHWDetection - ok
00:46:35.0461 3996 Simbad - ok
00:46:35.0531 3996 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:46:35.0531 3996 sisagp - ok
00:46:35.0581 3996 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:46:35.0581 3996 SLIP - ok
00:46:35.0641 3996 SMCIRDA (9951b523fe6820f29ef010680cb692d2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
00:46:35.0661 3996 SMCIRDA - ok
00:46:35.0822 3996 smwdm (710a9684bf50e6fe7c227b9de41159da) C:\WINDOWS\system32\drivers\smwdm.sys
00:46:35.0922 3996 smwdm - ok
00:46:36.0022 3996 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
00:46:36.0022 3996 SoundMAX Agent Service (default) - ok
00:46:36.0072 3996 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:46:36.0072 3996 Sparrow - ok
00:46:36.0172 3996 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
00:46:36.0172 3996 splitter - ok
00:46:36.0252 3996 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
00:46:36.0272 3996 Spooler - ok
00:46:36.0342 3996 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
00:46:36.0362 3996 sr - ok
00:46:36.0482 3996 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
00:46:36.0543 3996 srservice - ok
00:46:36.0753 3996 SRUserService (1c493053f3f46e257879bbc170e7c8cf) C:\Program Files\IT Connection Manager\SRUserService.exe
00:46:36.0753 3996 SRUserService - ok
00:46:36.0973 3996 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
00:46:37.0093 3996 Srv - ok
00:46:37.0163 3996 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
00:46:37.0194 3996 SSDPSRV - ok
00:46:37.0434 3996 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
00:46:37.0544 3996 stisvc - ok
00:46:37.0614 3996 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:46:37.0614 3996 streamip - ok
00:46:37.0654 3996 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:46:37.0664 3996 swenum - ok
00:46:37.0734 3996 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
00:46:37.0754 3996 swmidi - ok
00:46:37.0784 3996 SwPrv - ok
00:46:37.0834 3996 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
00:46:37.0844 3996 symc810 - ok
00:46:37.0885 3996 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:46:37.0895 3996 symc8xx - ok
00:46:37.0915 3996 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:46:37.0925 3996 sym_hi - ok
00:46:37.0965 3996 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:46:37.0975 3996 sym_u3 - ok
00:46:38.0035 3996 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
00:46:38.0055 3996 sysaudio - ok
00:46:38.0125 3996 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
00:46:38.0155 3996 SysmonLog - ok
00:46:38.0325 3996 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
00:46:38.0435 3996 TapiSrv - ok
00:46:38.0515 3996 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\system32\drivers\TBiosDrv.sys
00:46:38.0515 3996 TBiosDrv - ok
00:46:38.0586 3996 TBtnKey (1f1b3aa534db6107118bf7942275f100) C:\WINDOWS\system32\DRIVERS\TBtnKey.sys
00:46:38.0586 3996 TBtnKey - ok
00:46:38.0806 3996 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:46:38.0926 3996 Tcpip - ok
00:46:38.0986 3996 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:46:38.0996 3996 TDPIPE - ok
00:46:39.0046 3996 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
00:46:39.0056 3996 TDTCP - ok
00:46:39.0096 3996 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:46:39.0116 3996 TermDD - ok
00:46:39.0256 3996 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
00:46:39.0367 3996 TermService - ok
00:46:39.0567 3996 Themes (53d9184a21c5cbf600d918e51ef3a7e5) C:\WINDOWS\System32\shsvcs.dll
00:46:39.0567 3996 Themes - ok
00:46:39.0837 3996 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
00:46:39.0867 3996 TlntSvr - ok
00:46:39.0917 3996 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
00:46:39.0927 3996 TMEI3E - ok
00:46:40.0118 3996 Tmesrv (70bf4126a11c8edbf26d8436fef06603) C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
00:46:40.0188 3996 Tmesrv - ok
00:46:40.0238 3996 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
00:46:40.0248 3996 TosIde - ok
00:46:40.0368 3996 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
00:46:40.0438 3996 TrkWks - ok
00:46:40.0488 3996 TVALZ (c77f886230cded0075d628f88689681c) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
00:46:40.0488 3996 TVALZ - ok
00:46:40.0548 3996 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
00:46:40.0558 3996 Udfs - ok
00:46:40.0779 3996 UI Assistant Service (930039dd2900cfa8c33f1a7919223547) C:\Program Files\TATA DOCOMO 3G\AssistantServices.exe
00:46:40.0869 3996 UI Assistant Service - ok
00:46:40.0919 3996 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
00:46:40.0939 3996 ultra - ok
00:46:40.0999 3996 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
00:46:41.0009 3996 UMWdf - ok
00:46:41.0179 3996 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
00:46:41.0249 3996 Update - ok
00:46:41.0360 3996 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
00:46:41.0430 3996 upnphost - ok
00:46:41.0500 3996 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
