1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unable to run Msconfig, Task Manager and Creates Photos.exe, support.exe, etc.

Discussion in 'Virus & Other Malware Removal' started by FlourishDNA, May 27, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. FlourishDNA

    FlourishDNA Thread Starter

    Joined:
    May 27, 2012
    Messages:
    14
    Hi,

    Description of the issue:
    I am unable to run Msconfig and Task Manager. Whenever I insert my brand new US drive it automatically creates Photos.exe, support.exe, songs.exe, sources.exe, upgrade.exe and Documents.exe directry in the USB drive. I cant even install Antivirus or go to Safe Mode. Whenever I try to go to Safe Mode my laptop automatically reboots.

    My Laptop Details:
    OS: Windows XP Tablet PC Edition 2005 (SP 2).
    System: Toshiba Portege

    HijackThis Report
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:39:08 PM, on 1/3/2000
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
    C:\Program Files\Toshiba\TapButton\TapButt.exe
    C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
    C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
    C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\windows\SYSTEMIL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\SVCHOST32.EXE
    C:\WINDOWS\system32\XP-1718E4C3.EXE
    C:\WINDOWS\songs.exe
    C:\windows\SYSTEMIL.EXE
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SYSTEMIL2.EXE
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\System Center Operations Manager 2007\HealthService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\IT Connection Manager\SRUserService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = itgproxy.redmond.corp.microsoft.com:80
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
    O4 - HKLM\..\Run: [TapButt] C:\Program Files\Toshiba\TapButton\TapButt.exe
    O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
    O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
    O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
    O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
    O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
    O4 - HKLM\..\Run: [Sensiva] "C:\Symbol Commander\Sensiva.exe"
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    O4 - HKLM\..\Run: [SystemIL] c:\windows\SYSTEMIL.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [MyApp] C:\WINDOWS\system32\SVCHOST32.EXE
    O4 - HKLM\..\Run: [XP-1718E4C3] C:\WINDOWS\system32\XP-1718E4C3.EXE
    O4 - HKLM\..\Run: [System File] C:\WINDOWS\songs.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SystemIL] c:\windows\SYSTEMIL.EXE
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-1718E4C3.EXE
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: SYSTEMIL2.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://msw
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147211606575
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fareast.corp.microsoft.com
    O17 - HKLM\Software\..\Telephony: DomainName = fareast.corp.microsoft.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fareast.corp.microsoft.com
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

    --
    End of file - 9689 bytes


    Thanks
     
  2. FlourishDNA

    FlourishDNA Thread Starter

    Joined:
    May 27, 2012
    Messages:
    14
    anyone around? My laptop is unusable for last 3 days. I cant do any work without it. I have been waiting for more then 3 days. I am sorry but I had to reply.
     
  3. mambass

    mambass Malware Specialist

    Joined:
    Apr 11, 2008
    Messages:
    141
    Hi FlourishDNA, :)

    Welcome to the Tech Support Guy's Virus & Other Malware Removal forum.

    My nickname is mambass and I'll be helping you with any malware problems.

    Before we begin...please read and follow these important guidelines so things will proceed smoothly.

    1. The instructions being given are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
    2. Please read all instructions carefully before executing them and perform the steps in the order given.
      lf you have any questions or problems executing these instructions, <<STOP>> do not proceed but rather post back with the question or problem.
    3. Your security programs may give warnings for some of the tools I will ask you to use. Be assured that any links I give are safe.
    4. You must have Administrator rights permissions for this computer.
    5. DO NOT run any other fix or removal tools unless instructed to do so!
    6. DO NOT install any other software or hardware during the cleaning process. This adds more items to be researched.
    7. Only post your problem at one (1) help site. Applying fixes from multiple help sites can cause problems.
    8. Only reply to this thread. Do not start another thread.
    9. The absence of symptoms does not imply the absence of malware. Please, continue responding, until I give you the "All Clean".
    10. You might want to place a link to this thread in your Favorites/Bookmarks for easy access.
    11. The logs I request can take a while to research, so please be patient.
    Because of this, I advise you to backup any personal files and folders before you start.

    How to back up or transfer your data on a Windows-based computer

    -----------------------------------------------------------

    Please read the post entitled Everyone MUST read this BEFORE posting for help in this forum. You performed Step 1 of the instructions. Please perform the remaining instruction steps beginning at Step 2.

    Note also the statement concerning Corporate/Company owned computers. I notice that you are running program C:\WINDOWS\system32\CCM\CcmExec.exe which is a component of the SMS product which is usually only used in a business environment. Please let me know if this computer is used in a business network.

    Finally, the log indicates that you are running XP SP2 (Service Pack 2). Is there a reason that you haven't upgraded to XP SP3 which was released 4 years ago?

    Thanks,

    mambass
     
  4. FlourishDNA

    FlourishDNA Thread Starter

    Joined:
    May 27, 2012
    Messages:
    14
    Hi mambass,

    Thanks a lot for the reply. This laptop was given to me by my uncle who works for Microsoft and he use to use it for his business purpose. It looks like he has installed bunch of Business software which I dont need them any more. I didnt upgrade the software because I was not using it, but my brother was using it to watch movies and do some school assignments. The system got infected when he inserted his friends pen driver. Now I want to upgrade the OS but the virus is not allowing me to do so.

    Thanks
     
  5. mambass

    mambass Malware Specialist

    Joined:
    Apr 11, 2008
    Messages:
    141
    Hi FlourishDNA, :)

    It's important that you DO NOT upgrade to SP3 until after I tell you that we have removed all malware from your computer. At that point it will be essential that you upgrade to SP3.

    I look forward to seeing your DDS and GMER logs.

    mambass
     
  6. FlourishDNA

    FlourishDNA Thread Starter

    Joined:
    May 27, 2012
    Messages:
    14
    Hi mambass,

    Sorry for the delay. It took ages for me to scan GMER Log. Here are the log details.

    ::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GMER :::::::::::::::::::::::::::::::::::::::::::::::::::::::::

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2000-01-07 01:50:06
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 rev.
    Running: 3u01rgkv.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwliipob.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9FCD340, 0x1066EF, 0xF8000020]
    .text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D6300, 0x234BE0, 0xF8000020]
    ? C:\WINDOWS\system32\drivers\npgil.sys The system cannot find the file specified. !
    ? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwliipob.sys The system cannot find the file specified. !

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs ino_flpy.sys (CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/XP/2003/Vista/Computer Associates)
    AttachedDevice \FileSystem\Fastfat \Fat ino_flpy.sys (CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/XP/2003/Vista/Computer Associates)
    ---- Processes - GMER 1.0.15 ----

    Library C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\krnln.fnr (*** hidden *** ) @ C:\WINDOWS\system32\XP-1718E4C3.EXE [1400] 0x10000000
    Library C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\com.run (*** hidden *** ) @ C:\WINDOWS\system32\XP-1718E4C3.EXE [1400] 0x00B80000
    Library C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\dp1.fne (*** hidden *** ) @ C:\WINDOWS\system32\XP-1718E4C3.EXE [1400] 0x016B0000
    Library C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\shell.fne (*** hidden *** ) @ C:\WINDOWS\system32\XP-1718E4C3.EXE [1400] 0x017E0000
    Library C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\eAPI.fne (*** hidden *** ) @ C:\WINDOWS\system32\XP-1718E4C3.EXE [1400] 0x01910000
    Library C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\internet.fne (*** hidden *** ) @ C:\WINDOWS\system32\XP-1718E4C3.EXE [1400] 0x029E0000

    ---- Services - GMER 1.0.15 ----

    Service C:\WINDOWS\system32\tlntsvr.exe (*** hidden *** ) [DISABLED] TlntSvr <-- ROOTKIT !!!

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg@Description Registry Server
    Reg HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths
    Reg HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths@Machine System\CurrentControlSet\Control\ProductOptions?System\CurrentControlSet\Control\Print\Printers?System\CurrentControlSet\Control\Server Applications?System\CurrentControlSet\Services\Eventlog?Software\Microsoft\OLAP Server?Software\Microsoft\Windows NT\CurrentVersion?System\CurrentControlSet\Control\ContentIndex?System\CurrentControlSet\Control\Terminal Server?System\CurrentControlSet\Control\Terminal Server\UserConfig?System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration?
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000250
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000250@04180fd5a30c 0x9A 0x8E 0x3F 0xA6 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@DisplayNameFile %SystemRoot%\System32\els.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@DisplayNameID 257
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@File %SystemRoot%\System32\config\SecEvent.Evt
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@MaxSize 30736384
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@PrimaryModule Security
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@Retention 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@Sources Spooler?ServiceModel 3.0.0.0?Security Account Manager?SC Manager?NetDDE Object?LSA?DS?Security?
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security@RestrictGuestAccess 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames@Directory Service Object 7680
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@PolicyObject 5632
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@SecretObject 5648
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@TrustedDomainObject 5664
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@UserAccountObject 5680
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames@DDE Share 7424
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames@SC_MANAGER Object 7168
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@CategoryCount 9
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@GuidMessageFile %SystemRoot%\System32\NtMarta.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@EventMessageFile %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\xpsp2res.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security@TypesSupported 28
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Channel 5120
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Desktop 6672
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Device 4352
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Directory 4368
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Event 4384
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@EventPair 4400
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@File 4416
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@IoCompletion 4864
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Job 5136
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Key 4432
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@MailSlot 4416
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Mutant 4448
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@NamedPipe 4416
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Port 4464
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Process 4480
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Profile 4496
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Section 4512
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Semaphore 4528
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@SymbolicLink 4544
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Thread 4560
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Timer 4576
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Token 4592
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@Type 4608
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@WaitablePort 4464
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames@WindowStation 6656
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_ALIAS 5424
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_DOMAIN 5392
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_GROUP 5408
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_SERVER 5376
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_USER 5440
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@TypesSupported 31
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryCount 3
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@ParameterMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventSourceFlags 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames@Document 6944
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames@Printer 6928
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames@Server 6912
    Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@Type 16
    Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@Start 4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@ErrorControl 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@ImagePath C:\WINDOWS\system32\tlntsvr.exe
    Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@DisplayName Telnet
    Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@DependOnService RPCSS?TCPIP?NTLMSSP?
    Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@DependOnGroup
    Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@ObjectName LocalSystem
    Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@Description Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\Security
    Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\Security@Security 0x01 0x00 0x14 0x80 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance
    Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Library C:\WINDOWS\system32\wbem\wmiaprpl.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Open WmiOpenPerfData
    Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Collect WmiCollectPerfData
    Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Close WmiClosePerfData
    Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 8042
    Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 8043
    Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 8018
    Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 8019
    Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 8018 8024 8036
    Reg HKLM\SYSTEM\ControlSet003\Control\SecurePipeServers\winreg@Description Registry Server
    Reg HKLM\SYSTEM\ControlSet003\Control\SecurePipeServers\winreg\AllowedPaths (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Control\SecurePipeServers\winreg\AllowedPaths@Machine System\CurrentControlSet\Control\ProductOptions?System\CurrentControlSet\Control\Print\Printers?System\CurrentControlSet\Control\Server Applications?System\CurrentControlSet\Services\Eventlog?Software\Microsoft\OLAP Server?Software\Microsoft\Windows NT\CurrentVersion?System\CurrentControlSet\Control\ContentIndex?System\CurrentControlSet\Control\Terminal Server?System\CurrentControlSet\Control\Terminal Server\UserConfig?System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration?
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f81000250 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f81000250@04180fd5a30c 0x9A 0x8E 0x3F 0xA6 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@DisplayNameFile %SystemRoot%\System32\els.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@DisplayNameID 257
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@File %SystemRoot%\System32\config\SecEvent.Evt
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@MaxSize 30736384
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@PrimaryModule Security
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@Retention 0
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@Sources Spooler?ServiceModel 3.0.0.0?Security Account Manager?SC Manager?NetDDE Object?LSA?DS?Security?
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security@RestrictGuestAccess 1
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS\ObjectNames (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS\ObjectNames@Directory Service Object 7680
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@PolicyObject 5632
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@SecretObject 5648
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@TrustedDomainObject 5664
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@UserAccountObject 5680
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\NetDDE Object (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\NetDDE Object@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\NetDDE Object\ObjectNames (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\NetDDE Object\ObjectNames@DDE Share 7424
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager\ObjectNames (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager\ObjectNames@SC_MANAGER Object 7168
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@CategoryCount 9
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@GuidMessageFile %SystemRoot%\System32\NtMarta.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@EventMessageFile %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\xpsp2res.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security@TypesSupported 28
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Channel 5120
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Desktop 6672
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Device 4352
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Directory 4368
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Event 4384
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@EventPair 4400
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@File 4416
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@IoCompletion 4864
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Job 5136
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Key 4432
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@MailSlot 4416
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Mutant 4448
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@NamedPipe 4416
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Port 4464
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Process 4480
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Profile 4496
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Section 4512
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Semaphore 4528
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@SymbolicLink 4544
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Thread 4560
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Timer 4576
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Token 4592
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@Type 4608
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@WaitablePort 4464
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security\ObjectNames@WindowStation 6656
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_ALIAS 5424
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_DOMAIN 5392
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_GROUP 5408
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_SERVER 5376
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_USER 5440
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@TypesSupported 31
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryCount 3
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@ParameterMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventSourceFlags 1
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames@Document 6944
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames@Printer 6928
    Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames@Server 6912
    Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@Type 16
    Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@Start 4
    Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@ErrorControl 1
    Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@ImagePath C:\WINDOWS\system32\tlntsvr.exe
    Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@DisplayName Telnet
    Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@DependOnService RPCSS?TCPIP?NTLMSSP?
    Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@DependOnGroup
    Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@ObjectName LocalSystem
    Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr@Description Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr\Security (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\TlntSvr\Security@Security 0x01 0x00 0x14 0x80 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@Library C:\WINDOWS\system32\wbem\wmiaprpl.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@Open WmiOpenPerfData
    Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@Collect WmiCollectPerfData
    Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@Close WmiClosePerfData
    Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@Last Counter 7390
    Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@Last Help 7391
    Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@First Counter 7366
    Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@First Help 7367
    Reg HKLM\SYSTEM\ControlSet003\Services\WmiApRpl\Performance@Object List 7366 7372 7384
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@Options 0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@Version 7536755
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@DSPath LDAP://CN=User,CN={774A3570-8052-439C-9D05-89CA8071C483},CN=POLICIES,CN=SYSTEM,DC=REDMOND,DC=CORP,DC=MICROSOFT,DC=COM
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@FileSysPath \\redmond.corp.microsoft.com\SysVol\redmond.corp.microsoft.com\Policies\{774A3570-8052-439C-9D05-89CA8071C483}\User
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@DisplayName WW-FolderRedirection-CBSS
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@Extensions [{25537BA6-77A8-11D2-9B6C-0000F8080861}{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}]
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@Link LDAP://DC=redmond,DC=corp,DC=microsoft,DC=com
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@GPOName {774A3570-8052-439C-9D05-89CA8071C483}
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@GPOLink 3
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{25537BA6-77A8-11D2-9B6C-0000F8080861}\0@lParam 0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@Options 0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@Version 786444
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@DSPath LDAP://CN=User,CN={9B24F3C4-0581-446B-92DF-6B4F3DBA65AA},CN=POLICIES,CN=SYSTEM,DC=REDMOND,DC=CORP,DC=MICROSOFT,DC=COM
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@FileSysPath \\redmond.corp.microsoft.com\SysVol\redmond.corp.microsoft.com\Policies\{9B24F3C4-0581-446B-92DF-6B4F3DBA65AA}\User
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@DisplayName EU-TrustedApplicationSigning - CSIT
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@Extensions [{C6DC5466-785A-11D2-84D0-00C04FB169F7}{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}]
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@Link LDAP://DC=redmond,DC=corp,DC=microsoft,DC=com
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@GPOName {9B24F3C4-0581-446B-92DF-6B4F3DBA65AA}
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@GPOLink 3
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@lParam 0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@Options 0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@Version 333190108
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@DSPath LDAP://CN=User,CN={C52B5368-2A6F-11D3-BB3C-00805FC792AD},CN=POLICIES,CN=SYSTEM,DC=REDMOND,DC=CORP,DC=MICROSOFT,DC=COM
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@FileSysPath \\redmond.corp.microsoft.com\SysVol\redmond.corp.microsoft.com\Policies\{C52B5368-2A6F-11D3-BB3C-00805FC792AD}\User
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@DisplayName WW-RedmondAppPublish-ArpSupp
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@Extensions [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{C6DC5466-785A-11D2-84D0-00C04FB169F7}{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}]
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@Link LDAP://DC=redmond,DC=corp,DC=microsoft,DC=com
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@GPOName {C52B5368-2A6F-11D3-BB3C-00805FC792AD}
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@GPOLink 3
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-1148795\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@lParam 0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@Options 0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@Version 786444
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@DSPath LDAP://CN=User,CN={9B24F3C4-0581-446B-92DF-6B4F3DBA65AA},CN=POLICIES,CN=SYSTEM,DC=REDMOND,DC=CORP,DC=MICROSOFT,DC=COM
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@FileSysPath \\redmond.corp.microsoft.com\SysVol\redmond.corp.microsoft.com\Policies\{9B24F3C4-0581-446B-92DF-6B4F3DBA65AA}\User
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@DisplayName EU-TrustedApplicationSigning - CSIT
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@Extensions [{C6DC5466-785A-11D2-84D0-00C04FB169F7}{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}]
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@Link LDAP://DC=redmond,DC=corp,DC=microsoft,DC=com
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@GPOName {9B24F3C4-0581-446B-92DF-6B4F3DBA65AA}
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@GPOLink 3
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\0@lParam 0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@Options 0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@Version 301011441
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@DSPath LDAP://CN=User,CN={C52B5368-2A6F-11D3-BB3C-00805FC792AD},CN=POLICIES,CN=SYSTEM,DC=REDMOND,DC=CORP,DC=MICROSOFT,DC=COM
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@FileSysPath \\redmond.corp.microsoft.com\SysVol\redmond.corp.microsoft.com\Policies\{C52B5368-2A6F-11D3-BB3C-00805FC792AD}\User
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@DisplayName WW-RedmondAppPublish-ArpSupp
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@Extensions [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{C6DC5466-785A-11D2-84D0-00C04FB169F7}{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}]
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@Link LDAP://DC=redmond,DC=corp,DC=microsoft,DC=com
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@GPOName {C52B5368-2A6F-11D3-BB3C-00805FC792AD}
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@GPOLink 3
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-2127521184-1604012920-1887927527-320382\History\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\1@lParam 0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Shutdown
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0@GPO-ID CN={6539F1D3-7704-4FC7-BBD7-43155D5F6153},CN=POLICIES,CN=SYSTEM,DC=FAREAST,DC=CORP,DC=MICROSOFT,DC=COM
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0@SOM-ID DC=fareast,DC=corp,DC=microsoft,DC=com
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0@FileSysPath \\fareast.corp.microsoft.com\SysVol\fareast.corp.microsoft.com\Policies\{6539F1D3-7704-4FC7-BBD7-43155D5F6153}\Machine
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0@DisplayName WW-VistaAuditPolicy-IdM
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0@GPOName {6539F1D3-7704-4FC7-BBD7-43155D5F6153}
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0\0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0\0@Script \\fareast.corp.microsoft.com\NETLOGON\AuditPolicy.cmd
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0\0@Parameters
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0\0@ExecTime 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1@GPO-ID CN={3BFB239E-3F7F-477C-B870-D6EB8801C65E},CN=POLICIES,CN=SYSTEM,DC=FAREAST,DC=CORP,DC=MICROSOFT,DC=COM
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1@SOM-ID DC=fareast,DC=corp,DC=microsoft,DC=com
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1@FileSysPath \\fareast.corp.microsoft.com\SysVol\fareast.corp.microsoft.com\Policies\{3BFB239E-3F7F-477C-B870-D6EB8801C65E}\Machine
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1@DisplayName WW-SMSDeployment-IdM
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1@GPOName {3BFB239E-3F7F-477C-B870-D6EB8801C65E}
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1\0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1\0@Script \\fareast.corp.microsoft.com\netlogon\sms\smsls.bat
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1\0@Parameters
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\1\0@ExecTime 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2@GPO-ID CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=POLICIES,CN=SYSTEM,DC=FAREAST,DC=CORP,DC=MICROSOFT,DC=COM
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2@SOM-ID DC=fareast,DC=corp,DC=microsoft,DC=com
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2@FileSysPath \\fareast.corp.microsoft.com\sysvol\fareast.corp.microsoft.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2@DisplayName WW-Default Account Policy-IdM
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2@GPOName {31B2F340-016D-11D2-945F-00C04FB984F9}
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2\0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2\0@Script killbrow.vbs
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2\0@Parameters
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\2\0@ExecTime 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logoff
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0@GPO-ID CN={87FD9CA5-0937-4258-A39E-24EAAD3117AA},CN=POLICIES,CN=SYSTEM,DC=REDMOND,DC=CORP,DC=MICROSOFT,DC=COM
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0@SOM-ID DC=redmond,DC=corp,DC=microsoft,DC=com
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0@FileSysPath \\redmond.corp.microsoft.com\SysVol\redmond.corp.microsoft.com\Policies\{87FD9CA5-0937-4258-A39E-24EAAD3117AA}\User
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0@DisplayName WW-VistaSelfHostEnroll-IdM
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0@GPOName {87FD9CA5-0937-4258-A39E-24EAAD3117AA}
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0\0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0\0@Script script_wrapper.cmd
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0\0@Parameters idwrac.vbs
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\0\0@ExecTime 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1@GPO-ID CN={7638BB4B-99A9-457C-9341-7D07C0C52399},CN=POLICIES,CN=SYSTEM,DC=REDMOND,DC=CORP,DC=MICROSOFT,DC=COM
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1@SOM-ID DC=redmond,DC=corp,DC=microsoft,DC=com
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1@FileSysPath \\redmond.corp.microsoft.com\SysVol\redmond.corp.microsoft.com\Policies\{7638BB4B-99A9-457C-9341-7D07C0C52399}\User
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1@DisplayName WW-OfficeSQMSettings-IdM
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1@GPOName {7638BB4B-99A9-457C-9341-7D07C0C52399}
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1\0
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1\0@Script script_wrapper.cmd
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1\0@Parameters empidtool.exe
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2127521184-1604012920-1887927527-1148795\Scripts\Logon\1\0@ExecTime 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf@
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services@
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services\WpdMtpDr
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services\WpdMtpDr@ImagePath WpdMtpDr.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services\WpdMtpDr@WdfHostProcessGUID {63432f85-815a-4a44-be78-cbdf484acd93}
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services\{63432f85-815a-4a44-be78-cbdf484acd93}
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services\{63432f85-815a-4a44-be78-cbdf484acd93}@WdfHostProcessImagePath C:\WINDOWS\system32\uWDF.exe
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services\{63432f85-815a-4a44-be78-cbdf484acd93}@WdfHostProcessExitTimeout 10
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf\Services\{63432f85-815a-4a44-be78-cbdf484acd93}@WdfHostProcessStartTimeout 10
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership@Group0 S-1-5-21-4070297603-538264583-3767469655-513
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership@Group1 S-1-1-0
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership@Group2 S-1-5-32-544
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership@Group3 S-1-5-32-545
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership@Group4 S-1-5-4
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership@Group5 S-1-5-11
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership@Group6 S-1-2-0
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership@Count 7

