Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
21 replies to this topic

#1 MZK39

MZK39

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 22 April 2009 - 04:06 PM

Please help! Infected....

Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:30 PM, on 4/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\TIREMOTE\TIRemoteService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\TEMP\ppgkp.exe
C:\TEMP\winibctx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\TEMP\ggkhmi.exe
C:\TEMP\winkbeump.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://WLCIntranet
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://WLCIntranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://WLCIntranet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by WLC Architects, Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.2:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [PbAdminACAD] C:\Program Files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe /install_user
O4 - HKLM\..\Run: [MicroBrew] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-3691556701-3721234592-2952762321-1409\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3691556701-3721234592-2952762321-1409\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3691556701-3721234592-2952762321-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://WLCIntranet
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wlc.wlcarchitects.com
O17 - HKLM\Software\..\Telephony: DomainName = wlc.wlcarchitects.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wlc.wlcarchitects.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wlc.wlcarchitects.com
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Numara Remote Control Helper ver. 9.00 (2007058) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Numara Software\Remote\Host\NHOSTSVC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Numara Software, Inc. - C:\WINDOWS\TIREMOTE\TIRemoteService.exe

--
End of file - 12591 bytes

Thanks in advance!

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:07:42 PM

Posted 05 May 2009 - 10:46 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 MZK39

MZK39
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 06 May 2009 - 05:19 PM

Attached File  Attach.txt   10.29KB   16 downloadsHi KoanYorel,

Thanks for the repley!

DDS:

DDS (Ver_09-03-16.01) - NTFSx86
Run by mhenry at 15:07:32.51 on Wed 05/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3455.2902 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\TIREMOTE\TIRemoteService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Documents and Settings\mhenry\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Microsoft Internet Explorer provided by WLC Architects, Inc.
uStart Page = hxxp://WLCIntranet/
uDefault_Page_URL = hxxp://WLCIntranet
mDefault_Page_URL = hxxp://WLCIntranet
uInternet Settings,ProxyServer = 192.168.0.2:8080
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [PbAdminACAD] c:\program files\bluebeam software\pushbutton pdf\PbMngr5.exe /install_user
mRun: [MicroBrew] c:\program files\common files\bluebeam software\brewery\v45\printer support\MicroBrew2.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoBandCustomize = 1 (0x1)
uPolicies-explorer: SpecifyDefaultButtons = 1 (0x1)
uPolicies-explorer: Btn_Back = 1 (0x1)
uPolicies-explorer: Btn_Forward = 1 (0x1)
uPolicies-explorer: Btn_Stop = 1 (0x1)
uPolicies-explorer: Btn_Refresh = 1 (0x1)
uPolicies-explorer: Btn_Home = 1 (0x1)
uPolicies-explorer: Btn_Search = 1 (0x1)
uPolicies-explorer: Btn_Favorites = 1 (0x1)
uPolicies-explorer: Btn_History = 2 (0x2)
uPolicies-explorer: Btn_Media = 2 (0x2)
uPolicies-explorer: Btn_Folders = 1 (0x1)
uPolicies-explorer: Btn_Fullscreen = 2 (0x2)
uPolicies-explorer: Btn_Tools = 1 (0x1)
uPolicies-explorer: Btn_MailNews = 1 (0x1)
uPolicies-explorer: Btn_Size = 2 (0x2)
uPolicies-explorer: Btn_Print = 1 (0x1)
uPolicies-explorer: Btn_Edit = 2 (0x2)
uPolicies-explorer: Btn_Discussions = 1 (0x1)
uPolicies-explorer: Btn_Cut = 2 (0x2)
uPolicies-explorer: Btn_Copy = 1 (0x1)
uPolicies-explorer: Btn_Paste = 1 (0x1)
uPolicies-explorer: Btn_Encoding = 2 (0x2)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 NHostNT1;Numara Remote Control Driver 1 ver. 9.00 (2007058);c:\windows\system32\drivers\NHOSTNT1.SYS [2008-2-12 92432]
R2 NetOp Host for NT Service;Numara Remote Control Helper ver. 9.00 (2007058);c:\program files\numara software\remote\host\NHOSTSVC.EXE [2008-2-12 1499408]
R2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\tiremote\TIRemoteService.exe [2008-2-12 212480]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\pnnim.sys --> c:\windows\system32\drivers\pnnim.sys [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-9-18 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-6-10 35968]
R3 NHOSTNT3;Numara Remote Control Driver 3 ver. 9.00 (2007058) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [2008-2-12 3216]

=============== Created Last 30 ================

2009-05-06 15:07 <DIR> --d----- c:\temp\RarSFX1
2009-05-06 15:05 <DIR> --d----- c:\temp\RarSFX0
2009-05-06 07:52 <DIR> --d----- c:\program files\CCleaner
2009-05-06 07:52 <DIR> --d----- c:\temp\00200FB3_Rar
2009-05-06 07:52 <DIR> --d----- c:\temp\001FDEEF_Rar
2009-05-06 07:52 <DIR> --d----- c:\temp\001FDDF5_Rar
2009-05-06 07:52 <DIR> --d----- c:\temp\~nsu.tmp
2009-04-20 07:28 <DIR> --d----- c:\windows\system32\NtmsData
2009-04-17 15:45 3,153,920 a------- c:\windows\system32\secsetup.sdb
2009-04-17 13:48 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-04-16 21:34 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-16 21:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-16 21:15 <DIR> --d----- c:\program files\Trend Micro
2009-04-15 07:29 55,808 a------- c:\windows\system32\dllcache\secur32.dll