00:46:41.0500 3996 UPS - ok
00:46:41.0600 3996 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
00:46:41.0620 3996 usbaudio - ok
00:46:41.0700 3996 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:46:41.0700 3996 usbccgp - ok
00:46:41.0770 3996 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:46:41.0780 3996 usbehci - ok
00:46:41.0860 3996 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:46:41.0900 3996 usbhub - ok
00:46:41.0960 3996 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:46:41.0970 3996 usbscan - ok
00:46:42.0050 3996 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:46:42.0050 3996 usbstor - ok
00:46:42.0111 3996 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:46:42.0121 3996 usbuhci - ok
00:46:42.0201 3996 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
00:46:42.0231 3996 usbvideo - ok
00:46:42.0291 3996 usb_rndisx (ae4df3b7d1db9373b08db4ed224e26b6) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
00:46:42.0301 3996 usb_rndisx - ok
00:46:42.0361 3996 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
00:46:42.0371 3996 VgaSave - ok
00:46:42.0421 3996 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:46:42.0441 3996 viaagp - ok
00:46:42.0491 3996 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
00:46:42.0491 3996 ViaIde - ok
00:46:42.0671 3996 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
00:46:42.0681 3996 VolSnap - ok
00:46:43.0042 3996 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
00:46:43.0142 3996 VSS - ok
00:46:43.0292 3996 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
00:46:43.0372 3996 W32Time - ok
00:46:44.0003 3996 w70n51 (3eccbb3689807787cd4c0fed20b1d0d8) C:\WINDOWS\system32\DRIVERS\w70n51.sys
00:46:44.0364 3996 w70n51 - ok
00:46:44.0424 3996 WacomPen (497f6cdb901ef8de81bd501e2aefb0d0) C:\WINDOWS\system32\DRIVERS\wacompen.sys
00:46:44.0444 3996 WacomPen - ok
00:46:44.0554 3996 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:46:44.0574 3996 Wanarp - ok
00:46:44.0674 3996 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
00:46:44.0724 3996 wceusbsh - ok
00:46:44.0754 3996 WDICA - ok
00:46:44.0855 3996 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
00:46:44.0885 3996 wdmaud - ok
00:46:44.0955 3996 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
00:46:44.0985 3996 WebClient - ok
00:46:45.0155 3996 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:46:45.0205 3996 winmgmt - ok
00:46:45.0576 3996 WmcCds (20263dafd033d30f151bb87568386769) c:\program files\windows media connect\mswmccds.exe
00:46:45.0576 3996 WmcCds - ok
00:46:45.0656 3996 WmcCdsLs (04f5e2ec7e85aef99b9b882141f62b7c) C:\Program Files\Windows Media Connect\mswmcls.exe
00:46:45.0656 3996 WmcCdsLs - ok
00:46:45.0726 3996 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
00:46:45.0736 3996 WmdmPmSN - ok
00:46:46.0046 3996 Wmi (1081c185aed0660b2b5f173c3e023b23) C:\WINDOWS\System32\advapi32.dll
00:46:46.0056 3996 Wmi - ok
00:46:46.0237 3996 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:46:46.0257 3996 WmiApSrv - ok
00:46:46.0347 3996 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
00:46:46.0357 3996 WpdUsb - ok
00:46:46.0477 3996 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
00:46:46.0507 3996 wscsvc - ok
00:46:46.0567 3996 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:46:46.0567 3996 WSTCODEC - ok
00:46:46.0617 3996 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
00:46:46.0617 3996 wuauserv - ok
00:46:46.0817 3996 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
00:46:46.0938 3996 WZCSVC - ok
00:46:47.0068 3996 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
00:46:47.0108 3996 xmlprov - ok
00:46:47.0198 3996 ZTEusbmdm6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
00:46:47.0238 3996 ZTEusbmdm6k - ok
00:46:47.0338 3996 ZTEusbnmea (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
00:46:47.0378 3996 ZTEusbnmea - ok
00:46:47.0468 3996 ZTEusbser6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
00:46:47.0508 3996 ZTEusbser6k - ok
00:46:47.0608 3996 ZTEusbvoice (19abacf26ae8fe25ed6e4909cdb44a79) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
00:46:47.0639 3996 ZTEusbvoice - ok
00:46:47.0749 3996 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:46:48.0680 3996 \Device\Harddisk0\DR0 - ok
00:46:48.0710 3996 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR10
00:47:01.0158 3996 \Device\Harddisk1\DR10 - ok
00:47:01.0198 3996 Boot (0x1200) (497526854a0ac4f97b90bfa146b5b248) \Device\Harddisk0\DR0\Partition0
00:47:01.0198 3996 \Device\Harddisk0\DR0\Partition0 - ok
00:47:01.0218 3996 Boot (0x1200) (021b168a74ebe357b51a0fb74c705bda) \Device\Harddisk1\DR10\Partition0
00:47:01.0218 3996 \Device\Harddisk1\DR10\Partition0 - ok
00:47:01.0218 3996 ============================================================
00:47:01.0218 3996 Scan finished
00:47:01.0218 3996 ============================================================
00:47:01.0288 5936 Detected object count: 0
00:47:01.0288 5936 Actual detected object count: 0