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- EOF - GMER 1.0.15 ----




    ::::::::::::::::::::::::::::::::::::::::::::::::::::::::: DDS :::::::::::::::::::::::::::::::::::::::::::::::::::::::::

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Administrator at 23:32:50 on 2000-01-06
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1056 [GMT 5.5:30]
    .
    AV: eTrust Antivirus *Enabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
    C:\Program Files\Toshiba\TapButton\TapButt.exe
    C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
    C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
    C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
    C:\WINDOWS\MXOALDR.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\windows\SYSTEMIL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\SVCHOST32.EXE
    C:\WINDOWS\songs.exe
    C:\windows\SYSTEMIL.EXE
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SYSTEMIL2.EXE
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\WINDOWS\system32\XP-1718E4C3.EXE
    C:\Program Files\Logitech\Video\FxSvr2.exe
    svchost.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\System Center Operations Manager 2007\HealthService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\IT Connection Manager\SRUserService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\system32\msiexec.exe
    D:\3u01rgkv.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = itgproxy.redmond.corp.microsoft.com:80
    uInternet Settings,ProxyOverride = <local>
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SystemIL] c:\windows\SYSTEMIL.EXE
    uRun: [msnmsgr] "c:\progra~1\msnmes~1\MsnMsgr.Exe" /background
    mRun: [Realtime Monitor] c:\progra~1\ca\etrust~1\realmon.exe -s
    mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [CrossMenu] c:\program files\toshiba\crossmenu\CrossMenu.exe
    mRun: [TapButt] c:\program files\toshiba\tapbutton\TapButt.exe
    mRun: [TAcelMgr] c:\program files\toshiba\acceleration utilities\tacelmgr\TAcelMgr.exe
    mRun: [TSkrMain] c:\program files\toshiba\acceleration utilities\shaker\TSkrMain.exe
    mRun: [TosRotation] "c:\program files\toshiba\toshiba rotation utility\TRot.exe"
    mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
    mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
    mRun: [Sensiva] "c:\symbol commander\Sensiva.exe"
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
    mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
    mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
    mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
    mRun: [MXOBG] c:\windows\MXOALDR.EXE
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [SystemIL] c:\windows\SYSTEMIL.EXE
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [MyApp] c:\windows\system32\SVCHOST32.EXE
    mRun: [XP-1718E4C3] c:\windows\system32\XP-1718E4C3.EXE
    mRun: [System File] c:\windows\songs.exe
    dRun: [TabletWizard] %windir%\help\wizard.hta
    dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    dRun: [Realtime Monitor] c:\program files\ca\etrust antivirus\realmon.exe -s
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\75cd~1.lnk - c:\windows\system32\XP-1718E4C3.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\SYSTEMIL2.EXE
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147211606575
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
    Notify: TabBtnWL - TabBtnWL.dll
    Notify: tpgwlnotify - tpgwlnot.dll
    STS: IE Component Categories cache daemon: {553858a7-4922-4e7e-b1c1-97140c1c16ef} - c:\windows\system32\ieframe.dll
    LSA: Authentication Packages = msv1_0 nwprovau
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2005-2-8 5888]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
    R2 HealthService;MOM Health Service;c:\program files\system center operations manager 2007\HealthService.exe [2006-8-29 12800]
    R2 SRUserService;IT Connection Manager;c:\program files\it connection manager\SRUserService.exe [2005-1-19 228152]
    R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2005-2-8 200704]
    R3 amsint32;amsint32;\??\c:\windows\system32\drivers\npgil.sys --> c:\windows\system32\drivers\npgil.sys [?]
    R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2005-2-8 8832]
    R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2005-2-7 13568]
    S3 cmbp0wdm;CardMan 4000;c:\windows\system32\drivers\cmbp0wdm.sys [2005-4-7 33142]
    S3 GPCCARD;GPCCARD;c:\windows\system32\drivers\gpccard.sys [2006-6-10 82176]
    S3 GPR400;GEMPLUS GPR400 PCMCIA Smart Card Reader;c:\windows\system32\drivers\gpr400.sys [2005-4-20 17408]
    S3 OMNCMBP;Omnikey AG CardMan 4000 PCMCIA Smart Card Reader;c:\windows\system32\drivers\cmbp0wdm.sys [2005-4-7 33142]
    S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [2001-2-4 107776]
    S4 AdtAgent;Event Forwarder;c:\windows\system32\AdtAgent.exe [2006-8-29 249856]
    .
    =============== Created Last 30 ================
    .
    2011-05-15 05:31:57 147456 ----a-w- c:\windows\songs.exe
    2010-10-15 18:07:11 -------- d-----w- c:\documents and settings\administrator\local settings\application data\WMTools Downloaded Files
    2010-05-23 06:33:04 -------- d-----w- c:\windows\ie8updates
    2010-05-22 06:48:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-05-22 06:48:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-05-22 06:48:23 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-05-22 06:48:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-05-22 06:48:19 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-05-17 07:24:04 -------- d-----w- c:\documents and settings\all users\application data\Seagate
    2010-05-17 07:23:21 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Downloaded Installations
    2010-05-17 07:23:14 -------- d-----w- c:\program files\Carbonite
    2010-05-17 07:23:13 -------- d-sh--w- c:\windows\ftpcache
    2010-05-17 07:21:59 -------- d-----w- c:\program files\Seagate
    2010-05-17 07:21:59 -------- d-----w- c:\program files\common files\muvee Technologies
    2010-05-17 04:31:40 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
    2010-05-17 04:30:36 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
    2010-05-17 04:24:44 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
    2010-05-17 04:06:23 -------- d-----w- C:\fdefcdb7e35ca747655eff4d2dee
    2010-05-17 03:53:34 -------- dc-h--w- c:\windows\ie8
    2010-05-17 03:51:28 -------- d-----w- c:\documents and settings\administrator\local settings\application data\PCHealth
    2010-05-16 06:34:09 -------- d-----w- c:\windows\ServicePackFiles
    2010-05-15 11:21:25 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Microsoft Help
    2010-02-04 00:06:10 17204608 ----a-w- c:\program files\common files\microsoft shared\office12\MSO.DLL
    2010-01-02 23:59:32 282624 ----a-w- c:\windows\SYSTEMIL.EXE
    2010-01-02 23:59:32 282624 ----a-w- C:\Games.exe
    2009-11-27 17:33:35 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
    2009-11-27 16:37:27 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
    2009-11-27 16:37:27 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
    2009-10-20 14:58:48 263552 -c----w- c:\windows\system32\dllcache\http.sys
    2009-10-09 17:40:46 2594632 ----a-w- c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL
    2009-08-19 11:37:18 1415000 ----a-w- c:\windows\system32\msxml6.dll
    2009-08-17 18:03:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
    2009-07-20 18:35:40 1348432 ----a-w- c:\windows\system32\msxml4.dll
    2009-07-02 12:38:01 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Temp
    2009-06-12 19:45:00 1661792 ----a-w- c:\program files\common files\microsoft shared\office12\OGL.DLL
    2009-06-04 03:25:58 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Logitech-LS
    2009-05-26 06:04:14 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Google
    2009-05-26 06:01:58 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Deployment
    2009-05-26 05:28:04 -------- d-----w- c:\program files\MSXML 6.0
    2009-05-25 19:44:48 -------- d-----w- c:\windows\system32\CatRoot_bak
    2009-05-25 19:18:13 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe
    2009-05-25 19:08:43 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2009-05-25 19:08:43 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2009-04-03 13:16:26 97640 ----a-w- c:\program files\common files\microsoft shared\office12\EXP_PDF.DLL
    2009-04-03 12:29:44 79728 ----a-w- c:\program files\common files\microsoft shared\office12\1033\xlsrvintl.dll
    2009-04-02 07:37:44 186240 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\office.en-us\OSETUPUI.DLL
    2009-04-02 07:37:10 6540120 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\OSETUP.DLL
    2009-04-02 07:36:52 439160 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\SETUP.EXE
    2009-04-02 07:36:42 231848 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\ODEPLOY.EXE
    2009-04-02 06:32:04 11632 ----a-w- c:\program files\common files\microsoft shared\office12\1033\OLBINTL.DLL
    2009-04-02 06:32:04 10339712 ----a-w- c:\program files\common files\microsoft shared\office12\1033\MSOINTL.DLL
    2009-04-02 06:32:02 45968 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\OSETUPPS.DLL
    2009-04-02 06:32:02 14720 ----a-w- c:\program files\common files\microsoft shared\smart tag\SmartTagInstall.exe
    2009-04-02 06:32:00 552816 ----a-w- c:\program files\common files\microsoft shared\office12\OFFLB.EXE
    2009-04-02 06:32:00 17792 ----a-w- c:\program files\common files\microsoft shared\office12\OPHPROXY.DLL
    2009-04-02 06:32:00 15760 ----a-w- c:\program files\common files\microsoft shared\office12\OPTINPS.DLL
    2009-04-02 06:32:00 12616 ----a-w- c:\program files\common files\microsoft shared\office12\OFFREL.DLL
    2009-04-02 06:31:58 6637936 ----a-w- c:\program files\common files\microsoft shared\office12\MSORES.DLL
    2009-04-02 06:31:58 42864 ----a-w- c:\program files\common files\microsoft shared\office12\MSSH.DLL
    2009-04-02 06:31:46 18816 ----a-w- c:\program files\common files\microsoft shared\office12\MSMH.DLL
    2009-04-02 06:31:44 70000 ----a-w- c:\program files\common files\microsoft shared\office12\LBGHOST.DLL
    2009-04-02 06:31:44 56680 ----a-w- c:\program files\common files\microsoft shared\office12\EXP_XPS.DLL
    2009-04-02 06:31:44 177520 ----a-w- c:\program files\common files\microsoft shared\smart tag\IETAG.DLL
    2009-03-08 08:52:46 1241088 ------w- c:\windows\system32\ieframe.dll.mui
    2009-03-08 08:52:30 49152 ------w- c:\windows\system32\msrating.dll.mui
    2009-03-08 08:52:18 2560 ------w- c:\windows\system32\mshta.exe.mui
    2009-03-08 08:51:06 4096 ------w- c:\windows\system32\ie4uinit.exe.mui
    2009-03-08 08:51:06 10240 ------w- c:\windows\system32\advpack.dll.mui
    2009-03-08 08:50:54 81920 ------w- c:\windows\system32\iedkcs32.dll.mui
    2009-03-07 23:05:32 742912 ------w- c:\program files\internet explorer\iedvtool.dll
    2009-03-07 23:05:12 233984 ------w- c:\program files\internet explorer\jsprofilerui.dll
    2009-03-07 23:05:04 2048 ------w- c:\program files\internet explorer\iecompat.dll
    2009-03-07 23:05:04 144384 ------w- c:\program files\internet explorer\ExtExport.exe
    2009-03-07 23:05:04 118272 ------w- c:\program files\internet explorer\JSProfilerCore.dll
    2009-03-07 23:05:02 521216 ------w- c:\program files\internet explorer\jsdbgui.dll
    2009-03-07 23:05:02 121344 ------w- c:\program files\internet explorer\jsdebuggeride.dll
    2009-03-07 23:03:18 12800 ----a-w- c:\program files\internet explorer\xpshims.dll
    2009-03-05 23:40:32 47472 ----a-w- c:\program files\common files\microsoft shared\office12\MSE7.EXE
    2009-03-05 21:17:58 575416 ----a-w- c:\program files\common files\microsoft shared\office12\ACEDAO.DLL
    2009-03-05 21:17:58 47008 ----a-w- c:\program files\common files\microsoft shared\office12\ACEERR.DLL
    2009-03-05 21:17:58 190400 ----a-w- c:\program files\common files\microsoft shared\office12\ACEES.DLL
    2009-03-05 21:17:56 1759136 ----a-w- c:\program files\common files\microsoft shared\office12\ACECORE.DLL
    2009-02-13 23:34:38 756040 ----a-w- c:\program files\common files\microsoft shared\office12\MSPTLS.DLL
    2009-02-05 06:07:00 1117568 ----a-w- c:\program files\common files\microsoft shared\filters\offfiltx.dll
    2009-01-07 12:50:54 134144 -c----w- c:\windows\system32\dllcache\sqmapi.dll
    2009-01-07 12:50:54 134144 ------w- c:\program files\internet explorer\sqmapi.dll
    2009-01-07 12:50:38 24576 ----a-w- c:\windows\system32\nlsdl.dll
    2009-01-07 12:50:18 355832 ------w- c:\program files\internet explorer\pdm.dll
    2009-01-07 12:50:18 265720 ----a-w- c:\windows\system32\msdbg2.dll
    2008-12-15 10:34:33 122880 ----a-w- c:\windows\system32\SVCHOST32.EXE
    2008-12-03 23:30:58 969552 ----a-r- c:\program files\common files\microsoft shared\textconv\wkcvqd01.dll
    2008-12-03 23:30:58 279904 ----a-r- c:\program files\common files\microsoft shared\textconv\wkls31.dll
    2008-12-03 23:30:58 162640 ----a-r- c:\program files\common files\microsoft shared\textconv\wkcvqr01.dll
    2008-11-24 16:47:18 983944 ----a-w- c:\program files\common files\microsoft shared\web server extensions\12\bin\FPWEC.DLL
    2008-11-20 18:32:30 988040 ----a-w- c:\program files\common files\microsoft shared\office12\msoshext.dll
    2008-11-20 18:28:22 972632 ----a-w- c:\program files\common files\microsoft shared\web folders\MSONSEXT.DLL
    2008-11-20 18:28:20 1011544 ----a-w- c:\program files\common files\system\ole db\MSDAIPP.DLL
    2008-11-10 06:08:42 27000 ----a-w- c:\program files\common files\microsoft shared\euro\MSOEURO.DLL
    2008-11-09 20:57:52 31592 ----a-w- c:\program files\common files\microsoft shared\filters\msgfilt.dll
    2008-11-03 22:43:02 118128 ----a-w- c:\program files\common files\microsoft shared\textconv\MSCONV97.DLL
    2008-11-03 22:36:08 208816 ----a-w- c:\program files\common files\microsoft shared\office12\ACEWSS.DLL
    2008-11-03 22:19:02 66424 ----a-w- c:\program files\common files\microsoft shared\office12\MSOMSE.DLL
    2008-11-03 22:19:02 460680 ----a-w- c:\program files\common files\microsoft shared\office12\MODHELP.DLL
    2008-11-03 21:39:04 77200 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWSTRUCT.DLL
    2008-11-03 21:39:04 532872 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\XPAGE3C.DLL
    2008-11-03 21:39:04 19840 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWRECS.DLL
    2008-11-03 21:39:04 1196944 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\XIMAGE3B.DLL
    2008-11-03 21:39:02 58224 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWLAY32.DLL
    2008-11-03 21:39:02 51576 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWRECE.DLL
    2008-11-03 21:39:02 33656 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWRECC.DLL
    2008-11-03 21:39:02 27520 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWORIENT.DLL
    2008-11-03 21:39:00 87928 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWCUTLIN.DLL
    2008-11-03 21:39:00 127360 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWCUTCHR.DLL
    2008-11-03 21:38:58 77208 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\PSOM.DLL
    2008-11-03 21:38:58 76152 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\FORM.DLL
    2008-11-03 21:38:58 30032 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\THOCRAPI.DLL
    2008-11-03 21:38:58 20360 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\BINDER.DLL
    2008-11-03 21:38:58 19840 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\REVERSE.DLL
    2008-11-03 20:30:08 1079136 ----a-w- c:\program files\common files\microsoft shared\office12\RICHED20.DLL
    2008-11-03 20:14:24 814464 ----a-w- c:\program files\common files\microsoft shared\dw\DW20.EXE
    2008-11-03 20:14:24 439632 ----a-w- c:\program files\common files\microsoft shared\dw\DWDCW20.DLL
    2008-11-03 20:14:24 435096 ----a-w- c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE
    2008-11-03 19:36:30 2872688 ----a-w- c:\program files\common files\microsoft shared\office12\OFFDIAG.EXE
    2008-11-03 19:36:28 441712 ----a-w- c:\program files\common files\microsoft shared\office12\ODSERV.EXE
    2008-11-03 18:09:44 179128 ----a-w- c:\program files\common files\microsoft shared\office12\1033\ACEINTL.DLL
    2008-11-03 17:07:08 50040 ----a-w- c:\program files\common files\system\msmapi\1033\MSMAPI32.DLL
    2008-10-26 00:12:18 16216 ----a-w- c:\program files\common files\microsoft shared\portal\1033\PortalConnect.dll
    2008-10-26 00:12:16 482656 ----a-w- c:\program files\common files\microsoft shared\portal\PortalConnectCore.dll
    2008-10-25 08:09:38 290632 ----a-w- c:\program files\common files\microsoft shared\msclientdatamgr\MSCDM.DLL
    2008-10-25 03:57:54 44408 ----a-w- c:\program files\common files\microsoft shared\office12\MSOXMLMF.DLL
    2008-10-25 01:08:38 145224 ----a-w- c:\program files\common files\microsoft shared\office12\1033\ALRTINTL.DLL
    2008-10-25 00:48:52 89464 ----a-w- c:\program files\common files\microsoft shared\smart tag\METCONV.DLL
    2008-10-25 00:01:28 15224 ----a-w- c:\program files\common files\microsoft shared\office12\ACEODTXT.DLL
    2008-10-25 00:01:28 15224 ----a-w- c:\program files\common files\microsoft shared\office12\ACEODPDX.DLL
    2008-10-25 00:01:28 15224 ----a-w- c:\program files\common files\microsoft shared\office12\ACEODEXL.DLL
    2008-10-25 00:01:28 15224 ----a-w- c:\program files\common files\microsoft shared\office12\ACEODDBS.DLL
    2008-10-24 22:08:36 1682800 ----a-w- c:\program files\common files\microsoft shared\web server extensions\12\bin\FPSRVUTL.DLL
    2008-10-24 17:20:52 436584 ----a-w- c:\program files\common files\microsoft shared\msorun\MSORUN.DLL
    2008-10-24 16:51:26 505192 ----a-w- c:\program files\common files\microsoft shared\office12\MSSOAP30.DLL
    2008-10-24 15:44:58 6040432 ----a-w- c:\program files\common files\system\ole db\msmgdsrv.dll
    2008-10-24 15:44:58 4298096 ----a-w- c:\program files\common files\system\ole db\msolap90.dll
    2008-10-24 15:44:58 276336 ----a-w- c:\program files\common files\system\ole db\msolui90.dll
    2008-10-24 15:44:58 15926640 ----a-w- c:\program files\common files\system\ole db\msmdlocal.dll
    2008-09-17 16:47:08 1425912 ----a-w- c:\program files\common files\microsoft shared\office11\msxml5.dll
    2008-08-25 17:20:22 155648 ----a-w- c:\program files\common files\microsoft shared\vba\vba6\1033\VBE6INTL.DLL
    2008-07-29 15:40:04 73720 ----a-w- c:\windows\system32\dxva2.dll
    2008-07-29 15:40:04 493048 ----a-w- c:\windows\system32\evr.dll
    2008-07-29 15:40:04 26112 ----a-w- c:\windows\system32\TsWpfWrp.exe
    2008-07-29 15:05:46 326160 ----a-w- c:\windows\system32\PresentationHost.exe
    2008-07-29 14:29:58 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
    2008-07-29 14:29:58 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2008-07-29 14:29:58 161296 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2008-07-29 14:29:58 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2008-07-29 13:54:50 97800 ----a-w- c:\windows\system32\infocardapi.dll
    2008-07-29 13:54:50 622080 ----a-w- c:\windows\system32\icardagt.exe
    2008-07-29 13:54:50 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
    2008-07-29 13:54:50 11264 ----a-w- c:\windows\system32\icardres.dll
    2008-07-29 00:19:58 586240 ----a-w- c:\windows\system32\icardres.dll.mui
    2008-07-25 05:46:58 83968 ----a-w- c:\windows\system32\mscories.dll
    2008-07-25 05:46:58 282112 ----a-w- c:\windows\system32\mscoree.dll
    2008-07-25 05:46:58 158720 ----a-w- c:\windows\system32\mscorier.dll
    2008-07-25 05:46:58 158720 ----a-w- c:\program files\internet explorer\mui\0409\mscorier.dll
    2008-07-25 05:46:46 96760 ----a-w- c:\windows\system32\dfshim.dll
    2007-06-24 01:44:32 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2007-06-22 01:19:23 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
    2007-06-22 01:19:23 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2007-06-22 01:19:23 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2007-06-22 01:19:23 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
    2007-05-25 05:07:22 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2007-05-25 05:07:22 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2007-05-25 05:07:22 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2007-05-25 05:07:22 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2007-05-25 05:07:22 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2007-05-25 05:07:22 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2007-05-25 05:07:22 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2007-05-16 14:33:59 -------- d-----w- c:\program files\Microsoft Letteris
    2007-05-16 14:32:21 -------- d-----w- c:\program files\Microsoft Dots
    2007-05-16 13:47:51 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Identities
    2007-05-16 13:47:48 -------- d-----w- c:\documents and settings\administrator\application data\Windows Desktop Search
    2007-05-07 06:54:33 -------- d-----w- C:\Root C
    2007-05-07 06:46:49 -------- d-----w- C:\My Documents
    2007-04-27 04:12:00 65536 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2007-04-27 04:12:00 49152 ----a-w- c:\windows\system32\QuickTime.qts
    2007-04-04 07:21:24 -------- d-----w- c:\program files\Windows Installer Clean Up
    2007-03-15 09:17:14 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2007-03-15 09:17:13 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2007-03-12 11:26:11 -------- d-----w- c:\windows\system32\XPSViewer
    2007-03-12 11:24:43 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2007-03-12 11:24:21 14048 ------w- c:\windows\system32\spmsg2.dll
    2007-02-22 13:17:36 444064 ----a-w- c:\windows\system32\VSFLEX7L.OCX
    2007-02-22 13:17:36 362200 ----a-w- c:\windows\system32\VSPRINT7.ocx
    2007-02-22 13:17:36 238512 ----a-w- c:\windows\system32\SizerOne.ocx
    2007-02-22 13:17:36 -------- d-----w- c:\program files\DesktopOrganizer6
    2007-02-02 06:11:14 36864 ----a-w- c:\windows\system32\SDDEVMGR.dll
    2007-01-16 08:18:58 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2007-01-04 07:04:50 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    2007-01-04 07:04:50 32656 ----a-w- c:\windows\system32\msonpmon.dll
    2007-01-04 06:11:30 -------- d-----w- c:\windows\SxsCaPendDel
    2007-01-02 04:36:15 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
    2007-01-02 04:36:15 22016 ----a-w- c:\windows\system32\drivers\MSIRCOMM.sys
    2006-12-15 03:35:28 2362184 ----a-w- c:\windows\system32\SET82.tmp
    2006-12-01 20:38:40 625152 ----a-w- c:\program files\common files\microsoft shared\vc\msdia80.dll
    2006-11-27 06:22:10 -------- d-----w- c:\windows\pss
    2006-11-15 06:31:27 -------- d-----w- C:\e2013d93f184e6446c0b56
    2006-11-13 08:09:16 105256 ----a-w- c:\program files\common files\microsoft shared\notesync forms\VCOMCtl.dll
    2006-11-13 08:09:14 84776 ----a-w- c:\program files\common files\microsoft shared\notesync forms\FormDll.dll
    2006-11-13 08:09:14 76584 ----a-w- c:\program files\common files\microsoft shared\notesync forms\InkProps.dll
    2006-11-13 08:08:58 47912 ----a-w- c:\program files\common files\microsoft shared\notesync forms\VoiceBar.dll
    2006-11-13 08:08:52 36136 ----a-w- c:\program files\common files\microsoft shared\notesync forms\inkx.dll
    2006-11-13 08:08:28 95016 ----a-w- c:\program files\common files\microsoft shared\notesync forms\InkForm.exe
    2006-11-13 08:08:26 95016 ----a-w- c:\program files\common files\microsoft shared\notesync forms\VoiceFrm.exe
    2006-10-27 09:40:08 44304 ----a-w- c:\program files\common files\microsoft shared\office12\MSOXEV.DLL
    2006-10-26 16:11:50 59152 ----a-w- c:\program files\common files\microsoft shared\office12\MSOXMLED.EXE
    2006-10-26 14:43:46 826232 ----a-w- c:\program files\common files\microsoft shared\office12\ACEWDAT.DLL
    2006-10-26 14:43:44 764800 ----a-w- c:\program files\common files\microsoft shared\office12\ACECNF.DLL
    2006-10-26 14:43:24 125824 ----a-w- c:\program files\common files\microsoft shared\office12\ACECNFLT.EXE
    2006-10-26 14:43:20 52024 ----a-w- c:\program files\common files\microsoft shared\office12\1033\ACEODBCI.DLL
    2006-10-26 14:43:16 49536 ----a-w- c:\program files\common files\microsoft shared\office12\1033\ACECNFRC.DLL
    2006-10-26 14:43:14 35640 ----a-w- c:\program files\common files\microsoft shared\office12\1033\ACERECR.DLL
    2006-10-26 14:42:48 153424 ----a-w- c:\program files\common files\microsoft shared\translat\MSB1CORE.DLL
    2006-10-26 14:42:40 87352 ----a-w- c:\program files\common files\microsoft shared\msinfo\OINFOP12.EXE
    2006-10-26 14:42:28 56656 ----a-w- c:\program files\common files\microsoft shared\translat\MSB1XTOR.DLL
    2006-10-26 14:42:26 40256 ----a-w- c:\program files\common files\microsoft shared\web folders\MSOSV.DLL
    2006-10-26 14:42:16 18744 ----a-w- c:\program files\common files\microsoft shared\msinfo\OINFOS12.DLL
    2006-10-26 14:42:06 11072 ----a-w- c:\program files\common files\microsoft shared\web folders\1033\MSOSVINT.DLL
    2006-10-26 14:22:42 59736 ----a-w- c:\program files\common files\microsoft shared\office12\1033\MSEINTL.DLL
    2006-10-26 14:22:40 12104 ----a-w- c:\program files\common files\microsoft shared\office12\1033\MODHLPUI.DLL
    2006-10-26 14:19:44 75552 ----a-w- c:\program files\common files\microsoft shared\web folders\1033\NSEXTINT.DLL
    2006-10-26 14:19:44 163104 ----a-w- c:\program files\common files\system\ole db\MSDAPML.DLL
    2006-10-26 14:19:36 30512 ----a-w- c:\program files\common files\microsoft shared\office12\1033\ODINTL.DLL
    2006-10-26 14:18:12 108872 ----a-w- c:\program files\common files\microsoft shared\dw\1033\DWINTL20.DLL
    2006-10-26 14:17:10 20304 ----a-w- c:\program files\common files\microsoft shared\office12\MUOPTIN.DLL
    2006-10-26 13:51:52 256312 ----a-w- c:\program files\common files\microsoft shared\smart tag\MOFL.DLL
    2006-10-26 13:51:52 149816 ----a-w- c:\program files\common files\microsoft shared\smart tag\FPERSON.DLL
    2006-10-26 13:51:50 131896 ----a-w- c:\program files\common files\microsoft shared\smart tag\FPLACE.DLL
    2006-10-26 13:51:48 82232 ----a-w- c:\program files\common files\microsoft shared\smart tag\FBIBLIO.DLL
    2006-10-26 13:51:48 73016 ----a-w- c:\program files\common files\microsoft shared\smart tag\FNAME.DLL
    2006-10-26 13:51:48 115512 ----a-w- c:\program files\common files\microsoft shared\smart tag\FSTOCK.DLL
    2006-10-26 13:51:44 72504 ----a-w- c:\program files\common files\microsoft shared\smart tag\FDATE.DLL
    2006-10-26 13:51:44 19256 ----a-w- c:\program files\common files\microsoft shared\smart tag\1033\STINTL.DLL
    2006-10-26 08:40:06 33088 ----a-w- c:\windows\system32\FM20ENU.DLL
    2006-10-26 08:36:22 93968 ----a-w- c:\program files\common files\microsoft shared\office12\MSOICONS.EXE
    2006-10-26 08:33:08 145184 ----a-w- c:\program files\common files\microsoft shared\source engine\OSE.EXE
    2006-10-26 08:28:12 14656 ----a-w- c:\program files\common files\microsoft shared\textconv\WPEQU532.DLL
    2006-10-26 08:26:38 123720 ----a-w- c:\program files\common files\microsoft shared\office12\WISC30.DLL
    2006-10-26 08:26:34 41288 ----a-w- c:\program files\common files\microsoft shared\office12\1033\MSSOAPR3.DLL
    2006-10-26 08:15:06 31960 ----a-w- c:\program files\common files\microsoft shared\vsta\8.0\x86\VSTARemotingServer.dll
    2006-10-26 08:15:06 20160 ----a-w- c:\program files\common files\microsoft shared\vsta\8.0\x86\vsta_ep32.exe
    2006-10-26 08:15:02 873216 ----a-w- c:\program files\common files\microsoft shared\help\hxds.dll
    2006-10-26 08:15:02 268552 ----a-w- c:\program files\common files\microsoft shared\help\msitss55.dll
    2006-10-26 08:15:02 1659656 ----a-w- c:\program files\common files\microsoft shared\help\ITIRCL55.DLL
    2006-10-26 08:15:00 4608 ----a-w- c:\program files\common files\microsoft shared\msenv\publicassemblies\extensibility.dll
    2006-10-26 08:13:02 274432 ----a-w- c:\program files\common files\microsoft shared\ink\IACom.dll
    2006-10-26 08:13:02 155488 ----a-w- c:\program files\common files\microsoft shared\ink\rtscom.dll
    2006-10-26 08:11:56 91912 ----a-w- c:\program files\common files\microsoft shared\office11\1033\msxml5r.dll
    2006-10-26 08:11:16 167200 ----a-w- c:\program files\common files\system\ole db\xmlrw.dll
    2006-10-26 08:11:16 121120 ----a-w- c:\program files\common files\system\ole db\xmlrwbin.dll
    2006-10-24 07:00:20 412160 ------w- c:\windows\system32\photometadatahandler.dll
    2006-10-24 07:00:06 716288 ------w- c:\windows\system32\WindowsCodecs.dll
    2006-10-24 07:00:00 276992 ------w- c:\windows\system32\WMPhoto.dll
    2006-10-24 06:59:50 352256 ------w- c:\windows\system32\WindowsCodecsExt.dll
    2006-10-23 22:43:55 -------- d-----w- c:\program files\Windows Desktop Search
    2006-10-22 17:54:32 91768 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2006-10-20 16:00:06 1980704 ----a-w- c:\windows\system32\milcore.dll
    2006-10-14 18:42:39 -------- d-----w- c:\program files\MSXML 4.0
    2006-10-14 14:52:00 1676288 -c--a-w- c:\windows\system32\dllcache\xpssvcs.dll
    2006-10-14 14:52:00 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
    2006-10-14 14:51:58 575488 -c--a-w- c:\windows\system32\dllcache\xpsshhdr.dll
    2006-10-14 14:51:58 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
    2006-10-14 11:14:44 597504 -c--a-w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2006-10-14 11:14:44 597504 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2006-10-14 11:13:38 117760 ----a-w- c:\windows\system32\prntvpt.dll
    2006-10-14 11:13:18 89088 -c--a-w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2006-10-05 05:47:18 633664 ----a-w- c:\program files\common files\microsoft shared\proof\MSTH3FR.DLL
    2006-09-26 15:31:30 2113536 ----a-w- c:\program files\common files\system\ole db\MSOLAP80.DLL
    2006-09-14 17:33:20 -------- d-----w- c:\program files\System Center Operations Manager 2007
    2006-09-12 11:06:12 21256 ----a-w- c:\program files\common files\microsoft shared\help\1031\hxdsui.dll
    2006-09-12 11:06:12 20744 ----a-w- c:\program files\common files\microsoft shared\help\3082\hxdsui.dll
    2006-09-12 11:06:12 19720 ----a-w- c:\program files\common files\microsoft shared\help\1049\hxdsui.dll
    2006-09-12 11:06:12 18696 ----a-w- c:\program files\common files\microsoft shared\help\1028\hxdsui.dll
    2006-09-12 11:06:10 19720 ----a-w- c:\program files\common files\microsoft shared\help\1046\hxdsui.dll
    2006-09-12 11:06:08 18696 ----a-w- c:\program files\common files\microsoft shared\help\1042\hxdsui.dll
    2006-09-12 11:06:08 18696 ----a-w- c:\program files\common files\microsoft shared\help\1041\hxdsui.dll
    2006-09-12 11:06:06 20744 ----a-w- c:\program files\common files\microsoft shared\help\1040\hxdsui.dll
    2006-09-12 11:06:06 20744 ----a-w- c:\program files\common files\microsoft shared\help\1036\hxdsui.dll
    2006-09-12 11:06:04 18696 ----a-w- c:\program files\common files\microsoft shared\help\2052\hxdsui.dll
    2006-09-12 11:06:04 18696 ----a-w- c:\program files\common files\microsoft shared\help\1033\hxdsui.dll
    2006-08-29 05:02:10 249856 ----a-w- c:\windows\system32\AdtAgent.exe
    2006-08-29 04:52:26 40960 ----a-w- c:\windows\system32\AcsMsgs.dll
    2006-08-24 10:45:06 150808 ----a-w- c:\windows\system32\rgb9rast_2.dll
    2006-08-21 21:43:34 -------- d-----w- c:\program files\MS Review
    2006-08-21 08:38:18 551232 ----a-w- c:\program files\common files\microsoft shared\proof\MSSP3FR.DLL
    2006-08-11 20:24:52 348160 ----a-w- c:\program files\common files\microsoft shared\office12\vs runtime\MSVCR71.DLL
    2006-08-01 08:20:00 1100560 ----a-w- c:\program files\common files\microsoft shared\proof\3082\MSGR3ES.DLL
    2006-08-01 08:19:52 408336 ----a-w- c:\program files\common files\microsoft shared\proof\MSHY3FR.DLL
    2006-08-01 08:19:48 68440 ----a-w- c:\program files\common files\microsoft shared\proof\MSHYPH2.DLL
    2006-07-28 03:43:59 -------- d-----w- c:\program files\MSECache
    2006-07-26 10:57:18 576320 ----a-w- c:\program files\common files\microsoft shared\proof\MSLID.DLL
    2006-07-25 07:50:22 6317328 ----a-w- c:\program files\common files\microsoft shared\proof\1036\MSGR3FR.DLL
    2006-07-24 05:20:40 47920 ----a-w- c:\windows\system32\VBAME.DLL
    2006-07-24 05:20:40 39728 ----a-w- c:\windows\system32\SCP32.DLL
    2006-07-24 05:20:38 125744 ----a-w- c:\windows\system32\MSSTDFMT.DLL
    2006-07-13 08:03:08 3152704 ----a-w- c:\program files\common files\microsoft shared\proof\1033\MSGR3EN.DLL
    2006-07-10 04:18:30 27920 ----a-w- c:\windows\system32\drivers\ino_flpy.sys
    2006-07-07 03:34:58 161296 ----a-w- c:\windows\system32\drivers\ino_fltr.sys
    2006-06-10 07:42:56 82176 ----a-w- c:\windows\system32\drivers\gpccard.sys
    2006-06-01 18:47:07 27648 -c----w- c:\windows\system32\dllcache\jgpl400.dll
    2006-06-01 18:47:07 163840 -c----w- c:\windows\system32\dllcache\jgdw400.dll
    2006-05-10 13:42:35 274288 ----a-w- c:\windows\system32\mucltui.dll
    2006-05-05 09:41:45 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2006-04-24 04:05:00 854152 ----a-w- c:\program files\common files\microsoft shared\proof\MSTH3ES.DLL
    2006-04-24 03:28:00 919696 ----a-w- c:\program files\common files\microsoft shared\proof\MSHY3ES.DLL
    2006-04-15 06:58:58 28672 ------w- c:\windows\system32\verclsid.exe
    2006-04-14 06:29:58 33792 ------w- c:\program files\internet explorer\custsat.dll
    2006-04-14 06:29:58 247808 ----a-w- c:\program files\internet explorer\ieproxy.dll
    2006-04-14 06:29:58 11070976 -c--a-w- c:\windows\system32\dllcache\ieframe.dll
    2006-03-30 15:22:53 -------- d-----w- c:\windows\ms
    2006-03-30 14:55:55 109264 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\IPSecCheck.exe
    2006-03-30 14:55:54 109264 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\IPSecCheckServer.exe
    2006-03-20 08:06:08 26112 ----a-w- c:\windows\system32\idndl.dll
    2006-03-20 08:06:08 23552 ----a-w- c:\windows\system32\normaliz.dll
    2006-03-10 06:08:46 96960 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\SRUDiags.exe
    2006-03-10 06:08:46 58624 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\ConfigureOneCare.exe
    2006-02-18 00:37:13 101176 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\PatchIT.exe
    2006-02-18 00:37:12 117560 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\PatchITServer.exe
    2006-02-09 10:50:00 334560 ----a-w- c:\windows\system32\ccmcore.dll
    2006-02-09 10:50:00 13536 ----a-w- c:\windows\ISMIF32.dll
    2005-12-05 16:52:37 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
    2005-12-05 16:52:37 21504 ----a-w- c:\windows\system32\hidserv.dll
    2005-10-07 14:03:15 -------- d-----w- c:\program files\Plaxo
    2005-10-05 00:38:04 720384 ------w- C:\theme generator 1.0.msi
    2005-10-04 23:41:04 -------- d-----w- c:\program files\Audio Converter
    2005-09-11 07:09:42 -------- d-----w- c:\program files\Skype
    2005-09-08 08:03:50 86728 ----a-w- c:\windows\system32\msxml6r.dll
    2005-09-06 20:46:53 90416 ------w- c:\windows\system32\drivers\meiudf.sys
    2005-09-06 20:46:53 155648 ------w- c:\windows\system32\RAMASST.exe
    2005-09-06 20:46:53 135168 ------w- c:\windows\system32\DVDMenu.dll
    2005-09-06 20:46:53 106496 ------w- c:\windows\system32\DVDRAMSV.exe
    2005-09-06 20:46:52 -------- d-----w- c:\program files\DVD-RAM
    2005-09-06 20:44:36 -------- d-----w- C:\DVDRam.temp
    2005-09-06 20:43:34 -------- d-----w- c:\program files\Maxtor
    2005-09-05 15:42:11 -------- d-----w- c:\program files\Visimation
    2005-07-22 20:18:33 -------- d-----w- c:\program files\PRM
    2005-07-19 20:45:22 25792 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lmdippr.dll
    2005-07-19 20:45:21 43200 ----a-w- c:\windows\system32\lmdimon.dll
    2005-07-13 16:50:35 -------- d-----w- c:\program files\Potala Software
    2005-07-08 02:23:15 -------- d-----w- c:\documents and settings\all users\application data\Trymedia
    2005-07-05 19:24:58 1160904 ----a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPSRVUTL.DLL
    2005-06-29 19:00:51 -------- d-----w- c:\windows\system32\PreInstall
    2005-06-18 14:19:34 -------- d-----w- c:\program files\Yahoo!
    2005-06-18 14:14:52 28672 ----a-w- c:\windows\system32\vidcap.ax
    2005-06-18 14:14:51 90624 ----a-w- c:\windows\system32\kswdmcap.ax
    2005-06-18 14:14:51 61952 ----a-w- c:\windows\system32\kstvtune.ax
    2005-06-18 14:14:46 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2005-06-18 14:14:46 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
    2005-06-18 14:14:46 43008 ----a-w- c:\windows\system32\ksxbar.ax
    2005-06-18 06:48:21 53248 ----a-r- c:\windows\system32\InstMed.exe
    2005-06-18 06:48:17 372736 ----a-w- c:\windows\system32\LVUI2RC.dll
    2005-06-18 06:48:17 22016 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
    2005-06-18 06:48:17 204800 ----a-w- c:\windows\system32\LVUI2.dll
    2005-06-18 06:48:17 204800 ----a-w- c:\windows\system32\LVCodec2.dll
    2005-06-18 06:48:17 106496 ----a-w- c:\windows\system32\lvcoinst.dll
    2005-06-18 06:48:16 348160 ----a-w- c:\windows\system\msvcr71.dll
    2005-06-18 06:48:16 326656 ----a-w- c:\windows\system32\drivers\Camdrl.sys
    2005-06-18 06:48:16 2180096 ----a-w- c:\windows\system32\drivers\lvsvf2.sys
    2005-06-18 06:48:16 139264 ----a-w- c:\windows\system\CamExL20.dll
    2005-06-18 06:46:52 724992 -c--a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iKernel.dll
    2005-06-18 06:46:52 69715 -c--a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\ctor.dll
    2005-06-18 06:46:52 5632 -c--a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\DotNetInstaller.exe
    2005-06-18 06:46:52 266240 -c--a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iscript.dll
    2005-06-18 06:46:52 192512 -c--a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iuser.dll
    2005-06-18 06:46:51 184452 -c--a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iGdi.dll
    2005-06-18 06:46:50 311428 -c--a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\Setup.dll
    2005-06-18 05:47:45 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
    2005-06-18 05:47:45 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2005-06-18 05:45:25 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
    2005-06-18 05:45:25 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2005-06-15 19:35:40 -------- d-----w- c:\program files\Microsoft Money 2005
    2005-06-08 17:52:10 -------- d-----w- c:\program files\Microsoft Voice Command
    2005-06-02 16:44:41 -------- d-----w- c:\program files\Enhanced Telephony
    2005-05-26 11:19:32 215920 ----a-w- c:\windows\system32\muweb.dll
    2005-05-19 21:17:53 -------- d-----w- c:\windows\system32\DRM
    2005-05-18 13:29:18 203976 ----a-r- c:\windows\system32\RICHTX32.OCX
    2005-05-18 13:29:16 24064 ----a-r- c:\windows\system32\msxml3a.dll
    2005-05-18 13:29:11 -------- d-----w- c:\program files\swift
    2005-05-09 21:59:38 1716736 ----a-w- c:\program files\messenger\Msmsgs.exe
    2005-05-09 21:59:26 72704 ----a-w- c:\program files\messenger\Msgsc.dll
    2005-05-09 21:59:26 196096 -c--a-w- c:\program files\messenger\msimnetc.dll
    2005-05-09 21:59:24 201216 -c--a-w- c:\program files\messenger\msimmsgr.dll
    2005-05-09 21:58:54 348160 ----a-w- c:\program files\messenger\msvcr71.dll
    2005-05-09 21:58:54 28672 -c--a-w- c:\program files\messenger\custsat.dll
    2005-05-09 21:57:50 182784 ----a-w- c:\program files\messenger\msgslang.dll
    2005-05-09 21:54:34 215232 -c--a-w- c:\program files\messenger\rtcimsp.dll
    2005-05-09 16:24:51 -------- d-----w- c:\program files\Microsoft
    2005-05-04 07:06:32 1411816 ----a-w- c:\program files\common files\system\ole db\MSDMINE.DLL
    2005-05-04 07:06:30 1071856 ----a-w- c:\program files\common files\system\ole db\MSMDGD80.DLL
    2005-05-04 07:06:28 465640 ----a-w- c:\program files\common files\system\ole db\MSDMENG.DLL
    2005-05-04 07:06:26 240360 ----a-w- c:\program files\common files\system\ole db\MSMDCB80.DLL
    2005-05-04 07:06:26 228152 ----a-w- c:\program files\common files\system\ole db\MSOLUI80.DLL
    2005-05-04 07:06:26 199408 ----a-w- c:\program files\common files\system\ole db\MSMDUN80.DLL
    2005-04-24 20:27:38 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2005-04-24 20:27:36 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2005-04-24 20:27:34 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2005-04-24 20:27:34 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2005-04-22 06:26:12 362 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\CSCredH.reg
    2005-04-22 06:26:12 26 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\ips5_2d.bat
    2005-04-22 06:26:12 201 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\ips5_2e.bat
    2005-04-22 06:26:12 142160 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\CSQFINST.EXE
    2005-04-22 06:25:57 142152 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\CSPunchIt.exe
    2005-04-22 06:25:57 113440 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\CSCredH.exe
    2005-04-22 06:24:21 65536 ----a-w- c:\windows\system32\SMSRsGenCtl.dll
    2005-04-22 06:24:21 19456 ----a-w- c:\windows\system32\SMSRsGen.dll
    2005-04-19 23:29:10 -------- d-----w- c:\windows\system32\NtmsData
    2005-04-19 21:11:25 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
    2005-04-19 21:11:25 17408 ----a-w- c:\windows\system32\drivers\gpr400.sys
    2005-04-19 01:40:28 163840 ----a-w- c:\windows\system32\GemPCCardCoInstaller.dll
    2005-04-15 22:23:48 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
    2005-04-11 16:50:05 -------- d-----w- c:\program files\ItsDeductibleEX
    2005-04-11 16:48:57 110592 ----a-w- c:\windows\system32\tsccvid.dll
    2005-04-11 16:48:12 -------- d-----w- c:\documents and settings\all users\application data\Intuit
    2005-04-11 16:47:05 -------- d-----w- c:\program files\common files\Intuit
    2005-04-11 16:45:03 -------- d-----w- c:\program files\TurboTax
    2005-04-07 23:40:11 -------- d-----w- C:\WINNT
    2005-04-07 23:39:33 -------- d-----w- C:\DTToys
    2005-04-07 23:25:53 -------- d-----w- c:\program files\Theme Generator Smartphone
    2005-04-07 21:56:55 -------- d-----w- c:\windows\system32\LogFiles
    2005-04-07 21:47:51 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
    2005-04-07 21:47:51 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
    2005-04-07 21:47:51 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
    2005-04-07 21:47:51 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
    2005-04-07 16:37:06 -------- d-----w- c:\documents and settings\all users\SmsDm
    2005-04-07 04:31:23 33142 -c--a-w- c:\windows\system32\dllcache\cmbp0wdm.sys
    2005-04-07 04:31:23 33142 ----a-w- c:\windows\system32\drivers\cmbp0wdm.sys
    2005-04-06 18:49:26 -------- d-----r- C:\Favorites
    2005-04-06 09:50:02 469984 ----a-w- c:\windows\system32\RmActivate.exe
    2005-04-06 09:50:02 467424 ----a-w- c:\windows\system32\RmActivate_isv.exe
    2005-04-06 09:50:02 442336 ----a-w- c:\windows\system32\SecProc.dll
    2005-04-06 09:50:02 429024 ----a-w- c:\windows\system32\SecProc_isv.dll
    2005-04-06 09:50:02 355808 ----a-w- c:\windows\system32\RmActivate_ssp_isv.exe
    2005-04-06 09:50:02 351712 ----a-w- c:\windows\system32\RmActivate_ssp.exe
    2005-04-06 09:50:00 268768 ----a-w- c:\windows\system32\msdrm.dll
    2005-04-06 09:50:00 191456 ----a-w- c:\windows\system32\SecProc_ssp_isv.dll
    2005-04-06 09:50:00 191456 ----a-w- c:\windows\system32\SecProc_ssp.dll
    2005-04-06 00:45:47 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2005-04-06 00:37:13 -------- d-----w- c:\program files\IT Connection Manager
    2005-04-06 00:36:23 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2005-04-06 00:36:22 43008 --s-a-w- c:\windows\system32\pintool.exe