::::::::::::::::::::::::::::::::::: ESET log :::::::::::::::::::::::::::::::::::
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=01f42d4401f3bb438f9d3704a7915732
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-01 08:51:07
# local_time=2012-06-02 02:21:07 (+0530, India Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 391671739 391671739 0 0
# compatibility_mode=4864 16777215 100 0 229905069 229905069 0 0
# compatibility_mode=8192 67108863 100 0 391210213 391210213 0 0
# scanned=65921
# found=556
# cleaned=0
# scan_time=12605
C:\autorun.inf INF/Autorun.gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Games.exe Win32/VB.NJS worm (unable to clean) 00000000000000000000000000000000 I
C:\rytfe.pif Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Desktop\OTL.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Desktop\WVCheck.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Desktop\My Files\Images\Games.exe Win32/VB.NJS worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Desktop\My Files\Images\Photos.exe Win32/VB.NJS worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Audio.exe Win32/AutoRun.FlyStudio.CI worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Games.exe Win32/VB.NJS worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\My Videos.exe Win32/AutoRun.FlyStudio.CI worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Photos.exe Win32/VB.NJS worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Pictures.exe Win32/VB.NJS worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Received.exe Win32/AutoRun.FlyStudio.CI worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\songs.exe a variant of Win32/VB.NGQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Ebook\Images.exe Win32/AutoRun.FlyStudio.CI worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\G1JKAC6D.W7R\0B0KTNLQ.0AW\clic...exe_9a8dfcd080ccb114_000 1.0002_none_19406a39b53cc9ad\GoogleUpdateSetup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\G1JKAC6D.W7R\0B0KTNLQ.0AW\goog...app_9a8dfcd080ccb114_000 1.0002_7140c0fbcca31fb8\GoogleUpdateSetup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Local Settings\Temp\set1CE.tmp Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\DatacardService\Temp\Tata Photon+\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CertRequest.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CSCredH.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CSIPSec.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CSPunchIt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CSQFINST.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SYSTEMIL2.EXE Win32/VB.NJS worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\amareshr\Application Data\Microsoft\Installer\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}\NewShortcut11_36495C59089C49D1BD159E5BD86DC9A1.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\amareshr\Application Data\Microsoft\Installer\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}\NewShortcut1_36495C59089C49D1BD159E5BD86DC9A1.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\amareshr\Desktop\CardMan_4000_V3_5_0_10.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\amareshr\Local Settings\Temp\CorpSec\ITGSecLogOnGPExec.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Drivers\net\PROUnstl.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Drivers\net\WINDOWS\DRIVERS\IA32\8255xdel.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Drivers\net\WINDOWS\DRIVERS\IA32\PROUnstl.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Drivers\net\WINDOWS\NMS\IA32\NMSSvc.Exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Drivers\net\WINDOWS\NMS\IA32\RegSvr32.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Drivers\net\WINDOWS\NMS\IA32\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Drivers\net\WINDOWS\NMS\IA32\_ISDel.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Drivers\net\WINDOWS\PROSet2\IA32\instmsiA.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Drivers\net\WINDOWS\PROSet2\IA32\instmsiW.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Drivers\net\WINDOWS\PROSet2\IA32\PROMon.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Drivers\net\WINDOWS\PROSet2\IA32\ProNT4.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Drivers\net\WINDOWS\PROSet2\IA32\PROSet.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Drivers\net\WINDOWS\PROSet2\IA32\_ISDel.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Drivers\tosh\DrvUpdt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Drivers\tosh\install.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Drivers\tosh\p350vidx.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DTToys\Toysel32.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DTToys\UDilbert.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Chinese-Simplified\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Chinese-Simplified\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Chinese-Simplified\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Chinese-Traditional\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Chinese-Traditional\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Chinese-Traditional\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Danish\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Danish\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Danish\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Dutch\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Dutch\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Dutch\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\English\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\English\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\English\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Finnish\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Finnish\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Finnish\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\French\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\French\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\French\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\German\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\German\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Italian\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Italian\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Italian\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Japanese\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Japanese\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Japanese\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Korean\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Korean\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Korean\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Norwegian\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Norwegian\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Norwegian\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Portuguese\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Portuguese\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Portuguese\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Spanish\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Spanish\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Spanish\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Swedish\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Swedish\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WIN2K\Swedish\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Chinese-Simplified\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Chinese-Simplified\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Chinese-Simplified\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Chinese-Simplified\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Chinese-Simplified\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Chinese-Traditional\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Chinese-Traditional\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Chinese-Traditional\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Chinese-Traditional\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Chinese-Traditional\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Danish\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Danish\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Danish\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Danish\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Danish\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Dutch\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Dutch\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Dutch\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Dutch\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Dutch\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\English\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\English\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\English\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\English\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\English\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Finnish\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Finnish\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Finnish\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Finnish\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Finnish\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\French\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\French\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\French\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\French\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\French\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\German\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\German\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\German\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\German\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\German\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Italian\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Italian\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Italian\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Italian\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Italian\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Japanese\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Japanese\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Japanese\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Japanese\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Japanese\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Korean\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Korean\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Korean\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Korean\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Korean\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Norwegian\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Norwegian\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Norwegian\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Norwegian\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Norwegian\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Portuguese\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Portuguese\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Portuguese\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Portuguese\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Portuguese\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Spanish\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Spanish\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Spanish\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Spanish\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Spanish\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Swedish\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Swedish\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Swedish\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Swedish\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\DVDRam.temp\Driver\WINXP\Swedish\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Adobe\Adobe Help Viewer\1.0\ahv.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\ADB2.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\PsaProxy.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A80000000002}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Analog Devices\SoundMAX\AEEnable.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Analog Devices\SoundMAX\install.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Analog Devices\SoundMAX\RemADI.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Analog Devices\SoundMAX\Remove.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Analog Devices\SoundMAX\SMAgentI.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Analog Devices\SoundMAX\SMAgentX.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Analog Devices\SoundMAX\SMWizard.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Apoint2K\Apoint.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Apoint2K\Ezcapt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Apoint2K\EzPopup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Apoint2K\Uninstap.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Audio Converter\audconv.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Audio Converter\unins000.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Audio Converter\WMFDist.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Beetel Connection Manager\ejectdisk.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Beetel Connection Manager\USBDriverInstaller_x86.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\CA\SharedComponents\ScanEngine\SigCheck.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\CA\SharedComponents\ScanEngine\UnCfgEng.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdaterInstallMgr.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver2.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\patch-j2re1.4.2_06-b03\patchjre.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2_05-b04\patch-j2re1.4.2_05-b04\patchjre.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_02.b09\launcher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_02.b09\patchjre.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05\launcher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05\patchjre.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamServr.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Logitech\QCDRV\BIN\DelDev.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Logitech\QCDRV\BIN\InstFiles.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Logitech\QCDRV\BIN\InstMed.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Logitech\QCDRV\BIN\Launcher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Logitech\QCDRV\BIN\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Logitech\QCDRV\BIN\Shutdown.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Logitech\QCDRV\BIN\Slaunch.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Logitech\QCDRV\BIN\StripInf.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Logitech\QCDRV\BIN\Update.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Logitech\QCDRV\BIN\VidCtrl2.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Microsoft Shared\NoteSync Forms\InkForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Microsoft Shared\NoteSync Forms\VoiceFrm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ACECNFLT.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\DVD-RAM\WinXP\DVD-RAM Driver\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\DVD-RAM\WinXP\DVD-RAM Driver\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Google\Google Talk\googletalk-1.0.0.100\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Google\Google Talk\googletalk-1.0.0.66\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Google\Google Talk\googletalk-1.0.0.68\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Google\Google Talk\googletalk-1.0.0.70\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Google\Google Talk\googletalk-1.0.0.72\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Google\Google Talk\googletalk-1.0.0.76\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Google\Google Talk\googletalk-1.0.0.78\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Google\Google Talk\googletalk-1.0.0.80\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Google\Google Talk\googletalk-1.0.0.82\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Google\Google Talk\googletalk-1.0.0.84\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Google\Google Talk\googletalk-1.0.0.86\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Google\Google Talk\googletalk-1.0.0.92\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Google\Google Talk\googletalk-1.0.0.96\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Google\Google Talk\googletalk-1.0.0.98\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{2A30052B-831C-41D3-8044-3C0388066350}\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{517EC706-7C7B-41D4-B9C0-D7FD673DEB57}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{53554FA3-F658-40F4-A7C6-4CD6F776A8F0}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{7C21EEE0-E6FD-11D4-BD19-00D0B702AEC0}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{C880E328-DA82-47F2-B429-3E42C73C7549}\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{D14E3D40-2004-11D3-BFBF-00A0248F3321}\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InterVideo\WinDVD4\WinDVD.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\cm_info.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\ConfigureOneCare.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\CSAVCHK.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\CSCERINS.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\CSCredH.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\CSICF.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\CSICFX2b.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\CSPunchIt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\CSPwdChk.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\CSQFINST.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\eAVADx86.