    2005-04-06 00:13:32 221184 ----a-w- c:\windows\system32\wmpns.dll
    2005-03-25 23:49:20 695488 ----a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPWEL.DLL
    2005-03-25 23:49:06 800960 ----a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPWEC.DLL
    2005-03-24 23:59:20 127366 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\RASPatch.vbe
    2005-02-16 12:50:02 100864 ------w- c:\documents and settings\all users\application data\microsoft\network\connections\cm\sru\cm_info.exe
    2005-02-09 02:18:54 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
    2005-02-09 02:18:54 4992 ----a-w- c:\windows\system32\drivers\toside.sys
    2005-02-09 02:17:02 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
    2005-02-09 02:17:02 5376 ----a-w- c:\windows\system32\drivers\viaide.sys
    2005-02-09 02:13:00 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
    2005-02-09 02:13:00 6656 ----a-w- c:\windows\system32\drivers\cmdide.sys
    2005-02-09 02:11:59 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
    2005-02-09 02:11:59 5248 ----a-w- c:\windows\system32\drivers\aliide.sys
    2005-02-09 02:07:49 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
    2005-02-09 02:07:49 36736 ----a-w- c:\windows\system32\drivers\ultra.sys
    2005-02-09 02:06:40 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
    2005-02-09 02:06:40 16000 ----a-w- c:\windows\system32\drivers\ini910u.sys
    2005-02-09 02:06:35 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
    2005-02-09 02:06:35 12032 ----a-w- c:\windows\system32\drivers\amsint.sys
    2005-02-09 02:06:32 23552 -c--a-w- c:\windows\system32\dllcache\abp480n5.sys
    2005-02-09 02:06:32 23552 ----a-w- c:\windows\system32\drivers\ABP480N5.SYS
    2005-02-09 02:06:29 22400 -c--a-w- c:\windows\system32\dllcache\asc3350p.sys
    2005-02-09 02:06:29 22400 ----a-w- c:\windows\system32\drivers\asc3350p.sys
    2005-02-09 02:06:18 26496 -c--a-w- c:\windows\system32\dllcache\asc.sys
    2005-02-09 02:06:18 26496 ----a-w- c:\windows\system32\drivers\asc.sys
    2005-02-09 02:06:15 14848 -c--a-w- c:\windows\system32\dllcache\asc3550.sys
    2005-02-09 02:06:15 14848 ----a-w- c:\windows\system32\drivers\asc3550.sys
    2005-02-09 02:05:35 14720 -c--a-w- c:\windows\system32\dllcache\dac960nt.sys
    2005-02-09 02:05:35 14720 ----a-w- c:\windows\system32\drivers\dac960nt.sys
    2005-02-09 02:04:58 179584 -c--a-w- c:\windows\system32\dllcache\dac2w2k.sys
    2005-02-09 02:04:58 179584 ----a-w- c:\windows\system32\drivers\dac2w2k.sys
    2005-02-09 02:04:01 7680 -c--a-w- c:\windows\system32\dllcache\cd20xrnt.sys
    2005-02-09 02:04:01 7680 ----a-w- c:\windows\system32\drivers\cd20xrnt.sys
    2005-02-09 01:59:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
    2005-02-09 01:59:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
    2005-02-09 01:58:56 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
    2005-02-09 01:58:56 18560 ----a-w- c:\windows\system32\drivers\i2omp.sys
    2005-02-09 01:58:07 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
    2005-02-09 01:58:07 45312 ----a-w- c:\windows\system32\drivers\ql12160.sys
    2005-02-09 01:57:34 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
    2005-02-09 01:57:34 49024 ----a-w- c:\windows\system32\drivers\ql1280.sys
    2005-02-09 01:57:17 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
    2005-02-09 01:57:17 40448 ----a-w- c:\windows\system32\drivers\ql1240.sys
    2005-02-09 01:57:01 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
    2005-02-09 01:57:01 40320 ----a-w- c:\windows\system32\drivers\ql1080.sys
    2005-02-09 01:56:44 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
    2005-02-09 01:56:44 33152 ----a-w- c:\windows\system32\drivers\ql10wnt.sys
    2005-02-09 01:54:42 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
    2005-02-09 01:54:42 16256 ----a-w- c:\windows\system32\drivers\symc810.sys
    2005-02-09 01:54:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
    2005-02-09 01:54:07 30688 ----a-w- c:\windows\system32\drivers\sym_u3.sys
    2005-02-09 01:52:39 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
    2005-02-09 01:52:39 32640 ----a-w- c:\windows\system32\drivers\symc8xx.sys
    2005-02-09 01:50:53 25952 -c--a-w- c:\windows\system32\dllcache\hpn.sys
    2005-02-09 01:50:53 25952 ----a-w- c:\windows\system32\drivers\hpn.sys
    2005-02-09 01:49:44 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
    2005-02-09 01:49:44 5504 ----a-w- c:\windows\system32\drivers\perc2hib.sys
    2005-02-09 01:48:56 27296 -c--a-w- c:\windows\system32\dllcache\perc2.sys
    2005-02-09 01:48:56 27296 ----a-w- c:\windows\system32\drivers\perc2.sys
    2005-02-09 01:46:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
    2005-02-09 01:46:52 17280 ----a-w- c:\windows\system32\drivers\mraid35x.sys
    2005-02-09 01:46:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
    2005-02-09 01:46:07 28384 ----a-w- c:\windows\system32\drivers\sym_hi.sys
    2005-02-09 01:46:01 14976 -c--a-w- c:\windows\system32\dllcache\cpqarray.sys
    2005-02-09 01:46:01 14976 ----a-w- c:\windows\system32\drivers\cpqarray.sys
    2005-02-09 01:43:16 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
    2005-02-09 01:43:16 20192 ----a-w- c:\windows\system32\drivers\dpti2o.sys
    2005-02-09 01:42:24 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
    2005-02-09 01:42:24 56960 ----a-w- c:\windows\system32\drivers\aic78xx.sys
    2005-02-09 01:42:14 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
    2005-02-09 01:42:14 55168 ----a-w- c:\windows\system32\drivers\aic78u2.sys
    2005-02-09 01:41:57 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
    2005-02-09 01:41:57 101888 ----a-w- c:\windows\system32\drivers\adpu160m.sys
    2005-02-09 01:38:03 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
    2005-02-09 01:38:03 19072 ----a-w- c:\windows\system32\drivers\sparrow.sys
    2005-02-09 01:37:53 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
    2005-02-09 01:37:53 12800 ----a-w- c:\windows\system32\drivers\aha154x.sys
    2005-02-09 01:36:35 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
    2005-02-09 01:36:35 42240 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS
    2005-02-09 01:30:53 41088 -c--a-w- c:\windows\system32\dllcache\sisagp.sys
    2005-02-09 01:30:53 41088 ----a-w- c:\windows\system32\drivers\SISAGP.SYS
    2005-02-09 01:30:08 44928 -c--a-w- c:\windows\system32\dllcache\agpcpq.sys
    2005-02-09 01:30:08 44928 ----a-w- c:\windows\system32\drivers\AGPCPQ.SYS
    2005-02-09 01:15:54 43008 -c--a-w- c:\windows\system32\dllcache\amdagp.sys
    2005-02-09 01:15:54 43008 ----a-w- c:\windows\system32\drivers\AMDAGP.SYS
    2005-02-09 01:15:43 42752 -c--a-w- c:\windows\system32\dllcache\alim1541.sys
    2005-02-09 01:15:43 42752 ----a-w- c:\windows\system32\drivers\ALIM1541.SYS
    2005-02-09 01:09:16 352768 ----a-w- c:\windows\system32\MSDRMClient.msi
    2005-02-08 22:25:03 -------- d-----w- c:\program files\OfficeUpdate11
    2005-02-08 21:31:53 28726 ----a-w- c:\windows\system32\ismifcom.dll
    2005-02-08 21:15:11 -------- d-----w- c:\program files\Windows Media Connect
    2005-02-08 21:15:03 -------- d-----w- c:\program files\HighMAT CD Writing Wizard
    2005-02-08 21:14:59 -------- d-----w- c:\windows\Downloaded Installations
    2005-02-08 20:57:21 35552 -c--a-w- c:\windows\system32\dllcache\wups.dll
    2005-02-08 20:57:18 575704 -c--a-w- c:\windows\system32\dllcache\wuapi.dll
    2005-02-08 20:57:18 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2005-02-08 20:46:44 -------- d-sh--w- c:\documents and settings\administrator\UserData
    2005-02-08 20:29:30 -------- d-----w- c:\windows\system32\VPCache
    2005-02-08 08:48:59 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
    2005-02-08 08:48:59 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2005-02-08 08:43:32 53248 ----a-w- c:\windows\system32\Prounstl.exe
    2005-02-08 08:43:32 23040 ----a-w- c:\windows\system32\IntelNic.dll
    2005-02-08 08:43:32 16384 ----a-w- c:\windows\system32\e100bmsg.dll
    2005-02-08 08:42:47 17232 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
    2005-02-08 08:41:14 -------- d-----w- c:\program files\InterVideo
    2005-02-08 08:35:34 12032 ----a-w- c:\windows\system32\drivers\Netdevio.sys
    2005-02-08 08:35:30 696320 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
    2005-02-08 08:35:30 57344 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
    2005-02-08 08:35:30 5632 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
    2005-02-08 08:35:30 237568 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
    2005-02-08 08:35:30 155648 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
    2005-02-08 08:35:29 282756 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
    2005-02-08 08:35:29 163972 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
    2005-02-08 08:35:01 -------- d-----w- c:\windows\system32\SDA
    2005-02-08 08:34:22 53248 ----a-w- c:\windows\system32\TSigGina.dll
    2005-02-08 08:34:22 131072 ----a-w- c:\windows\system32\TosSig.dll
    2005-02-08 08:34:22 1302528 ----a-w- c:\windows\system32\TSigReco.dll
    2005-02-08 08:31:57 372224 -c--a-w- c:\windows\IsUn0411.exe
    2005-02-08 08:30:45 135168 -c--a-w- c:\windows\svae_unst.exe
    2005-02-08 08:30:09 5888 ----a-w- c:\windows\system32\drivers\TMEI3E.sys
    2005-02-08 08:30:09 49152 ----a-w- c:\windows\TMEVALDD.dll
    2005-02-08 08:30:09 208896 ----a-w- c:\windows\system32\tmeprop.cpl
    2005-02-08 08:28:01 520192 ----a-w- c:\windows\system32\HWSETUP.CPL
    2005-02-08 08:28:01 36864 ----a-w- c:\windows\system32\tcleanup.exe
    2005-02-08 08:28:01 24576 ----a-w- c:\windows\system32\TSCIEX.DLL
    2005-02-08 08:28:01 184320 ----a-w- c:\windows\system32\TSCCALL.DLL
    2005-02-08 08:28:01 135168 ----a-w- c:\windows\system32\TSDTOKEN.DLL
    2005-02-08 08:28:01 126976 ----a-w- c:\windows\system32\tutildel.exe
    2005-02-08 08:26:20 40960 ----a-w- c:\windows\system32\SetRot.exe
    2005-02-08 08:23:27 262144 ----a-w- c:\windows\system32\SMBIOS.ocx
    2005-02-08 08:23:02 6867 ----a-w- c:\windows\system32\drivers\tbiosdrv.sys
    2005-02-08 08:23:02 1273856 -c--a-w- c:\windows\InstDrvr.exe
    2005-02-08 08:21:09 53248 ----a-w- c:\windows\system32\TPwrCfg.dll
    2005-02-08 08:21:09 45056 ----a-w- c:\windows\system32\TPSAddin.dll
    2005-02-08 08:21:09 1257472 ----a-w- c:\windows\system32\TPwrSave.cpl
    2005-02-08 08:21:08 90112 ----a-w- c:\windows\system32\CpuPerf.dll
    2005-02-08 08:21:08 81920 ----a-w- c:\windows\system32\TPwrReg.dll
    2005-02-08 08:21:08 53248 ----a-w- c:\windows\system32\TPSTrace.dll
    2005-02-08 08:21:08 53248 ----a-w- c:\windows\system32\TPSDel.dll
    2005-02-08 08:21:08 45056 ----a-w- c:\windows\system32\TPSMainCtl.dll
    2005-02-08 08:21:08 45056 ----a-w- c:\windows\system32\TPSBattM.exe
    2005-02-08 08:21:08 32768 ----a-w- c:\windows\system32\TPeculiarity.dll
    2005-02-08 08:21:08 278528 ----a-w- c:\windows\system32\TPSMain.exe
    2005-02-08 08:19:48 -------- d-----w- c:\documents and settings\administrator\WINDOWS
    2005-02-08 08:19:33 892928 -c--a-w- c:\windows\tabtsb.dll
    2005-02-08 08:19:22 8832 ----a-w- c:\windows\system32\drivers\TBtnKey.sys
    2005-02-08 08:17:15 36864 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll
    2005-02-08 08:17:14 172032 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe
    2005-02-08 08:17:12 98304 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll
    2005-02-08 08:14:16 9216 ----a-w- c:\windows\system32\drivers\TVALZ.SYS
    2005-02-08 08:14:16 53248 ----a-w- c:\windows\system32\InsSecRc.scr
    2005-02-08 08:14:16 53248 ----a-w- c:\windows\system32\InsSec.scr
    2005-02-08 08:14:16 49152 ----a-w- c:\windows\system32\BrigthDL.dll
    2005-02-08 08:14:16 40960 ----a-w- c:\windows\system32\Thkemrun.exe
    2005-02-08 08:14:16 32768 ----a-w- c:\windows\system32\TWarnMsg.exe
    2005-02-08 08:14:16 258048 ----a-w- c:\windows\system32\00THotkey.exe
    2005-02-08 08:14:16 24576 ----a-w- c:\windows\system32\Tsci.dll
    2005-02-08 08:14:16 24576 ----a-w- c:\windows\system32\Thci.dll
    2005-02-08 08:14:16 24576 ----a-w- c:\windows\system32\000StTHK.exe
    2005-02-08 08:14:15 -------- d-----w- c:\program files\Toshiba
    2005-02-08 08:12:23 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
    2005-02-08 08:12:05 -------- d-----w- c:\documents and settings\administrator\local settings\application data\{7148F0A6-6813-11D6-A77B-00B0D0142050}
    2005-02-08 08:11:19 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
    2005-02-08 08:11:19 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
    2005-02-08 08:11:11 27136 -c--a-w- c:\windows\system32\dllcache\irmon.dll
    2005-02-08 08:11:11 27136 ----a-w- c:\windows\system32\irmon.dll
    2005-02-08 08:11:10 87424 -c--a-w- c:\windows\system32\dllcache\irda.sys
    2005-02-08 08:11:10 87424 ----a-w- c:\windows\system32\drivers\irda.sys
    2005-02-08 08:11:10 152576 -c--a-w- c:\windows\system32\dllcache\irftp.exe
    2005-02-08 08:11:10 152576 ----a-w- c:\windows\system32\irftp.exe
    2005-02-08 08:11:09 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
    2005-02-08 08:11:09 8192 ----a-w- c:\windows\system32\wshirda.dll
    2005-02-08 08:11:06 38425 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
    2005-02-08 08:11:06 38425 ----a-w- c:\windows\system32\drivers\smcirda.sys
    2005-02-08 08:10:44 99577 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
    2005-02-08 08:10:44 81739 ----a-w- c:\windows\system32\Vxdif.dll
    2005-02-08 08:10:44 -------- d-----w- c:\program files\Apoint2K
    2005-02-08 08:10:41 212992 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
    2005-02-08 08:10:32 88363 ----a-w- c:\windows\agrsmmsg.exe
    2005-02-08 08:10:32 77824 ----a-w- c:\windows\system32\tosmreg.exe
    2005-02-08 08:10:32 45056 ----a-w- c:\windows\system32\csellang.dll
    2005-02-08 08:10:32 130048 -c--a-w- c:\windows\agrsmdel.exe
    2005-02-08 08:10:32 110592 ----a-w- c:\windows\system32\cselect.exe
    2005-02-08 08:10:32 -------- d-----w- c:\program files\ltmoh
    2005-02-08 08:10:14 -------- d-----w- c:\windows\Options
    2005-02-08 08:08:11 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
    2005-02-08 08:07:45 991232 ----a-w- c:\windows\system32\W22MLRES.DLL
    2005-02-08 08:07:15 991232 ----a-w- c:\windows\system32\W70MLRES.DLL
    2005-02-08 08:07:15 970752 ----a-w- c:\windows\system32\W20MLRES.DLL
    2005-02-08 08:05:58 7552 -c--a-w- c:\windows\system32\dllcache\mskssrv.sys
    2005-02-08 08:04:02 -------- d-----w- c:\windows\nview
    2005-02-08 08:00:34 -------- d-----w- c:\windows\system32\ReinstallBackups
    2005-02-08 08:00:23 225280 -c--a-w- c:\program files\common files\installshield\iscript\IScript.dll
    2005-02-08 08:00:22 77824 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
    2005-02-08 08:00:22 32768 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
    2005-02-08 08:00:22 176128 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
    2005-02-08 08:00:21 692356 -c----w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
    2005-02-08 07:58:22 173 -c--a-w- c:\windows\CBCDDEL.BAT
    2005-02-08 07:58:22 105 -c--a-w- c:\windows\BVER.BAT
    .
    ==================== Find3M ====================
    .
    2011-03-26 05:07:12 107776 ----a-w- c:\windows\system32\drivers\ZTEusbvoice.sys
    2011-03-26 05:07:12 107776 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
    2011-03-26 05:07:12 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
    2011-03-26 05:07:12 107776 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
    2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-25 06:24:35 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-02-24 12:31:30 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 13:19:55 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 12:39:04 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:47:05 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:01:43 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2010-01-29 15:08:04 683520 ----a-w- c:\windows\system32\inetcomm.dll
    2010-01-29 14:43:39 307260 ----a-w- c:\windows\system32\l3codeca.acm
    2010-01-29 14:43:39 143422 ----a-w- c:\windows\system32\l3codecx.ax
    2010-01-13 14:10:54 85504 ----a-w- c:\windows\system32\cabview.dll
    2009-12-31 16:14:12 352640 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-24 07:05:26 177664 ----a-w- c:\windows\system32\wintrust.dll
    2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-11-27 17:33:35 17920 ----a-w- c:\windows\system32\msyuv.dll
    2009-11-27 17:33:35 1291264 ----a-w- c:\windows\system32\quartz.dll
    2009-11-27 16:37:27 8704 ----a-w- c:\windows\system32\tsbyuv.dll
    2009-11-27 16:37:27 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-11-27 16:37:27 48128 ----a-w- c:\windows\system32\iyuv_32.dll
    2009-11-27 16:37:27 28672 ----a-w- c:\windows\system32\msvidc32.dll
    2009-11-27 16:37:27 11264 ----a-w- c:\windows\system32\msrle32.dll
    2009-11-21 16:36:13 470528 ----a-w- c:\windows\apppatch\aclayers.dll
    2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 14:58:48 263552 ----a-w- c:\windows\system32\drivers\http.sys
    2009-10-15 17:21:48 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-10-15 17:21:47 82432 ----a-w- c:\windows\system32\fontsub.dll
    2009-10-13 10:45:12 270336 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
    2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
    2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
    2009-09-01 14:32:11 282654 ----a-w- c:\windows\system32\msaud32.acm
    2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
    2009-08-25 09:47:14 352256 ----a-w- c:\windows\system32\winhttp.dll
    2009-08-14 12:19:41 1850112 ----a-w- c:\windows\system32\win32k.sys
    2009-08-06 13:54:10 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
    2009-08-05 09:11:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-07-31 04:57:32 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2009-07-17 18:55:28 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-17 16:27:47 1435648 ----a-w- c:\windows\system32\query.dll
    2009-07-13 04:38:14 286720 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-06-25 18:36:08 95744 ----a-w- c:\windows\system32\mqsec.dll
    2009-06-25 18:36:08 661504 ----a-w- c:\windows\system32\mqqm.dll
    2009-06-25 18:36:08 517120 ----a-w- c:\windows\system32\mqsnap.dll
    2009-06-25 18:36:08 48640 ----a-w- c:\windows\system32\mqupgrd.dll
    2009-06-25 18:36:08 471552 ----a-w- c:\windows\system32\mqutil.dll
    2009-06-25 18:36:08 47104 ----a-w- c:\windows\system32\mqdscli.dll
    2009-06-25 18:36:08 225280 ----a-w- c:\windows\system32\mqoa.dll
    2009-06-25 18:36:08 186880 ----a-w- c:\windows\system32\mqtrig.dll
    2009-06-25 18:36:08 177152 ----a-w- c:\windows\system32\mqrt.dll
    2009-06-25 18:36:08 16896 ----a-w- c:\windows\system32\mqise.dll
    2009-06-25 18:36:08 138240 ----a-w- c:\windows\system32\mqad.dll
    2009-06-25 18:36:08 123392 ----a-w- c:\windows\system32\mqrtdep.dll
    2009-06-25 08:44:41 724480 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-25 08:44:41 59392 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-25 08:44:41 56320 ----a-w- c:\windows\system32\secur32.dll
    2009-06-25 08:44:41 298496 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-25 08:44:41 168448 ----a-w- c:\windows\system32\schannel.dll
    2009-06-22 11:49:23 19968 ----a-w- c:\windows\system32\mqbkup.exe
    2009-06-22 11:49:23 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
    2009-06-22 11:49:04 4608 ----a-w- c:\windows\system32\mqsvc.exe
    2009-06-22 11:48:44 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
    2009-06-22 11:34:52 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-06-12 11:50:54 80896 ----a-w- c:\windows\system32\tlntsess.exe
    2009-06-12 11:50:53 76288 ----a-w- c:\windows\system32\telnet.exe
    2009-06-10 06:32:40 132096 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-05 07:42:37 655872 ----a-w- c:\windows\system32\mstscax.dll
    2009-05-07 15:44:00 344064 ----a-w- c:\windows\system32\localspl.dll
    2009-04-15 15:11:19 584192 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-04-09 19:31:38 413032 ----a-w- c:\windows\system32\wmspdmod.dll
    2009-03-07 23:05:10 385024 ----a-w- c:\windows\system32\html.iec
    2009-03-07 23:04:30 43008 ----a-w- c:\windows\system32\licmgr10.dll
    2009-03-07 23:03:40 18944 ----a-w- c:\windows\system32\corpol.dll
    2009-03-07 23:02:56 72704 ----a-w- c:\windows\system32\admparse.dll
    2009-03-07 23:02:50 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-03-07 23:01:38 34816 ----a-w- c:\windows\system32\imgutil.dll
    2009-03-07 23:01:18 48128 ----a-w- c:\windows\system32\mshtmler.dll
    2009-03-07 23:01:02 45568 ----a-w- c:\windows\system32\mshta.exe
    2009-03-07 23:01:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2009-03-07 23:00:56 66560 ----a-w- c:\windows\system32\tdc.ocx
    2009-03-07 22:52:38 156160 ----a-w- c:\windows\system32\msls31.dll
    2009-03-06 14:44:35 283648 ----a-w- c:\windows\system32\pdh.dll
    2009-02-09 10:20:34 399360 ----a-w- c:\windows\system32\rpcss.dll
    2009-02-09 10:20:33 714752 ----a-w- c:\windows\system32\ntdll.dll
    2009-02-09 10:20:33 616960 ----a-w- c:\windows\system32\advapi32.dll
    2009-02-09 10:20:33 473088 ----a-w- c:\windows\system32\wbem\fastprox.dll
    2009-02-09 10:20:32 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
    2009-02-06 17:14:03 110592 ----a-w- c:\windows\system32\services.exe
    2009-02-06 16:54:36 35328 ----a-w- c:\windows\system32\sc.exe
    2009-02-06 16:39:29 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
    2008-10-23 13:01:36 283648 ----a-w- c:\windows\system32\gdi32.dll
    2008-08-14 09:51:43 138368 ----a-w- c:\windows\system32\drivers\afd.sys
    2008-07-07 20:32:22 253952 ----a-w- c:\windows\system32\es.dll
    .
    ============= FINISH: 23:39:50.98 ===============







    PS: I have as well attached the log files in case if you need them.
     

    Attached Files:

  7. mambass

    mambass Malware Specialist

    Joined:
    Apr 11, 2008
    Messages:
    141
    Hi FlourishDNA, :)

    Per the instructions here, please upload as an attachment the Attach.txt log that was also produced by DDS. It should be in the same directory as DDS, which should be on your Desktop per the instructions provided.

    Is there a reason that your system clock has today's date set as January 6, 2000? If not, please set it to the correct date.

    mambass
     
  8. FlourishDNA

    FlourishDNA Thread Starter

    Joined:
    May 27, 2012
    Messages:
    14
    Hi mambass,

    The date is wrong because the virus wont allow me to adjust the time. When I click "Adjust Date/Time" a small window flick for second and closes it automatically. I have attached the file you requested.

    Thanks
     

    Attached Files:

  9. mambass

    mambass Malware Specialist

    Joined:
    Apr 11, 2008
    Messages:
    141
    Hi FlourishDNA, :)

    • MGADiag
      1. Click here to download MGADiag.exe from Microsoft and save it to your Desktop.
      2. Double-click on MGADiag.exe to run it.
      3. Click Continue. The program will run. It takes a while to finish the diagnosis, please be patient.
      4. Click the Copy button once the scan is done.
      5. Open Notepad and paste the contents in its window.
      6. Save this file and post it in your next reply.

    • CKScanner
      1. Click here to download CKScanner © askey127 and save to your Desktop.
      2. Double-click on CKScanner.exe and then click Search For Files.
        Note: It's important that you run this program only one time.
      3. Click Save List To File after a very short time when the cursor hourglass disappears.
      4. Click OK when prompted.
      5. Post the contents of file ckfiles.txt on your Desktop in your reply.

    • WVCheck
      1. Click here to download WVCheck.exe and save it to your Desktop.
      2. Double-click WVCheck.exe to run the program.
      3. Read the comments on the screen and then press Enter.
        The scan can take a while, depending on the size of your hard drive.
      4. Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
      5. Please copy and paste the contents of the Notepad scan report in your next reply.

    • Run a Scan with OTL
      1. Click here to download OTL.exe by Old Timer and save it to your Desktop.
      2. Double-click the OTL icon on your Desktop to run the program.
      3. Check the boxes labeled :
        • Scan All Users
        • LOP check
        • Purity check
        • Extra Registry > Use SafeList
      4. Make sure all other windows are closed so that it can run uninterrupted.
      5. Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan won't take long.
      6. When the scan completes, it will open two notepad windows. OTL.Txt will be displayed and Extras.Txt will be minimized. These are saved in the same location as OTL. (desktop)
      7. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

    • Download and run Panda USB Vaccine
      Notes:
      • This step will download a program that can vaccinate a USB drive by creating a protected autorun.inf file in the drive's root directory. Once that file has been created, the only way to remove the file will be to reformat the USB drive. Whereas that may be fine for drives that you own, you might want to get permission before vaccinating someone else's USB drive. ;)
      • To avoid vaccinating a USB drive that has not been vaccinated, do not click the Vaccinate USB button in the Panda window but rather just click the Close button.
      • To protect your system from a potentially infected USB drive, holding down the shift key while inserting the drive will keep any existing autorun.inf on the drive from executing.
      1. While holding down the Ctrl key, click here to display the Panda USB Vaccine download page in another tab.
      2. Click the Download Now (CNET Secure Download) button to download USBVaccineSetup.exe and save it to your Desktop.
      3. Right-click on the USBVaccineSetup.exe icon and select Run as Administrator to begin the installation.
      4. Accept the EULA and all of the defaults. Panda USB Vaccine should run at the end of the installation.
      5. For each USB drive you would like to vaccinate:
        • While holding down the Shift key, insert the USB drive.
        • Panda will recognize that a USB drive has been inserted and will display a USB Key Vaccination window.
        • Click the Vaccinate USB button.
        • Once the "This USB Key is now vaccinated" status is displayed, click the Close button.
      6. You can delete USBVaccineSetup.exe on your Desktop.

    • aswMBR
      1. Click here to download aswMBR.exe and save it to your Desktop.
      2. Double-click the aswMBR.exe icon to run it.
      3. Click Yes if prompted to download Avast! virus definitions. This may take a while so please be patient.
      4. Set the AVscan to Quick Scan and then click the Scan button. The scan may take a while so please be patient.
      5. After the "Scan finished successfully" message is displayed, click Save log & save the log to your desktop.
      6. Click OK. Two files will be created, aswMBR.txt & a file named MBR.dat
      7. Save MBR.dat to a USB flash drive. This is a backup of your MBR (Master Boot record). Do not delete this file.
      8. NOTE: Do not click to fix anything at this stage!
      9. Click EXIT.
      10. Copy & Paste the contents of aswMBR.txt into your next reply.


    Please include in your reply (use separate posts if more convenient):
    1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
    2. The contents of the MGADiag log.
    3. The contents of the CKScanner log.
    4. The contents of the WVCheck log.
    5. The contents of the OTL.txt and Extras.txt logs.
    6. The contents of the aswMBR.txt log.


    mambass
     
  10. FlourishDNA

    FlourishDNA Thread Starter

    Joined:
    May 27, 2012
    Messages:
    14
    Here you go...


    ::::::::::::::::::::::::::::::::::::::::::::::::::: MGADiag :::::::::::::::::::::::::::::::::::::::::::::::::::

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-6VRQQ-7XR6D-8J268
    Windows Product Key Hash: eYIq81QoQ+KvuTvzJ7GjYxzQsqw=
    Windows Product ID: 76487-095-0205716-22598
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 5.1.2600.2.00010100.2.0.tab
    ID: {CCBE4E28-835A-4F4B-A94A-3A18BAA245A3}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.5.723.1
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2ee7_E2AD56EA-148-80004005_16E0B333-89-80004005_78155E4D-232-80004005
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2ee7_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{CCBE4E28-835A-4F4B-A94A-3A18BAA245A3}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.2.0.tab</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-8J268</PKey><PID>76487-095-0205716-22598</PID><PIDType>5</PIDType><SID>S-1-5-21-4070297603-538264583-3767469655</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>PORTEGE M200</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>Version 1.10</Version><SMBIOSVersion major="2" minor="3"/><Date>20031031000000.000000+000</Date></BIOS><HWID>81990300018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>India Standard Time(GMT+05:30)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>2724689EE81F586</Val><Hash>UKU6I8j9l2ahEw78dZ20zsY5tHQ=</Hash><Pid>89388-707-0000034-65693</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 7AF7:Semp Toshiba Informatica Ltda|7AF7:TOSHIBA CORPORATION
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A


    ::::::::::::::::::::::::::::::::::::::::::::::::::: CKScanner :::::::::::::::::::::::::::::::::::::::::::::::::::

    CKScanner - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.MN.11.JPAPTE
    ----- EOF -----


    ::::::::::::::::::::::::::::::::::::::::::::::::::: WVCheck :::::::::::::::::::::::::::::::::::::::::::::::::::
    Windows Validation Check
    Version: 1.9.12.5
    Log Created On: 1229_08-01-2000
    -----------------------

    Windows Information
    -----------------------
    Windows Version: Windows XP Service Pack 2
    Windows Mode: Normal
    Systemroot Path: C:\WINDOWS

    WVCheck's Auto Update Check
    -----------------------
    Auto-Update Option: Download updates and install them automatically.
    -----------------------
    Last Success Time for Update Detection: 2010-10-13 14:40:29
    Last Success Time for Update Download: 2010-05-23 06:47:15
    Last Success Time for Update Installation: 2000-12-18 02:31:05


    WVCheck's Registry Check Check
    -----------------------
    Antiwpa: Not Found
    -----------------------
    Chew7Hale: Not Found
    -----------------------


    WVCheck's File Dump
    -----------------------
    WVCheck found no known bad files.


    WVCheck's Dir Dump
    -----------------------
    WVCheck found no known bad directories.


    WVCheck's Missing File Check
    -----------------------
    WVCheck found no missing Windows files.


    WVCheck's HOSTS File Check
    -----------------------
    WVCheck found no bad lines in the hosts file.


    WVCheck's MD5 Check
    EXPERIMENTAL!!
    -----------------------
    user32.dll - b409909f6e2e8a7067076ed748abf1e7


    -------- End of File, program close at 1232_08-01-2000 --------
     
  11. FlourishDNA

    FlourishDNA Thread Starter

    Joined:
    May 27, 2012
    Messages:
    14
    Hi,

    I was not able to copy and paste the OTL log so I am attaching in this reply.

    Thanks
     

    Attached Files:

  12. FlourishDNA

    FlourishDNA Thread Starter

    Joined:
    May 27, 2012
    Messages:
    14
    ::::::::::::::::::::::::::::::::::::::::::::::::::: aswMBR :::::::::::::::::::::::::::::::::::::::::::::::::::



    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2000-01-08 15:19:32
    -----------------------------
    15:19:32.944 OS Version: Windows 5.1.2600 Service Pack 2
    15:19:32.954 Number of processors: 1 586 0x905
    15:19:32.954 ComputerName: AMARESHR2 UserName:
    15:19:35.127 Initialize success
    15:33:38.760 AVAST engine defs: 12053101
    15:38:44.150 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    15:38:44.150 Disk 0 Vendor: HTS726060M9AT00 MH4OA68A Size: 57231MB BusType: 3
    15:38:44.160 Disk 0 MBR read successfully
    15:38:44.160 Disk 0 MBR scan
    15:38:44.240 Disk 0 Windows XP default MBR code
    15:38:44.240 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57223 MB offset 63
    15:38:44.260 Disk 0 scanning sectors +117194175
    15:38:44.380 Disk 0 scanning C:\WINDOWS\system32\drivers
    15:39:11.068 Service scanning
    15:39:29.555 Service Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe **INFECTED** Win32:Sality
    15:39:45.348 Service Tmesrv C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe **INFECTED** Win32:Sality
    15:39:49.554 Service WmcCdsLs C:\Program Files\Windows Media Connect\mswmcls.exe **INFECTED** Win32:Sality
    15:39:52.428 Modules scanning
    15:40:09.512 Disk 0 trace - called modules:
    15:40:09.542 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    15:40:09.542 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3aa030]
    15:40:09.542 3 CLASSPNP.SYS[f76b805b] -> nt!IofCallDriver -> \Device\000000a5[0x8a33e9e8]
    15:40:09.542 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a33ed98]
    15:40:11.535 AVAST engine scan C:\WINDOWS
    15:40:13.738 File: C:\WINDOWS\agrsmdel.exe **INFECTED** Win32:Sality
    15:40:16.733 File: C:\WINDOWS\InstDrvr.exe **INFECTED** Win32:Sality
    15:40:17.033 File: C:\WINDOWS\IsUn0411.exe **INFECTED** Win32:Sality
    15:40:17.283 File: C:\WINDOWS\IsUninst.exe **INFECTED** Win32:Sality
    15:40:24.854 File: C:\WINDOWS\MXOALDR.EXE **INFECTED** Win32:Sality
    15:40:26.787 File: C:\WINDOWS\songs.exe **INFECTED** Win32:Malware-gen
    15:40:27.007 File: C:\WINDOWS\svae_unst.exe **INFECTED** Win32:Sality
    15:40:27.298 File: C:\WINDOWS\SYSTEMIL.EXE **INFECTED** Win32:VB-HJN [Wrm]
    15:40:32.055 AVAST engine scan C:\WINDOWS\system32
    15:42:34.491 File: C:\WINDOWS\system32\LVCOMSX.EXE **INFECTED** Win32:Sality
    15:45:10.796 File: C:\WINDOWS\system32\SVCHOST32.EXE **INFECTED** Win32:Sality
    15:45:57.292 File: C:\WINDOWS\system32\WindowsXP-KB824133-x86-ENU.exe **INFECTED** Win32:Sality
    15:46:33.545 File: C:\WINDOWS\system32\XP-1718E4C3.EXE **INFECTED** Win32:AutoRun-BHJ [Wrm]
    15:51:34.227 AVAST engine scan C:\WINDOWS\system32\drivers
    15:52:08.737 AVAST engine scan C:\Documents and Settings\Administrator
    15:52:21.084 File: C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe **INFECTED** Win32:Sality
    15:52:46.361 File: C:\Documents and Settings\Administrator\Desktop\My Files\Images\Games.exe **INFECTED** Win32:VB-HJN [Wrm]
    15:52:48.744 File: C:\Documents and Settings\Administrator\Desktop\My Files\Images\Photos.exe **INFECTED** Win32:VB-HJN [Wrm]
    15:52:50.807 File: C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Audio.exe **INFECTED** Win32:AutoRun-BHJ [Wrm]
    15:52:51.849 File: C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Ebook\Images.exe **INFECTED** Win32:AutoRun-BHJ [Wrm]
    15:52:52.029 File: C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Games.exe **INFECTED** Win32:VB-HJN [Wrm]
    15:52:54.132 File: C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\My Videos.exe **INFECTED** Win32:AutoRun-BHJ [Wrm]
    15:52:56.776 File: C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Photos.exe **INFECTED** Win32:VB-HJN [Wrm]
    15:52:56.956 File: C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Pictures.exe **INFECTED** Win32:VB-HJN [Wrm]
    15:52:58.087 File: C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Received.exe **INFECTED** Win32:AutoRun-BHJ [Wrm]
    15:52:58.218 File: C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\songs.exe **INFECTED** Win32:Malware-gen
    15:54:08.519 File: C:\Documents and Settings\Administrator\Desktop\OTL.exe **INFECTED** Win32:Sality
    15:54:12.114 File: C:\Documents and Settings\Administrator\Desktop\WVCheck.exe **INFECTED** Win32:Sality
    15:54:25.513 File: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\G1JKAC6D.W7R\0B0KTNLQ.0AW\clic...exe_9a8dfcd080ccb114_0001.0002_none_19406a39b53cc9ad\GoogleUpdateSetup.exe **INFECTED** Win32:Sality
    15:54:26.194 File: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\G1JKAC6D.W7R\0B0KTNLQ.0AW\goog...app_9a8dfcd080ccb114_0001.0002_7140c0fbcca31fb8\GoogleUpdateSetup.exe **INFECTED** Win32:Sality
    15:54:28.868 File: C:\Documents and Settings\Administrator\Local Settings\Temp\set1CE.tmp **INFECTED** Win32:Sality
    15:55:19.791 AVAST engine scan C:\Documents and Settings\All Users
    15:55:22.675 File: C:\Documents and Settings\All Users\Application Data\DatacardService\Temp\Tata Photon+\Setup.exe **INFECTED** Win32:Sality
    15:55:30.967 File: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CertRequest.exe **INFECTED** Win32:Sality
    15:55:32.149 File: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CSCredH.exe **INFECTED** Win32:Sality
    15:55:33.251 File: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CSIPSec.exe **INFECTED** Win32:Sality
    15:55:33.561 File: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CSPunchIt.exe **INFECTED** Win32:Sality
    15:55:33.902 File: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CSQFINST.EXE **INFECTED** Win32:Sality
    15:57:22.598 File: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SYSTEMIL2.EXE **INFECTED** Win32:VB-HJN [Wrm]
    15:57:24.010 Scan finished successfully
    15:58:11.678 Disk 0 MBR has been saved successfully to "D:\Logs\MBR.dat"
    15:58:11.698 The log file has been saved successfully to "D:\Logs\aswMBR.txt"
     