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\EAVAudit.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\GCSSHA.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\ipcmdqfe.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\IPCMDXP2.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\IPSecCheck.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\IPSecCheckServer.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\ipseccmd.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\PatchIT.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\PatchITServer.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\SCardCln.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\IT Connection Manager\SRUDiags.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\ItsDeductibleEX\ItsDeductibleEX.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\ItsDeductibleEX\ItsDEX.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\ItsDeductibleEX\mdac_typ.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\ItsDeductibleEX\TXFCreate2004.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_05\bin\java.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_05\bin\javaw.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_05\bin\jpicpl32.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_05\bin\keytool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_05\bin\kinit.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_05\bin\klist.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_05\bin\ktab.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_05\bin\orbd.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_05\bin\policytool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_05\bin\rmid.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_05\bin\rmiregistry.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_05\bin\servertool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_05\bin\tnameserv.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_05\javaws\javaws.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_06\bin\java.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_06\bin\jpicpl32.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_06\bin\keytool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_06\bin\kinit.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_06\bin\klist.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_06\bin\ktab.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_06\bin\orbd.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_06\bin\policytool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_06\bin\rmid.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_06\bin\rmiregistry.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_06\bin\servertool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_06\bin\tnameserv.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\j2re1.4.2_06\javaws\javaws.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_02\bin\java.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_02\bin\javacpl.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_02\bin\javaws.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_02\bin\keytool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_02\bin\kinit.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_02\bin\klist.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_02\bin\ktab.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_02\bin\orbd.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_02\bin\pack200.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_02\bin\policytool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_02\bin\rmid.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_02\bin\rmiregistry.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_02\bin\servertool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_02\bin\tnameserv.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_06\bin\java.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_06\bin\javacpl.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_06\bin\javaws.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_06\bin\keytool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_06\bin\kinit.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_06\bin\klist.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_06\bin\ktab.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_06\bin\orbd.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_06\bin\pack200.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_06\bin\policytool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_06\bin\rmid.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_06\bin\rmiregistry.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_06\bin\servertool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.5.0_06\bin\tnameserv.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\QuickCamWebInstall\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\QuickCamWebInstall\AppInst\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\QuickCamWebInstall\Codec\SP1patch.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\CamServr.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\CamWizrd.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\DelDev.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\InstFiles.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\InstMed.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\Launcher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\Shutdown.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\Slaunch.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\StripInf.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\Update.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\VidCtrl2.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\QuickCamWebInstall\WMF8\WMFDist.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\QuickCamWebInstall\WMF9\wmfdist.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\AlbumDB2.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\AOLMWiz.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\Bridge.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\CamEntry.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\Editor2.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\FWHlpApp.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\FWSetDlg.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\ISStart.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\Launcher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\LgFwUpg.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\LogiMail.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\LogiTray.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\ManifestEngine.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\QSend.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\QSync.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\RadarContainer.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\RoxioTarget.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Logitech\Video\WaveChk.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\ltmoh\ltmoh.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Maxtor\OneTouch\Drivers\USB\mxoaldr.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Maxtor\OneTouch\Drivers\USB\mxonttry.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Maxtor\OneTouch\Drivers\USB\mxostray.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Maxtor\OneTouch\Utils\MaxUtilities.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Maxtor\OneTouch\Utils\updateRegs.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Messenger\Msmsgs.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft\Communicator Mobile\Smartphone 2003 SE\Setup\PCInstaller.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft ActiveSync\GlobalContactAccess\Uninstall.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft ActiveSync\Smartphlow\Uninstall.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft ActiveSync\SmartphlowSP\Uninstall.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft ActiveSync\VirtualEarthMobile\Uninstall.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft ActiveSync\Weather\Uninstall.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft ActiveSync\Windows Media Player\ceappmgr.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft ActiveSync\Windows Media Player\_instHPCAll.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft ActiveSync\Windows Media Player\_unrmhpcAll.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Office\Office12\DRAT.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Office\Office12\GrooveClean.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Office\Office12\GrooveMigrator.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Office\Office12\GrooveStdURLLauncher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Plaxo\InstallStub.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Plaxo\PlaxoHelper.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Potala Software\Potala Telly\wmnall.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\QuickTime\PictureViewer.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\QuickTime\QTInfo.