  13. mambass

    mambass Malware Specialist

    Joined:
    Apr 11, 2008
    Messages:
    141
    Hi FlourishDNA, :)

    • TDSSKiller
      1. Click here to download TDSSKiller and save it to your Desktop.
      2. Double click the TDSSKiller.exe icon on your Desktop to launch it.
      3. Click on Start Scan, to start the scan.
      4. When the scan has finished, if it finds anything where "Cure" is an option, please click on the drop down arrow next to Cure and select Skip
      5. Now click on Report to open the log file created by TDSSKiller in your root directory C:\
      6. To find the log go to Start > Computer > C:
      7. Post the contents of that log in your next reply please.
      8. DO NOT TRY TO FIX (CURE) ANYTHING AT THIS POINT

    • ESET online scannner
      1. Please disable any Antivirus you have active, as shown in This Topic.
      2. Hold down Ctrl then click on the following link to open a new window to ESET online scannner
        • If Internet Explorer is being used then check Yes, I accept the Terms of Use and then click the Start button.
          Allow the ESET Scanner Active-X component to be installed if asked and click the Retry button if prompted to restart the download.

        • If a browser other than Internet Explorer is being used then click the esetsmartinstaller_enu.exe link and save the installer to your Desktop.
          Double-click on the installer to run it.
          Check Yes, I accept the Terms of Use and click the Start button.
      3. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
      4. Now click on Advanced Settings and select the following:
        • Scan for potentially unwanted applications
        • Scan for potentially unsafe applications
        • Enable Anti-Stealth Technology
      5. Now click on Start.
      6. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
      7. When completed the Online Scan will begin automatically.
      8. Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
      9. When completed do not select Uninstall application on close.
      10. Click on Finish.
      11. Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
      12. Copy and paste that log as a reply to this topic.
      13. Re-enable your Antivirus software.


    Please include in your reply:
    1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
    2. The contents of the TDSSKiller log.
    3. The contents of the ESET log.


    mambass
     
  14. FlourishDNA

    FlourishDNA Thread Starter

    Joined:
    May 27, 2012
    Messages:
    14
    Hi Mambass,

    Here you go....

    ::::::::::::::::::::::::::::::::::: General Errors :::::::::::::::::::::::::::::::::::

    I downloaded all the softwares on my another pc and copied it via USB and then placed them on the desktop of infected laptop after that I removed the USB and inserted my docomo 3G dongule. Whne I tried to connect it to net I got the following error.

    Microsoft Visual C++ Runtime Library
    Runtime Error!
    Program : C:\Program Files\TATA DOCOMO 3G\TATA DOCOMO 3G.exe
    R6002
    -floating point support not loaded.

    If I click OK the 3G diler would automatically close so I didnt click ok then ran EST Online Scanner

    I was getting below error frequently with option Cancel, Try Again and Continue. I didnt do anything till ESET Online Scanner completed its job.


    Windows - No Disk
    Exception Processing Message c0000013 Parameters 75b6bf7v 4 75b6bf7c 75b6bf7c