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\QuickTime\qttask.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\QuickTime\QuickTimePlayer.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\QuickTime\QTSystem\ExportController.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\muvee autoProducer 6.1 Seagate Edition\muveeapp.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\muvee autoProducer 6.1 Seagate Edition\Flash\loader_pc_mprojector.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\muvee autoProducer 6.1 Seagate Edition\Flash\fscommand\applauncher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Encryption\MaxtorEncryption.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Encryption\SFELauncher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Encryption\SFEPasswordDialog.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\ManagerApp\monFDE.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\ManagerApp\stxmanager.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\ManagerApp\UpdateCheck.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\InstallSeagateManager.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\demo32.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\Seagate_Manager.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\start.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\BP\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\Carbonite\CarboniteSetupLiteSeagatePreinstaller.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\DE\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\EN\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\ES\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\FR\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\IT\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\JP\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\KR\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\Muvee\setup_launcher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\Muvee\w9xpopen.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\Muvee\aP\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\Muvee\reveal\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\Muvee\reveal\bin\windowsinstaller-kb893803-v2-x86.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\Muvee\reveal\bin\wmfdist95.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\RU\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\SCH\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\TCH\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\System Center Operations Manager 2007\MonitoringHost.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\TATA DOCOMO 3G\Diagnoses.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\TATA DOCOMO 3G\EXETimer.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\TATA DOCOMO 3G\Reload.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\TATA DOCOMO 3G\Replug.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\TATA DOCOMO 3G\ResetCDROM.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\TATA DOCOMO 3G\TATA DOCOMO 3G.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Theme Generator Smartphone\MSTG.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Acceleration Utilities\InputSink\TInSMain.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Acceleration Utilities\Property\TAclProp.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\BIP_Camera.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\BTWLANDP.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ECCenter.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\SCenter.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tbpwiz.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtInit.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtNCS.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtNSS.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtPCS.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtPSS.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosKeyboardHook.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosMkUtil.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosMouseHook.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\WirelessFTP.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\ConfigFree\CFAssoc.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\ConfigFree\CFBTSrch.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\ConfigFree\CFDialUp.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\ConfigFree\cfmain.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\ConfigFree\cfscr.scr Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\ConfigFree\CFSec.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\ConfigFree\CFSServ.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\ConfigFree\CFView.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\ConfigFree\CFWAN.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\ConfigFree\diagnote.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\ConfigFree\NDSBrow.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\ConfigFree\NDSDiag.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\ConfigFree\ProfGen.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\ConfigFree\ProfPass.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\ConfigFree\redirect.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\ConfigFree\_CFToken.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\ConfigFree\_CFTokenN.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\CrossMenu\AISMain.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\PCDiag\cdromtest.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\PCDiag\devlist.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\PCDiag\fddtest.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\PCDiag\hddrivetest.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\PCDiag\memtest.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\PCDiag\miditest.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\PCDiag\PCDiag.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\PCDiag\wavetest.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\SD Format\TOSSDfmt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\TapButton\TapButt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\TapButton\TTapProp.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\TME3\DockMode.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\TME3\TMERzCtl.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\TME3\TMESRV31.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\TOSHIBA Console\TInTouch.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\TOSHIBA Rotation Utility\SetOrien.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\TOSHIBA SD Memory Utilities\TOSSDfmt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\TouchED\TouchED.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\TSigReco\TSigRgst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Windows Utilities\TACSPROP.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Windows Utilities\ThotUtil.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Toshiba\Windows Utilities\SVPWTool\TOSPU.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Visimation\Generate Opportunity Map\chktrust.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Installer Clean Up\msicuu.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Installer Clean Up\MsiZap.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Media Connect\mswmcls.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Media Connect\Redist\wmfdist95.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Media Player\wmlaunch.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Media Player\wmpenc.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Media Player\wmsetsdk.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows NT\hypertrm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Yahoo!\Common\unyt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Yahoo!\Installs\ymsgrie.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\agrsmdel.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\InstDrvr.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\IsUn0411.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\IsUninst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\MXOALDR.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\songs.exe a variant of Win32/VB.NGQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\svae_unst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\SYSTEMIL.EXE Win32/VB.NJS worm (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\Driver Cache\p350vidx.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\LVCOMSX.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\SVCHOST32.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\WindowsXP-KB824133-x86-ENU.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\XP-1718E4C3.EXE Win32/AutoRun.FlyStudio.CI worm (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\VPCache\RDM00558\ScanWrapper.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\VPCache\RDM00558\SmsWusHandler.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\VPCache\RDM0065E\ScanWrapper.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I