    ::::::::::::::::::::::::::::::::::: TDSSKiller log :::::::::::::::::::::::::::::::::::
    00:45:54.0061 2888 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
    00:45:54.0122 2888 ============================================================
    00:45:54.0122 2888 Current date / time: 2000/01/09 00:45:54.0122
    00:45:54.0122 2888 SystemInfo:
    00:45:54.0122 2888
    00:45:54.0122 2888 OS Version: 5.1.2600 ServicePack: 2.0
    00:45:54.0122 2888 Product type: Workstation
    00:45:54.0122 2888 ComputerName: AMARESHR2
    00:45:54.0122 2888 UserName: Administrator
    00:45:54.0122 2888 Windows directory: C:\WINDOWS
    00:45:54.0122 2888 System windows directory: C:\WINDOWS
    00:45:54.0122 2888 Processor architecture: Intel x86
    00:45:54.0122 2888 Number of processors: 1
    00:45:54.0122 2888 Page size: 0x1000
    00:45:54.0122 2888 Boot type: Normal boot
    00:45:54.0122 2888 ============================================================
    00:45:56.0755 2888 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    00:45:56.0755 2888 Drive \Device\Harddisk1\DR10 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    00:45:56.0765 2888 ============================================================
    00:45:56.0765 2888 \Device\Harddisk0\DR0:
    00:45:56.0765 2888 MBR partitions:
    00:45:56.0765 2888 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
    00:45:56.0765 2888 \Device\Harddisk1\DR10:
    00:45:56.0765 2888 MBR partitions:
    00:45:56.0765 2888 \Device\Harddisk1\DR10\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
    00:45:56.0765 2888 ============================================================
    00:45:56.0805 2888 C: <-> \Device\Harddisk0\DR0\Partition0
    00:45:56.0805 2888 ============================================================
    00:45:56.0805 2888 Initialize success
    00:45:56.0805 2888 ============================================================
    00:46:03.0115 3996 ============================================================
    00:46:03.0115 3996 Scan started
    00:46:03.0115 3996 Mode: Manual;
    00:46:03.0115 3996 ============================================================
    00:46:03.0846 3996 Abiosdsk - ok
    00:46:03.0896 3996 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    00:46:03.0916 3996 abp480n5 - ok
    00:46:04.0046 3996 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    00:46:04.0106 3996 ACPI - ok
    00:46:04.0166 3996 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    00:46:04.0166 3996 ACPIEC - ok
    00:46:04.0286 3996 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    00:46:04.0306 3996 adpu160m - ok
    00:46:04.0456 3996 AdtAgent (90036cead6d1eaf1dec01962cfcb3d16) C:\WINDOWS\system32\AdtAgent.exe
    00:46:04.0547 3996 AdtAgent - ok
    00:46:04.0667 3996 aeaudio (75bee80a25fc7f690dcd57570dc159c1) C:\WINDOWS\system32\drivers\aeaudio.sys
    00:46:04.0697 3996 aeaudio - ok
    00:46:04.0817 3996 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
    00:46:04.0867 3996 aec - ok
    00:46:04.0997 3996 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
    00:46:05.0047 3996 AFD - ok
    00:46:05.0758 3996 AgereSoftModem (052343cd49c8da20c48958cfe73c7d44) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    00:46:06.0209 3996 AgereSoftModem - ok
    00:46:06.0279 3996 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
    00:46:06.0299 3996 agp440 - ok
    00:46:06.0359 3996 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    00:46:06.0359 3996 agpCPQ - ok
    00:46:06.0409 3996 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    00:46:06.0409 3996 Aha154x - ok
    00:46:06.0469 3996 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    00:46:06.0479 3996 aic78u2 - ok
    00:46:06.0539 3996 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    00:46:06.0559 3996 aic78xx - ok
    00:46:06.0630 3996 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
    00:46:06.0630 3996 Alerter - ok
    00:46:06.0690 3996 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
    00:46:06.0700 3996 ALG - ok
    00:46:06.0760 3996 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    00:46:06.0760 3996 AliIde - ok
    00:46:06.0810 3996 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    00:46:06.0830 3996 alim1541 - ok
    00:46:06.0880 3996 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    00:46:06.0890 3996 amdagp - ok
    00:46:06.0930 3996 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    00:46:06.0930 3996 amsint - ok
    00:46:06.0960 3996 amsint32 - ok
    00:46:07.0070 3996 ApfiltrService (25b063d45e57f06b175f29140c700a14) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    00:46:07.0100 3996 ApfiltrService - ok
    00:46:07.0210 3996 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
    00:46:07.0270 3996 AppMgmt - ok
    00:46:07.0311 3996 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    00:46:07.0311 3996 asc - ok
    00:46:07.0361 3996 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    00:46:07.0361 3996 asc3350p - ok
    00:46:07.0411 3996 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    00:46:07.0421 3996 asc3550 - ok
    00:46:07.0601 3996 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    00:46:07.0651 3996 aspnet_state - ok
    00:46:07.0701 3996 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    00:46:07.0711 3996 AsyncMac - ok
    00:46:07.0791 3996 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    00:46:07.0791 3996 atapi - ok
    00:46:07.0811 3996 Atdisk - ok
    00:46:07.0901 3996 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    00:46:07.0921 3996 Atmarpc - ok
    00:46:08.0002 3996 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
    00:46:08.0012 3996 AudioSrv - ok
    00:46:08.0032 3996 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    00:46:08.0032 3996 audstub - ok
    00:46:08.0092 3996 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    00:46:08.0092 3996 Beep - ok
    00:46:08.0362 3996 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
    00:46:08.0502 3996 BITS - ok
    00:46:08.0572 3996 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
    00:46:08.0602 3996 Browser - ok
    00:46:08.0662 3996 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    00:46:08.0673 3996 BthEnum - ok
    00:46:08.0763 3996 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
    00:46:08.0803 3996 BthPan - ok
    00:46:08.0993 3996 BTHPORT (95ef6f3f386d93ee1e4d9ca45a50252a) C:\WINDOWS\system32\Drivers\BTHport.sys
    00:46:09.0093 3996 BTHPORT - ok
    00:46:09.0143 3996 BthServ (a18cc8c9b3890b1b68bed213716fef6b) C:\WINDOWS\System32\bthserv.dll
    00:46:09.0153 3996 BthServ - ok
    00:46:09.0223 3996 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
    00:46:09.0233 3996 BTHUSB - ok
    00:46:09.0444 3996 CamDrL (cba8bce5bf67a3c619d5ce540bed9cf7) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
    00:46:09.0554 3996 CamDrL - ok
    00:46:09.0614 3996 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    00:46:09.0624 3996 cbidf - ok
    00:46:09.0644 3996 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    00:46:09.0644 3996 cbidf2k - ok
    00:46:09.0714 3996 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    00:46:09.0724 3996 CCDECODE - ok
    00:46:10.0095 3996 CcmExec (258ca873ea70292af5968b4a1676b550) C:\WINDOWS\system32\CCM\CcmExec.exe
    00:46:10.0285 3996 CcmExec - ok
    00:46:10.0335 3996 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    00:46:10.0335 3996 cd20xrnt - ok
    00:46:10.0385 3996 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    00:46:10.0395 3996 Cdaudio - ok
    00:46:10.0485 3996 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    00:46:10.0485 3996 Cdfs - ok
    00:46:10.0555 3996 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    00:46:10.0575 3996 Cdrom - ok
    00:46:10.0695 3996 CFSvcs (527235c8109bf5d4dbda7d1948648c46) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    00:46:10.0695 3996 CFSvcs - ok
    00:46:10.0705 3996 Changer - ok
    00:46:10.0735 3996 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
    00:46:10.0735 3996 CiSvc - ok
    00:46:10.0796 3996 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
    00:46:10.0806 3996 ClipSrv - ok
    00:46:10.0996 3996 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    00:46:11.0096 3996 clr_optimization_v2.0.50727_32 - ok
    00:46:11.0156 3996 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    00:46:11.0156 3996 CmBatt - ok
    00:46:11.0276 3996 cmbp0wdm (25108c31b043b5fb985487b08e288f68) C:\WINDOWS\system32\DRIVERS\cmbp0wdm.sys
    00:46:11.0286 3996 cmbp0wdm - ok
    00:46:11.0386 3996 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    00:46:11.0386 3996 CmdIde - ok
    00:46:11.0436 3996 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    00:46:11.0436 3996 Compbatt - ok
    00:46:11.0477 3996 COMSysApp - ok
    00:46:11.0567 3996 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    00:46:11.0567 3996 Cpqarray - ok
    00:46:11.0637 3996 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
    00:46:11.0657 3996 CryptSvc - ok
    00:46:11.0807 3996 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    00:46:11.0857 3996 dac2w2k - ok
    00:46:11.0907 3996 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    00:46:11.0907 3996 dac960nt - ok
    00:46:12.0158 3996 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
    00:46:12.0298 3996 DcomLaunch - ok
    00:46:12.0408 3996 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
    00:46:12.0448 3996 Dhcp - ok
    00:46:12.0498 3996 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    00:46:12.0508 3996 Disk - ok
    00:46:12.0548 3996 dmadmin - ok
    00:46:12.0959 3996 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    00:46:13.0259 3996 dmboot - ok
    00:46:13.0379 3996 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
    00:46:13.0419 3996 dmio - ok
    00:46:13.0459 3996 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    00:46:13.0459 3996 dmload - ok
    00:46:13.0519 3996 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
    00:46:13.0519 3996 dmserver - ok
    00:46:13.0590 3996 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    00:46:13.0610 3996 DMusic - ok
    00:46:13.0670 3996 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
    00:46:13.0680 3996 Dnscache - ok
    00:46:13.0730 3996 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    00:46:13.0740 3996 dpti2o - ok
    00:46:13.0780 3996 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    00:46:13.0780 3996 drmkaud - ok
    00:46:13.0900 3996 DVD-RAM_Service (77c4901986fc7a83e853b300e80d234b) C:\WINDOWS\system32\DVDRAMSV.exe
    00:46:13.0930 3996 DVD-RAM_Service - ok
    00:46:14.0070 3996 E100B (fae8b6b311f898df3d19bc638e980ca5) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    00:46:14.0120 3996 E100B - ok
    00:46:14.0190 3996 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
    00:46:14.0200 3996 ERSvc - ok
    00:46:14.0301 3996 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
    00:46:14.0361 3996 Eventlog - ok
    00:46:14.0531 3996 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll
    00:46:14.0621 3996 EventSystem - ok
    00:46:14.0741 3996 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    00:46:14.0781 3996 Fastfat - ok
    00:46:14.0891 3996 FastUserSwitchingCompatibility (53d9184a21c5cbf600d918e51ef3a7e5) C:\WINDOWS\System32\shsvcs.dll
    00:46:14.0942 3996 FastUserSwitchingCompatibility - ok
    00:46:15.0002 3996 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
    00:46:15.0012 3996 Fdc - ok
    00:46:15.0082 3996 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    00:46:15.0092 3996 Fips - ok
    00:46:15.0132 3996 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
    00:46:15.0152 3996 Flpydisk - ok
    00:46:15.0312 3996 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    00:46:15.0362 3996 FltMgr - ok
    00:46:15.0512 3996 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    00:46:15.0522 3996 FontCache3.0.0.0 - ok
    00:46:15.0693 3996 FreeAgentGoNext Service (9513b437b7adb1e6065b7f0d83d11ecf) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    00:46:15.0763 3996 FreeAgentGoNext Service - ok
    00:46:15.0793 3996 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    00:46:15.0803 3996 Fs_Rec - ok
    00:46:15.0903 3996 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    00:46:15.0923 3996 Ftdisk - ok
    00:46:15.0973 3996 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    00:46:16.0013 3996 Gpc - ok
    00:46:16.0113 3996 GPCCARD (d915e74e520aae46a71fd27cc519ac66) C:\WINDOWS\system32\DRIVERS\GPCCARD.sys
    00:46:16.0143 3996 GPCCARD - ok
    00:46:16.0213 3996 GPR400 (2c72e7b69a0f46d58371cd2148825d98) C:\WINDOWS\system32\DRIVERS\gpr400.sys
    00:46:16.0223 3996 GPR400 - ok
    00:46:16.0354 3996 HealthService (ec0b1ce26284dc42965c73cba3bfd8a1) C:\Program Files\System Center Operations Manager 2007\HealthService.exe
    00:46:16.0364 3996 HealthService - ok
    00:46:16.0474 3996 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    00:46:16.0494 3996 helpsvc - ok
    00:46:16.0544 3996 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
    00:46:16.0564 3996 HidServ - ok
    00:46:16.0624 3996 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    00:46:16.0624 3996 HidUsb - ok
    00:46:16.0694 3996 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    00:46:16.0704 3996 hpn - ok
    00:46:16.0884 3996 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
    00:46:16.0974 3996 HTTP - ok
    00:46:17.0045 3996 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
    00:46:17.0055 3996 HTTPFilter - ok
    00:46:17.0105 3996 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
    00:46:17.0115 3996 i2omgmt - ok
    00:46:17.0145 3996 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    00:46:17.0155 3996 i2omp - ok
    00:46:17.0235 3996 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    00:46:17.0245 3996 i8042prt - ok
    00:46:17.0856 3996 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    00:46:18.0196 3996 idsvc - ok
    00:46:18.0266 3996 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    00:46:18.0286 3996 Imapi - ok
    00:46:18.0427 3996 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
    00:46:18.0477 3996 ImapiService - ok
    00:46:18.0547 3996 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    00:46:18.0547 3996 ini910u - ok
    00:46:18.0697 3996 InoRPC (8e4c21cf8636bcbe9076ccd47730e0d1) C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    00:46:18.0727 3996 InoRPC - ok
    00:46:18.0867 3996 InoRT (b291c8f51a8f1026b9a0c5caa834051b) C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    00:46:18.0937 3996 InoRT - ok
    00:46:19.0097 3996 InoTask (ef833db3d72287c9227fc77d62acf01b) C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    00:46:19.0188 3996 InoTask - ok
    00:46:19.0228 3996 INO_FLPY (a65cbc3158ec8b4652e38a6f302cab2f) C:\WINDOWS\system32\Drivers\ino_flpy.sys
    00:46:19.0258 3996 INO_FLPY - ok
    00:46:19.0378 3996 INO_FLTR (01f9562c64f5cccff0e3e974ae2417ed) C:\WINDOWS\system32\Drivers\ino_fltr.sys
    00:46:19.0468 3996 INO_FLTR - ok
    00:46:19.0488 3996 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
    00:46:19.0498 3996 IntelIde - ok
    00:46:19.0558 3996 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    00:46:19.0568 3996 intelppm - ok
    00:46:19.0648 3996 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    00:46:19.0658 3996 Ip6Fw - ok
    00:46:19.0728 3996 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    00:46:19.0738 3996 IpFilterDriver - ok
    00:46:19.0788 3996 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    00:46:19.0798 3996 IpInIp - ok
    00:46:19.0909 3996 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    00:46:19.0969 3996 IpNat - ok
    00:46:20.0049 3996 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    00:46:20.0079 3996 IPSec - ok
    00:46:20.0169 3996 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
    00:46:20.0199 3996 irda - ok
    00:46:20.0269 3996 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    00:46:20.0269 3996 IRENUM - ok
    00:46:20.0319 3996 Irmon (a02512c315c84f475bd89f847048b27b) C:\WINDOWS\System32\irmon.dll
    00:46:20.0329 3996 Irmon - ok
    00:46:20.0409 3996 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    00:46:20.0419 3996 isapnp - ok
    00:46:20.0479 3996 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    00:46:20.0489 3996 Kbdclass - ok
    00:46:20.0530 3996 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    00:46:20.0540 3996 kbdhid - ok
    00:46:20.0700 3996 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
    00:46:20.0700 3996 kmixer - ok
    00:46:20.0770 3996 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
    00:46:20.0800 3996 KSecDD - ok
    00:46:20.0890 3996 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
    00:46:20.0920 3996 lanmanserver - ok
    00:46:21.0070 3996 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
    00:46:21.0110 3996 lanmanworkstation - ok
    00:46:21.0120 3996 lbrtfdc - ok
    00:46:21.0191 3996 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
    00:46:21.0201 3996 LmHosts - ok
    00:46:21.0251 3996 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\WINDOWS\system32\drivers\lvusbsta.sys
    00:46:21.0251 3996 LVUSBSta - ok
    00:46:21.0401 3996 massfilter (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys
    00:46:21.0401 3996 massfilter - ok
    00:46:21.0511 3996 meiudf (8f821dbe06ea5e1f1448a13f7faf649b) C:\WINDOWS\system32\Drivers\meiudf.sys
    00:46:21.0531 3996 meiudf - ok
    00:46:21.0581 3996 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
    00:46:21.0591 3996 Messenger - ok
    00:46:21.0801 3996 Microsoft Office Groove Audit Service (0209b71c7cc8cdd82925dc39e0121e77) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    00:46:21.0801 3996 Microsoft Office Groove Audit Service - ok
    00:46:21.0851 3996 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    00:46:21.0851 3996 mnmdd - ok
    00:46:21.0932 3996 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
    00:46:21.0942 3996 mnmsrvc - ok
    00:46:22.0002 3996 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    00:46:22.0002 3996 Modem - ok
    00:46:22.0092 3996 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    00:46:22.0092 3996 Mouclass - ok
    00:46:22.0142 3996 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    00:46:22.0142 3996 mouhid - ok
    00:46:22.0202 3996 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    00:46:22.0212 3996 MountMgr - ok
    00:46:22.0272 3996 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    00:46:22.0282 3996 mraid35x - ok
    00:46:22.0392 3996 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    00:46:22.0442 3996 MRxDAV - ok
    00:46:22.0693 3996 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    00:46:22.0843 3996 MRxSmb - ok
    00:46:22.0873 3996 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
    00:46:22.0873 3996 MSDTC - ok
    00:46:22.0933 3996 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    00:46:22.0943 3996 Msfs - ok
    00:46:23.0013 3996 MSIRCOMM (ee55f5c64417cc369866d7eafe9b07ab) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
    00:46:23.0013 3996 MSIRCOMM - ok
    00:46:23.0023 3996 MSIServer - ok
    00:46:23.0103 3996 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    00:46:23.0113 3996 MSKSSRV - ok
    00:46:23.0153 3996 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    00:46:23.0163 3996 MSPCLOCK - ok
    00:46:23.0203 3996 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    00:46:23.0213 3996 MSPQM - ok
    00:46:23.0294 3996 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    00:46:23.0294 3996 mssmbios - ok
    00:46:23.0374 3996 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
    00:46:23.0384 3996 MSTEE - ok
    00:46:23.0454 3996 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    00:46:23.0474 3996 Mup - ok
    00:46:23.0554 3996 MXOFX (ca68234d644aca94e7de0c90d2142f9d) C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
    00:46:23.0574 3996 MXOFX - ok
    00:46:23.0624 3996 MXOPSWD (e3dec7ca28a9870e24fff4e467af7328) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
    00:46:23.0634 3996 MXOPSWD - ok
    00:46:23.0744 3996 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    00:46:23.0774 3996 NABTSFEC - ok
    00:46:23.0884 3996 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    00:46:23.0934 3996 NDIS - ok
    00:46:23.0964 3996 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    00:46:23.0975 3996 NdisIP - ok
    00:46:24.0035 3996 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    00:46:24.0035 3996 NdisTapi - ok
    00:46:24.0085 3996 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    00:46:24.0095 3996 Ndisuio - ok
    00:46:24.0205 3996 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    00:46:24.0235 3996 NdisWan - ok
    00:46:24.0295 3996 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    00:46:24.0315 3996 NDProxy - ok
    00:46:24.0555 3996 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    00:46:24.0565 3996 NetBIOS - ok
    00:46:24.0676 3996 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    00:46:24.0726 3996 NetBT - ok
    00:46:24.0826 3996 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
    00:46:24.0866 3996 NetDDE - ok
    00:46:24.0886 3996 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
    00:46:24.0896 3996 NetDDEdsdm - ok
    00:46:24.0966 3996 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
    00:46:24.0966 3996 Netdevio - ok
    00:46:25.0006 3996 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    00:46:25.0016 3996 Netlogon - ok
    00:46:25.0146 3996 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
    00:46:25.0216 3996 Netman - ok
    00:46:25.0477 3996 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    00:46:25.0517 3996 NetTcpPortSharing - ok
    00:46:25.0677 3996 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
    00:46:25.0757 3996 Nla - ok
    00:46:25.0827 3996 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    00:46:25.0837 3996 Npfs - ok
    00:46:26.0168 3996 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
    00:46:26.0368 3996 Ntfs - ok
    00:46:26.0568 3996 NTIDrvr - ok
    00:46:26.0608 3996 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    00:46:26.0608 3996 NtLmSsp - ok
    00:46:26.0919 3996 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
    00:46:27.0089 3996 NtmsSvc - ok
    00:46:27.0169 3996 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    00:46:27.0169 3996 Null - ok
    00:46:27.0890 3996 nv (f409d1bf29c59c94c62940d6fc0287ed) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    00:46:28.0391 3996 nv - ok
    00:46:28.0491 3996 NVSvc (99cc8547111542f3607f05dff45328c0) C:\WINDOWS\system32\nvsvc32.exe
    00:46:28.0521 3996 NVSvc - ok
    00:46:28.0611 3996 NWCWorkstation (0cb5b94ea315b3caae5a3e03f6a4aa69) C:\WINDOWS\System32\nwwks.dll
    00:46:28.0631 3996 NWCWorkstation - ok
    00:46:28.0721 3996 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    00:46:28.0731 3996 NwlnkFlt - ok
    00:46:28.0781 3996 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    00:46:28.0801 3996 NwlnkFwd - ok
    00:46:28.0912 3996 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    00:46:28.0952 3996 NwlnkIpx - ok
    00:46:29.0022 3996 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    00:46:29.0042 3996 NwlnkNb - ok
    00:46:29.0102 3996 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    00:46:29.0122 3996 NwlnkSpx - ok
    00:46:29.0232 3996 NWRDR (3f18d9365be71c7b2e43b7cf4a0c1a10) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
    00:46:29.0282 3996 NWRDR - ok
    00:46:29.0683 3996 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    00:46:29.0693 3996 odserv - ok
    00:46:29.0773 3996 OMNCMBP (25108c31b043b5fb985487b08e288f68) C:\WINDOWS\system32\DRIVERS\cmbp0wdm.sys
    00:46:29.0773 3996 OMNCMBP - ok
    00:46:29.0913 3996 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    00:46:29.0913 3996 ose - ok
    00:46:30.0023 3996 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    00:46:30.0073 3996 Parport - ok
    00:46:30.0133 3996 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    00:46:30.0133 3996 PartMgr - ok
    00:46:30.0193 3996 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    00:46:30.0193 3996 ParVdm - ok
    00:46:30.0274 3996 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    00:46:30.0294 3996 PCI - ok
    00:46:30.0334 3996 PCIDump - ok
    00:46:30.0384 3996 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    00:46:30.0384 3996 PCIIde - ok
    00:46:30.0494 3996 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    00:46:30.0524 3996 Pcmcia - ok
    00:46:30.0544 3996 PDCOMP - ok
    00:46:30.0594 3996 PDFRAME - ok
    00:46:30.0634 3996 PDRELI - ok
    00:46:30.0654 3996 PDRFRAME - ok
    00:46:30.0714 3996 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    00:46:30.0734 3996 perc2 - ok
    00:46:30.0754 3996 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    00:46:30.0754 3996 perc2hib - ok
    00:46:30.0924 3996 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
    00:46:30.0924 3996 PlugPlay - ok
    00:46:30.0965 3996 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    00:46:30.0965 3996 PolicyAgent - ok
    00:46:31.0005 3996 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    00:46:31.0025 3996 PptpMiniport - ok
    00:46:31.0145 3996 prepdrvr (9b322103efe09f5f4a957af62b0387b1) C:\WINDOWS\system32\CCM\prepdrv.sys
    00:46:31.0155 3996 prepdrvr - ok
    00:46:31.0165 3996 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    00:46:31.0165 3996 ProtectedStorage - ok
    00:46:31.0205 3996 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    00:46:31.0235 3996 PSched - ok
    00:46:31.0265 3996 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    00:46:31.0275 3996 Ptilink - ok
    00:46:31.0315 3996 PxHelp20 (352cf968df88760fef225c3fbe7184a7) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
    00:46:31.0315 3996 PxHelp20 - ok
    00:46:31.0355 3996 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    00:46:31.0385 3996 ql1080 - ok
    00:46:31.0415 3996 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    00:46:31.0435 3996 Ql10wnt - ok
    00:46:31.0475 3996 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    00:46:31.0485 3996 ql12160 - ok
    00:46:31.0515 3996 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    00:46:31.0535 3996 ql1240 - ok
    00:46:31.0575 3996 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    00:46:31.0595 3996 ql1280 - ok
    00:46:31.0605 3996 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    00:46:31.0615 3996 RasAcd - ok
    00:46:31.0666 3996 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
    00:46:31.0706 3996 RasAuto - ok
    00:46:31.0746 3996 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    00:46:31.0756 3996 Rasirda - ok
    00:46:31.0786 3996 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    00:46:31.0806 3996 Rasl2tp - ok
    00:46:31.0916 3996 RasMan (d4bd2eeab07fef323f0a0ceecc954f51) C:\WINDOWS\System32\rasmans.dll
    00:46:31.0996 3996 RasMan - ok
    00:46:32.0056 3996 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    00:46:32.0076 3996 RasPppoe - ok
    00:46:32.0116 3996 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    00:46:32.0126 3996 Raspti - ok
    00:46:32.0296 3996 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    00:46:32.0347 3996 Rdbss - ok
    00:46:32.0407 3996 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    00:46:32.0407 3996 RDPCDD - ok
    00:46:32.0617 3996 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    00:46:32.0687 3996 rdpdr - ok
    00:46:32.0797 3996 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
    00:46:32.0847 3996 RDPWD - ok
    00:46:32.0957 3996 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
    00:46:33.0007 3996 RDSessMgr - ok
    00:46:33.0068 3996 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    00:46:33.0088 3996 redbook - ok
    00:46:33.0158 3996 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
    00:46:33.0178 3996 RemoteAccess - ok
    00:46:33.0268 3996 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
    00:46:33.0288 3996 RemoteRegistry - ok
    00:46:33.0398 3996 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    00:46:33.0418 3996 RFCOMM - ok
    00:46:33.0518 3996 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
    00:46:33.0538 3996 RpcLocator - ok
    00:46:33.0769 3996 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
    00:46:33.0779 3996 RpcSs - ok
    00:46:33.0899 3996 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    00:46:33.0939 3996 RSVP - ok
    00:46:33.0999 3996 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    00:46:33.0999 3996 SamSs - ok
    00:46:34.0079 3996 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
    00:46:34.0109 3996 SCardSvr - ok
    00:46:34.0229 3996 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
    00:46:34.0299 3996 Schedule - ok
    00:46:34.0430 3996 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    00:46:34.0450 3996 sdbus - ok
    00:46:34.0490 3996 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    00:46:34.0500 3996 Secdrv - ok
    00:46:34.0600 3996 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
    00:46:34.0610 3996 seclogon - ok
    00:46:34.0680 3996 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
    00:46:34.0690 3996 SENS - ok
    00:46:34.0760 3996 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
    00:46:34.0780 3996 Serial - ok
    00:46:34.0870 3996 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
    00:46:34.0870 3996 sffdisk - ok
    00:46:34.0920 3996 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
    00:46:34.0920 3996 sffp_sd - ok
    00:46:34.0980 3996 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    00:46:34.0990 3996 Sfloppy - ok
    00:46:35.0191 3996 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
    00:46:35.0321 3996 SharedAccess - ok
    00:46:35.0421 3996 ShellHWDetection (53d9184a21c5cbf600d918e51ef3a7e5) C:\WINDOWS\System32\shsvcs.dll
    00:46:35.0431 3996 ShellHWDetection - ok
    00:46:35.0461 3996 Simbad - ok
    00:46:35.0531 3996 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    00:46:35.0531 3996 sisagp - ok
    00:46:35.0581 3996 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    00:46:35.0581 3996 SLIP - ok
    00:46:35.0641 3996 SMCIRDA (9951b523fe6820f29ef010680cb692d2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
    00:46:35.0661 3996 SMCIRDA - ok
    00:46:35.0822 3996 smwdm (710a9684bf50e6fe7c227b9de41159da) C:\WINDOWS\system32\drivers\smwdm.sys
    00:46:35.0922 3996 smwdm - ok
    00:46:36.0022 3996 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    00:46:36.0022 3996 SoundMAX Agent Service (default) - ok
    00:46:36.0072 3996 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    00:46:36.0072 3996 Sparrow - ok
    00:46:36.0172 3996 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
    00:46:36.0172 3996 splitter - ok
    00:46:36.0252 3996 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
    00:46:36.0272 3996 Spooler - ok
    00:46:36.0342 3996 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    00:46:36.0362 3996 sr - ok
    00:46:36.0482 3996 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
    00:46:36.0543 3996 srservice - ok
    00:46:36.0753 3996 SRUserService (1c493053f3f46e257879bbc170e7c8cf) C:\Program Files\IT Connection Manager\SRUserService.exe
    00:46:36.0753 3996 SRUserService - ok
    00:46:36.0973 3996 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
    00:46:37.0093 3996 Srv - ok
    00:46:37.0163 3996 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
    00:46:37.0194 3996 SSDPSRV - ok
    00:46:37.0434 3996 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
    00:46:37.0544 3996 stisvc - ok
    00:46:37.0614 3996 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    00:46:37.0614 3996 streamip - ok
    00:46:37.0654 3996 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    00:46:37.0664 3996 swenum - ok
    00:46:37.0734 3996 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    00:46:37.0754 3996 swmidi - ok
    00:46:37.0784 3996 SwPrv - ok
    00:46:37.0834 3996 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    00:46:37.0844 3996 symc810 - ok
    00:46:37.0885 3996 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    00:46:37.0895 3996 symc8xx - ok
    00:46:37.0915 3996 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    00:46:37.0925 3996 sym_hi - ok
    00:46:37.0965 3996 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    00:46:37.0975 3996 sym_u3 - ok
    00:46:38.0035 3996 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    00:46:38.0055 3996 sysaudio - ok
    00:46:38.0125 3996 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
    00:46:38.0155 3996 SysmonLog - ok
    00:46:38.0325 3996 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
    00:46:38.0435 3996 TapiSrv - ok
    00:46:38.0515 3996 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\system32\drivers\TBiosDrv.sys
    00:46:38.0515 3996 TBiosDrv - ok
    00:46:38.0586 3996 TBtnKey (1f1b3aa534db6107118bf7942275f100) C:\WINDOWS\system32\DRIVERS\TBtnKey.sys
    00:46:38.0586 3996 TBtnKey - ok
    00:46:38.0806 3996 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    00:46:38.0926 3996 Tcpip - ok
    00:46:38.0986 3996 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    00:46:38.0996 3996 TDPIPE - ok
    00:46:39.0046 3996 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    00:46:39.0056 3996 TDTCP - ok
    00:46:39.0096 3996 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    00:46:39.0116 3996 TermDD - ok
    00:46:39.0256 3996 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
    00:46:39.0367 3996 TermService - ok
    00:46:39.0567 3996 Themes (53d9184a21c5cbf600d918e51ef3a7e5) C:\WINDOWS\System32\shsvcs.dll
    00:46:39.0567 3996 Themes - ok
    00:46:39.0837 3996 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
    00:46:39.0867 3996 TlntSvr - ok
    00:46:39.0917 3996 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
    00:46:39.0927 3996 TMEI3E - ok
    00:46:40.0118 3996 Tmesrv (70bf4126a11c8edbf26d8436fef06603) C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    00:46:40.0188 3996 Tmesrv - ok
    00:46:40.0238 3996 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    00:46:40.0248 3996 TosIde - ok
    00:46:40.0368 3996 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
    00:46:40.0438 3996 TrkWks - ok
    00:46:40.0488 3996 TVALZ (c77f886230cded0075d628f88689681c) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
    00:46:40.0488 3996 TVALZ - ok
    00:46:40.0548 3996 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    00:46:40.0558 3996 Udfs - ok
    00:46:40.0779 3996 UI Assistant Service (930039dd2900cfa8c33f1a7919223547) C:\Program Files\TATA DOCOMO 3G\AssistantServices.exe
    00:46:40.0869 3996 UI Assistant Service - ok
    00:46:40.0919 3996 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    00:46:40.0939 3996 ultra - ok
    00:46:40.0999 3996 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
    00:46:41.0009 3996 UMWdf - ok
    00:46:41.0179 3996 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
    00:46:41.0249 3996 Update - ok
    00:46:41.0360 3996 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
    00:46:41.0430 3996 upnphost - ok
    00:46:41.0500 3996 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
    00:46:41.0500 3996 UPS - ok
    00:46:41.0600 3996 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
    00:46:41.0620 3996 usbaudio - ok
    00:46:41.0700 3996 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    00:46:41.0700 3996 usbccgp - ok
    00:46:41.0770 3996 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    00:46:41.0780 3996 usbehci - ok
    00:46:41.0860 3996 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    00:46:41.0900 3996 usbhub - ok
    00:46:41.0960 3996 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    00:46:41.0970 3996 usbscan - ok
    00:46:42.0050 3996 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    00:46:42.0050 3996 usbstor - ok
    00:46:42.0111 3996 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    00:46:42.0121 3996 usbuhci - ok
    00:46:42.0201 3996 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
    00:46:42.0231 3996 usbvideo - ok
    00:46:42.0291 3996 usb_rndisx (ae4df3b7d1db9373b08db4ed224e26b6) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    00:46:42.0301 3996 usb_rndisx - ok
    00:46:42.0361 3996 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    00:46:42.0371 3996 VgaSave - ok
    00:46:42.0421 3996 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    00:46:42.0441 3996 viaagp - ok
    00:46:42.0491 3996 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
    00:46:42.0491 3996 ViaIde - ok
    00:46:42.0671 3996 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    00:46:42.0681 3996 VolSnap - ok
    00:46:43.0042 3996 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
    00:46:43.0142 3996 VSS - ok
    00:46:43.0292 3996 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
    00:46:43.0372 3996 W32Time - ok
    00:46:44.0003 3996 w70n51 (3eccbb3689807787cd4c0fed20b1d0d8) C:\WINDOWS\system32\DRIVERS\w70n51.sys
    00:46:44.0364 3996 w70n51 - ok
    00:46:44.0424 3996 WacomPen (497f6cdb901ef8de81bd501e2aefb0d0) C:\WINDOWS\system32\DRIVERS\wacompen.sys
    00:46:44.0444 3996 WacomPen - ok
    00:46:44.0554 3996 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    00:46:44.0574 3996 Wanarp - ok
    00:46:44.0674 3996 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    00:46:44.0724 3996 wceusbsh - ok
    00:46:44.0754 3996 WDICA - ok
    00:46:44.0855 3996 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
    00:46:44.0885 3996 wdmaud - ok
    00:46:44.0955 3996 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
    00:46:44.0985 3996 WebClient - ok
    00:46:45.0155 3996 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
    00:46:45.0205 3996 winmgmt - ok
    00:46:45.0576 3996 WmcCds (20263dafd033d30f151bb87568386769) c:\program files\windows media connect\mswmccds.exe
    00:46:45.0576 3996 WmcCds - ok
    00:46:45.0656 3996 WmcCdsLs (04f5e2ec7e85aef99b9b882141f62b7c) C:\Program Files\Windows Media Connect\mswmcls.exe
    00:46:45.0656 3996 WmcCdsLs - ok
    00:46:45.0726 3996 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
    00:46:45.0736 3996 WmdmPmSN - ok
    00:46:46.0046 3996 Wmi (1081c185aed0660b2b5f173c3e023b23) C:\WINDOWS\System32\advapi32.dll
    00:46:46.0056 3996 Wmi - ok
    00:46:46.0237 3996 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    00:46:46.0257 3996 WmiApSrv - ok
    00:46:46.0347 3996 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
    00:46:46.0357 3996 WpdUsb - ok
    00:46:46.0477 3996 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
    00:46:46.0507 3996 wscsvc - ok
    00:46:46.0567 3996 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    00:46:46.0567 3996 WSTCODEC - ok
    00:46:46.0617 3996 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
    00:46:46.0617 3996 wuauserv - ok
    00:46:46.0817 3996 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
    00:46:46.0938 3996 WZCSVC - ok
    00:46:47.0068 3996 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
    00:46:47.0108 3996 xmlprov - ok
    00:46:47.0198 3996 ZTEusbmdm6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
    00:46:47.0238 3996 ZTEusbmdm6k - ok
    00:46:47.0338 3996 ZTEusbnmea (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
    00:46:47.0378 3996 ZTEusbnmea - ok
    00:46:47.0468 3996 ZTEusbser6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
    00:46:47.0508 3996 ZTEusbser6k - ok
    00:46:47.0608 3996 ZTEusbvoice (19abacf26ae8fe25ed6e4909cdb44a79) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
    00:46:47.0639 3996 ZTEusbvoice - ok
    00:46:47.0749 3996 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    00:46:48.0680 3996 \Device\Harddisk0\DR0 - ok
    00:46:48.0710 3996 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR10
    00:47:01.0158 3996 \Device\Harddisk1\DR10 - ok
    00:47:01.0198 3996 Boot (0x1200) (497526854a0ac4f97b90bfa146b5b248) \Device\Harddisk0\DR0\Partition0
    00:47:01.0198 3996 \Device\Harddisk0\DR0\Partition0 - ok
    00:47:01.0218 3996 Boot (0x1200) (021b168a74ebe357b51a0fb74c705bda) \Device\Harddisk1\DR10\Partition0
    00:47:01.0218 3996 \Device\Harddisk1\DR10\Partition0 - ok
    00:47:01.0218 3996 ============================================================
    00:47:01.0218 3996 Scan finished
    00:47:01.0218 3996 ============================================================
    00:47:01.0288 5936 Detected object count: 0
    00:47:01.0288 5936 Actual detected object count: 0



    ::::::::::::::::::::::::::::::::::: ESET log :::::::::::::::::::::::::::::::::::
    ESETSmartInstaller@High as downloader log:
    Can not open internetESETSmartInstaller@High as downloader log:
    Can not open internetESETSmartInstaller@High as downloader log:
    Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=01f42d4401f3bb438f9d3704a7915732
    # end=stopped
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-06-01 08:51:07
    # local_time=2012-06-02 02:21:07 (+0530, India Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=512 16777215 100 0 391671739 391671739 0 0
    # compatibility_mode=4864 16777215 100 0 229905069 229905069 0 0
    # compatibility_mode=8192 67108863 100 0 391210213 391210213 0 0
    # scanned=65921
    # found=556
    # cleaned=0
    # scan_time=12605
    C:\autorun.inf INF/Autorun.gen trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Games.exe Win32/VB.NJS worm (unable to clean) 00000000000000000000000000000000 I
    C:\rytfe.pif Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrator\Desktop\OTL.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrator\Desktop\WVCheck.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrator\Desktop\My Files\Images\Games.exe Win32/VB.NJS worm (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrator\Desktop\My Files\Images\Photos.exe Win32/VB.NJS worm (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Audio.exe Win32/AutoRun.FlyStudio.CI worm (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Games.exe Win32/VB.NJS worm (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\My Videos.exe Win32/AutoRun.FlyStudio.CI worm (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Photos.exe Win32/VB.NJS worm (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Pictures.exe Win32/VB.NJS worm (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Received.exe Win32/AutoRun.FlyStudio.CI worm (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\songs.exe a variant of Win32/VB.NGQ trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrator\Desktop\My Files\MY FAMALALY\Ebook\Images.exe Win32/AutoRun.FlyStudio.CI worm (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\G1JKAC6D.W7R\0B0KTNLQ.0AW\clic...exe_9a8dfcd080ccb114_0001.0002_none_19406a39b53cc9ad\GoogleUpdateSetup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\G1JKAC6D.W7R\0B0KTNLQ.0AW\goog...app_9a8dfcd080ccb114_0001.0002_7140c0fbcca31fb8\GoogleUpdateSetup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\Administrator\Local Settings\Temp\set1CE.tmp Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\All Users\Application Data\DatacardService\Temp\Tata Photon+\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CertRequest.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CSCredH.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CSIPSec.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CSPunchIt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\SRU\CSQFINST.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SYSTEMIL2.EXE Win32/VB.NJS worm (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\amareshr\Application Data\Microsoft\Installer\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}\NewShortcut11_36495C59089C49D1BD159E5BD86DC9A1.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\amareshr\Application Data\Microsoft\Installer\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}\NewShortcut1_36495C59089C49D1BD159E5BD86DC9A1.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\amareshr\Desktop\CardMan_4000_V3_5_0_10.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\amareshr\Local Settings\Temp\CorpSec\ITGSecLogOnGPExec.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Drivers\net\PROUnstl.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Drivers\net\WINDOWS\DRIVERS\IA32\8255xdel.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Drivers\net\WINDOWS\DRIVERS\IA32\PROUnstl.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Drivers\net\WINDOWS\NMS\IA32\NMSSvc.Exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Drivers\net\WINDOWS\NMS\IA32\RegSvr32.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Drivers\net\WINDOWS\NMS\IA32\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Drivers\net\WINDOWS\NMS\IA32\_ISDel.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Drivers\net\WINDOWS\PROSet2\IA32\instmsiA.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Drivers\net\WINDOWS\PROSet2\IA32\instmsiW.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Drivers\net\WINDOWS\PROSet2\IA32\PROMon.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Drivers\net\WINDOWS\PROSet2\IA32\ProNT4.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Drivers\net\WINDOWS\PROSet2\IA32\PROSet.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Drivers\net\WINDOWS\PROSet2\IA32\_ISDel.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Drivers\tosh\DrvUpdt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Drivers\tosh\install.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Drivers\tosh\p350vidx.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DTToys\Toysel32.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DTToys\UDilbert.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Chinese-Simplified\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Chinese-Simplified\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Chinese-Simplified\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Chinese-Traditional\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Chinese-Traditional\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Chinese-Traditional\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Danish\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Danish\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Danish\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Dutch\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Dutch\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Dutch\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\English\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\English\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\English\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Finnish\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Finnish\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Finnish\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\French\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\French\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\French\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\German\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\German\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Italian\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Italian\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Italian\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Japanese\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Japanese\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Japanese\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Korean\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Korean\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Korean\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Norwegian\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Norwegian\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Norwegian\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Portuguese\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Portuguese\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Portuguese\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Spanish\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Spanish\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Spanish\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Swedish\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Swedish\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WIN2K\Swedish\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Chinese-Simplified\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Chinese-Simplified\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Chinese-Simplified\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Chinese-Simplified\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Chinese-Simplified\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Chinese-Traditional\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Chinese-Traditional\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Chinese-Traditional\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Chinese-Traditional\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Chinese-Traditional\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Danish\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Danish\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Danish\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Danish\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Danish\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Dutch\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Dutch\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Dutch\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Dutch\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Dutch\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\English\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\English\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\English\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\English\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\English\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Finnish\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Finnish\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Finnish\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Finnish\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Finnish\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\French\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\French\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\French\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\French\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\French\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\German\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\German\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\German\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\German\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\German\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Italian\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Italian\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Italian\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Italian\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Italian\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Japanese\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Japanese\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Japanese\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Japanese\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Japanese\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Korean\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Korean\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Korean\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Korean\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Korean\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Norwegian\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Norwegian\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Norwegian\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Norwegian\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Norwegian\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Portuguese\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Portuguese\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Portuguese\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Portuguese\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Portuguese\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Spanish\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Spanish\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Spanish\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Spanish\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Spanish\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Swedish\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Swedish\DVDRAMSV.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Swedish\RAMAsst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Swedish\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\DVDRam.temp\Driver\WINXP\Swedish\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Adobe\Adobe Help Viewer\1.0\ahv.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\ADB2.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\PsaProxy.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A80000000002}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Analog Devices\SoundMAX\AEEnable.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Analog Devices\SoundMAX\install.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Analog Devices\SoundMAX\RemADI.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Analog Devices\SoundMAX\Remove.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Analog Devices\SoundMAX\SMAgentI.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Analog Devices\SoundMAX\SMAgentX.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Analog Devices\SoundMAX\SMax4.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Analog Devices\SoundMAX\SMWizard.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Apoint2K\Apoint.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Apoint2K\Ezcapt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Apoint2K\EzPopup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Apoint2K\Uninstap.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Audio Converter\audconv.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Audio Converter\unins000.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Audio Converter\WMFDist.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Beetel Connection Manager\ejectdisk.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Beetel Connection Manager\USBDriverInstaller_x86.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\CA\SharedComponents\ScanEngine\SigCheck.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\CA\SharedComponents\ScanEngine\UnCfgEng.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdaterInstallMgr.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver2.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\patch-j2re1.4.2_06-b03\patchjre.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2_05-b04\patch-j2re1.4.2_05-b04\patchjre.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_02.b09\launcher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_02.b09\patchjre.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05\launcher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05\patchjre.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamServr.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Logitech\QCDRV\BIN\DelDev.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Logitech\QCDRV\BIN\InstFiles.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Logitech\QCDRV\BIN\InstMed.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Logitech\QCDRV\BIN\Launcher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Logitech\QCDRV\BIN\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Logitech\QCDRV\BIN\Shutdown.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Logitech\QCDRV\BIN\Slaunch.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Logitech\QCDRV\BIN\StripInf.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Logitech\QCDRV\BIN\Update.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Logitech\QCDRV\BIN\VidCtrl2.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Microsoft Shared\NoteSync Forms\InkForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Microsoft Shared\NoteSync Forms\VoiceFrm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ACECNFLT.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\DVD-RAM\WinXP\DVD-RAM Driver\DVDForm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\DVD-RAM\WinXP\DVD-RAM Driver\WPTool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Google\Google Talk\googletalk-1.0.0.100\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Google\Google Talk\googletalk-1.0.0.66\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Google\Google Talk\googletalk-1.0.0.68\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Google\Google Talk\googletalk-1.0.0.70\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Google\Google Talk\googletalk-1.0.0.72\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Google\Google Talk\googletalk-1.0.0.76\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Google\Google Talk\googletalk-1.0.0.78\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Google\Google Talk\googletalk-1.0.0.80\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Google\Google Talk\googletalk-1.0.0.82\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Google\Google Talk\googletalk-1.0.0.84\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Google\Google Talk\googletalk-1.0.0.86\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Google\Google Talk\googletalk-1.0.0.92\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Google\Google Talk\googletalk-1.0.0.96\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Google\Google Talk\googletalk-1.0.0.98\googletalk-setup-upgrade.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InstallShield Installation Information\{2A30052B-831C-41D3-8044-3C0388066350}\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InstallShield Installation Information\{517EC706-7C7B-41D4-B9C0-D7FD673DEB57}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InstallShield Installation Information\{53554FA3-F658-40F4-A7C6-4CD6F776A8F0}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InstallShield Installation Information\{7C21EEE0-E6FD-11D4-BD19-00D0B702AEC0}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InstallShield Installation Information\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InstallShield Installation Information\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InstallShield Installation Information\{C880E328-DA82-47F2-B429-3E42C73C7549}\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InstallShield Installation Information\{D14E3D40-2004-11D3-BFBF-00A0248F3321}\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\InterVideo\WinDVD4\WinDVD.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\cm_info.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\ConfigureOneCare.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\CSAVCHK.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\CSCERINS.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\CSCredH.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\CSICF.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\CSICFX2b.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\CSPunchIt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\CSPwdChk.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\CSQFINST.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\eAVADx86.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\EAVAudit.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\GCSSHA.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\ipcmdqfe.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\IPCMDXP2.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\IPSecCheck.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\IPSecCheckServer.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\ipseccmd.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\PatchIT.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\PatchITServer.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\SCardCln.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\IT Connection Manager\SRUDiags.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\ItsDeductibleEX\ItsDeductibleEX.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\ItsDeductibleEX\ItsDEX.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\ItsDeductibleEX\mdac_typ.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\ItsDeductibleEX\TXFCreate2004.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_05\bin\java.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_05\bin\javaw.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_05\bin\jpicpl32.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_05\bin\keytool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_05\bin\kinit.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_05\bin\klist.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_05\bin\ktab.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_05\bin\orbd.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_05\bin\policytool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_05\bin\rmid.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_05\bin\rmiregistry.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_05\bin\servertool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_05\bin\tnameserv.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_05\javaws\javaws.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_06\bin\java.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_06\bin\jpicpl32.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_06\bin\keytool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_06\bin\kinit.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_06\bin\klist.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_06\bin\ktab.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_06\bin\orbd.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_06\bin\policytool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_06\bin\rmid.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_06\bin\rmiregistry.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_06\bin\servertool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_06\bin\tnameserv.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\j2re1.4.2_06\javaws\javaws.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_02\bin\java.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_02\bin\javacpl.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_02\bin\javaws.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_02\bin\keytool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_02\bin\kinit.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_02\bin\klist.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_02\bin\ktab.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_02\bin\orbd.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_02\bin\pack200.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_02\bin\policytool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_02\bin\rmid.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_02\bin\rmiregistry.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_02\bin\servertool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_02\bin\tnameserv.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_06\bin\java.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_06\bin\javacpl.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_06\bin\javaws.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_06\bin\keytool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_06\bin\kinit.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_06\bin\klist.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_06\bin\ktab.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_06\bin\orbd.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_06\bin\pack200.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_06\bin\policytool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_06\bin\rmid.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_06\bin\rmiregistry.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_06\bin\servertool.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Java\jre1.5.0_06\bin\tnameserv.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\QuickCamWebInstall\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\QuickCamWebInstall\AppInst\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\QuickCamWebInstall\Codec\SP1patch.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\CamServr.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\CamWizrd.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\DelDev.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\InstFiles.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\InstMed.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\Launcher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\Setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\Shutdown.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\Slaunch.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\StripInf.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\Update.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\VidCtrl2.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\QuickCamWebInstall\WMF8\WMFDist.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\QuickCamWebInstall\WMF9\wmfdist.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\AlbumDB2.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\AOLMWiz.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\Bridge.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\CamEntry.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\Editor2.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\FWHlpApp.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\FWSetDlg.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\ISStart.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\Launcher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\LgFwUpg.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\LogiMail.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\LogiTray.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\ManifestEngine.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\QSend.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\QSync.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\RadarContainer.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\RoxioTarget.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Logitech\Video\WaveChk.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\ltmoh\ltmoh.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Maxtor\OneTouch\Drivers\USB\mxoaldr.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Maxtor\OneTouch\Drivers\USB\mxonttry.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Maxtor\OneTouch\Drivers\USB\mxostray.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Maxtor\OneTouch\Utils\MaxUtilities.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Maxtor\OneTouch\Utils\updateRegs.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Messenger\Msmsgs.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Microsoft\Communicator Mobile\Smartphone 2003 SE\Setup\PCInstaller.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Microsoft ActiveSync\GlobalContactAccess\Uninstall.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Microsoft ActiveSync\Smartphlow\Uninstall.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Microsoft ActiveSync\SmartphlowSP\Uninstall.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Microsoft ActiveSync\VirtualEarthMobile\Uninstall.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Microsoft ActiveSync\Weather\Uninstall.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Microsoft ActiveSync\Windows Media Player\ceappmgr.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Microsoft ActiveSync\Windows Media Player\_instHPCAll.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Microsoft ActiveSync\Windows Media Player\_unrmhpcAll.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Microsoft Office\Office12\DRAT.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Microsoft Office\Office12\GROOVE.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Microsoft Office\Office12\GrooveClean.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Microsoft Office\Office12\GrooveMigrator.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Microsoft Office\Office12\GrooveStdURLLauncher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Plaxo\InstallStub.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Plaxo\PlaxoHelper.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Potala Software\Potala Telly\wmnall.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\QuickTime\PictureViewer.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\QuickTime\QTInfo.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\QuickTime\qttask.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\QuickTime\QuickTimePlayer.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\QuickTime\QTSystem\ExportController.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\muvee autoProducer 6.1 Seagate Edition\muveeapp.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\muvee autoProducer 6.1 Seagate Edition\Flash\loader_pc_mprojector.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\muvee autoProducer 6.1 Seagate Edition\Flash\fscommand\applauncher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Encryption\MaxtorEncryption.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Encryption\SFELauncher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Encryption\SFEPasswordDialog.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\ManagerApp\monFDE.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\ManagerApp\stxmanager.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\ManagerApp\UpdateCheck.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\InstallSeagateManager.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\demo32.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\Seagate_Manager.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\start.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\BP\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\Carbonite\CarboniteSetupLiteSeagatePreinstaller.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\DE\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\EN\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\ES\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\FR\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\IT\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\JP\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\KR\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\Muvee\setup_launcher.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\Muvee\w9xpopen.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\Muvee\aP\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\Muvee\reveal\setup.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\Muvee\reveal\bin\windowsinstaller-kb893803-v2-x86.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\Muvee\reveal\bin\wmfdist95.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\RU\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\SCH\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Seagate Manager Setup Files\bin\TCH\animation.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\System Center Operations Manager 2007\MonitoringHost.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\TATA DOCOMO 3G\Diagnoses.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\TATA DOCOMO 3G\EXETimer.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\TATA DOCOMO 3G\Reload.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\TATA DOCOMO 3G\Replug.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\TATA DOCOMO 3G\ResetCDROM.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\TATA DOCOMO 3G\TATA DOCOMO 3G.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Theme Generator Smartphone\MSTG.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Acceleration Utilities\InputSink\TInSMain.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Acceleration Utilities\Property\TAclProp.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\BIP_Camera.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\BTWLANDP.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ECCenter.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\SCenter.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tbpwiz.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtInit.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtNCS.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtNSS.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtPCS.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtPSS.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosKeyboardHook.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosMkUtil.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosMouseHook.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\WirelessFTP.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\ConfigFree\CFAssoc.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\ConfigFree\CFBTSrch.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\ConfigFree\CFDialUp.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\ConfigFree\cfmain.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\ConfigFree\cfscr.scr Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\ConfigFree\CFSec.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\ConfigFree\CFSServ.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\ConfigFree\CFView.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\ConfigFree\CFWAN.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\ConfigFree\diagnote.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\ConfigFree\NDSBrow.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\ConfigFree\NDSDiag.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\ConfigFree\ProfGen.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\ConfigFree\ProfPass.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\ConfigFree\redirect.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\ConfigFree\_CFToken.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\ConfigFree\_CFTokenN.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\CrossMenu\AISMain.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\PCDiag\cdromtest.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\PCDiag\devlist.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\PCDiag\fddtest.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\PCDiag\hddrivetest.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\PCDiag\memtest.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\PCDiag\miditest.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\PCDiag\PCDiag.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\PCDiag\wavetest.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\SD Format\TOSSDfmt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\TapButton\TapButt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\TapButton\TTapProp.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\TME3\DockMode.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\TME3\TMERzCtl.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\TME3\TMESRV31.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\TOSHIBA Console\TInTouch.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\TOSHIBA Rotation Utility\SetOrien.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\TOSHIBA SD Memory Utilities\TOSSDfmt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\TouchED\TouchED.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\TSigReco\TSigRgst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Windows Utilities\TACSPROP.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Windows Utilities\ThotUtil.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Toshiba\Windows Utilities\SVPWTool\TOSPU.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Visimation\Generate Opportunity Map\chktrust.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Windows Installer Clean Up\msicuu.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Windows Installer Clean Up\MsiZap.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Windows Media Connect\mswmcls.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Windows Media Connect\Redist\wmfdist95.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Windows Media Player\wmlaunch.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Windows Media Player\wmpenc.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Windows Media Player\wmsetsdk.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Windows NT\hypertrm.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Yahoo!\Common\unyt.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Yahoo!\Installs\ymsgrie.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\agrsmdel.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\InstDrvr.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\IsUn0411.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\IsUninst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\MXOALDR.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\songs.exe a variant of Win32/VB.NGQ trojan (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\svae_unst.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\SYSTEMIL.EXE Win32/VB.NJS worm (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\Driver Cache\p350vidx.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\system32\LVCOMSX.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\system32\SVCHOST32.EXE Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\system32\WindowsXP-KB824133-x86-ENU.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\system32\XP-1718E4C3.EXE Win32/AutoRun.FlyStudio.CI worm (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\system32\VPCache\RDM00558\ScanWrapper.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\system32\VPCache\RDM00558\SmsWusHandler.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\system32\VPCache\RDM0065E\ScanWrapper.exe Win32/Sality.NBA virus (unable to clean) 00000000000000000000000000000000 I








    Thanks
     
  15. mambass

    mambass Malware Specialist

    Joined:
    Apr 11, 2008
    Messages:
    141
    Hi FlourishDNA,

    I've reviewed your logs and I'm afraid that I have some bad news. :(
    Among other infections, your computer is infected with a severe polymorphic file infector known.as sality that has backdoor functionality. You can read more about it here.

    A backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge.
    A backdoor compromises system integrity by making changes to the system that allow it to be used by the attacker for malicious purposes unknown to the user.
    Typically it's installed without user interaction through security exploits and can severely compromise system security.
    Such infections may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files and install additional malware.
    These backdoor infections may also collect and transmit personally identifiable information without your consent and severely degrade the performance and stability of your computer.
    A backdoor infection can give intruders complete control of your computer, log your keystrokes, obtain passwords, steal personal information, etc.

    You are strongly advised to do the following:
    • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
    • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft
      and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
    • From a clean computer, change all your passwords
      (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, any online activity you perform, requiring a username and password).
      Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
    • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

    Due to its file infector and backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. The file infector changes so many files and registry entries that recovery may very well not be possible. Many of the most highly respected helpers at forums such as this would not even offer the option to attempt repairing the system given the massive changes that have likely been made.
    Many experts in the security community believe that, once infected with this type of file infector, the only course of action would be to reformat the disk and re-install the operating system (OS).
    The decision as to whether we should attempt to clean your system will have to be made by you. Even if we can get it back to a usable state, please understand that you will never be able to trust this computer unless you reformat the disk and reinstall the operating system.


    To help you understand more, please take some time to read the following articles:
    Virut and other File infectors – Throwing in the Towel?
    When should I re-format and reinstall my OS
    What are Remote Access Trojans and why are they dangerous
    How do I respond to a possible identity theft and how do I prevent it
    How to use Backup to protect data and restore files and folders


    Please let me know how you would like to proceed.


    mambass
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1054762