Thanks

mambass · 01-Jun-2012, 08:31 PM **#15**

Hi FlourishDNA,

I've reviewed your logs and I'm afraid that I have some bad news.

Among other infections, your computer is infected with a severe polymorphic file infector known.as sality that has backdoor functionality. You can read more about it here.

A backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge.
A backdoor compromises system integrity by making changes to the system that allow it to be used by the attacker for malicious purposes unknown to the user.
Typically it's installed without user interaction through security exploits and can severely compromise system security.
Such infections may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files and install additional malware.
These backdoor infections may also collect and transmit personally identifiable information without your consent and severely degrade the performance and stability of your computer.
A backdoor infection can give intruders complete control of your computer, log your keystrokes, obtain passwords, steal personal information, etc.

You are strongly advised to do the following:

Disconnect the computer from the Internet and from any networked computers until it is cleaned.
Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft
and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
From a clean computer, change all your passwords
(ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, any online activity you perform, requiring a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

Due to its file infector and backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. The file infector changes so many files and registry entries that recovery may very well not be possible. Many of the most highly respected helpers at forums such as this would not even offer the option to attempt repairing the system given the massive changes that have likely been made.
Many experts in the security community believe that, once infected with this type of file infector, the only course of action would be to reformat the disk and re-install the operating system (OS).
The decision as to whether we should attempt to clean your system will have to be made by you. Even if we can get it back to a usable state, please understand that you will never be able to trust this computer unless you reformat the disk and reinstall the operating system.

To help you understand more, please take some time to read the following articles:
Virut and other File infectors – Throwing in the Towel?
When should I re-format and reinstall my OS
What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
How to use Backup to protect data and restore files and folders

Please let me know how you would like to proceed.

mambass

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Solved: Unable to run Msconfig, Task Manager and Creates Photos.exe, support.exe, etc.

Find the solution to your computer problem!

Find the solution to your
computer problem!