==================== Find3M ====================

2009-04-22 08:09 192,398 a------- c:\windows\system32\nvModes.dat
2009-04-21 12:58 138,512 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-21 12:58 201,440 a------- c:\windows\system32\PnkBstrB.exe
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-21 07:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 07:00 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 07:00 284,160 a------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 21:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 03:20 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 03:20 13,824 a------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-19 22:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-02-10 18:31 453,120 a------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 03:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 03:19 1,846,272 a------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 03:01 728,576 a------- c:\windows\system32\lsasrv.dll
2009-02-09 03:01 728,576 a------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 03:01 617,984 a------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 03:01 617,984 a------- c:\windows\system32\advapi32.dll
2009-02-09 03:01 473,088 a------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 03:01 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 03:01 401,408 a------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 03:01 715,264 a------- c:\windows\system32\ntdll.dll
2009-02-09 03:01 715,264 a------- c:\windows\system32\dllcache\ntdll.dll
2009-02-06 03:32 2,186,112 a------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 03:29 2,142,720 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:29 2,142,720 a------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 03:22 110,592 a------- c:\windows\system32\services.exe
2009-02-06 03:22 110,592 a------- c:\windows\system32\dllcache\services.exe
2009-02-06 02:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 02:54 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-06 02:49 2,020,864 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 02:49 2,020,864 a------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 02:49 2,062,976 a------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 02:41 227,840 a------- c:\windows\system32\dllcache\wmiprvse.exe

============= FINISH: 15:07:38.32 ===============

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.36
Database version: 1992
Windows 5.1.2600 Service Pack 2

5/6/2009 3:04:11 PM
mbam-log-2009-05-06 (15-03-56).txt

Scan type: Quick Scan
Objects scanned: 86021
Time elapsed: 2 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

As a side note my task manager has been greyed out!

Thanks again.

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:42 PM

Posted 07 May 2009 - 07:01 PM

Hi MZK39,


Step1

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries



Step2

I notice you have MBAM installed in your system, Please rerun it as instructed in the following.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Step3
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please post back:

1.Gmer log
2.MBAM log
3.RSIT log.txt and info.txt.

Please detail the problems you're experiencing. Thanks.

Edited by sundavis, 07 May 2009 - 07:04 PM.


#5 MZK39

MZK39
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 08 May 2009 - 11:55 AM

Sundavis,

Thanks for helping!

GMER:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-08 09:15:39
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x53 0xEE 0x09 0xB8 ...

---- EOF - GMER 1.0.15 ----


MBAM:

Malwarebytes' Anti-Malware 1.36
Database version: 2094
Windows 5.1.2600 Service Pack 2

5/8/2009 9:28:23 AM
mbam-log-2009-05-08 (09-28-23).txt

Scan type: Quick Scan
Objects scanned: 102376
Time elapsed: 2 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


* Even after the removal process the virus is still there!

My Task Manager is still greyed out and unavailable to me.

RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by mhenry at 2009-05-08 09:34:11
Microsoft Windows XP Professional Service Pack 2
System drive C: has 36 GB (38%) free of 95 GB
Total RAM: 3455 MB (87% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:15 AM, on 5/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\TIREMOTE\TIRemoteService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Documents and Settings\mhenry\Desktop\Fix\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\mhenry.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://WLCIntranet
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://WLCIntranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://WLCIntranet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by WLC Architects, Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.2:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [PbAdminACAD] C:\Program Files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe /install_user
O4 - HKLM\..\Run: [MicroBrew] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://WLCIntranet
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wlc.wlcarchitects.com
O17 - HKLM\Software\..\Telephony: DomainName = wlc.wlcarchitects.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wlc.wlcarchitects.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wlc.wlcarchitects.com
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Numara Remote Control Helper ver. 9.00 (2007058) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Numara Software\Remote\Host\NHOSTSVC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Numara Software, Inc. - C:\WINDOWS\TIREMOTE\TIRemoteService.exe

--
End of file - 12127 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-06-13 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-24 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-21 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-24 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-26 8523776]
"nwiz"=nwiz.exe /install []
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 794624]
"AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.exe [2006-01-16 53248]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 831580]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-02-14 454656]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-05-08 131072]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-02-22 114688]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1261568]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-11-08 262144]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2004-08-04 143360]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 693624]
""= []
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1961984]
"PbAdminACAD"=C:\Program Files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe [2006-09-21 217088]
"MicroBrew"=C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe [2006-09-21 495616]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-06-13 127036]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2008-04-25 214336]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-26 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 1159168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-31 39408]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2217816]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
"DisableRegistryTools"=1
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"Intellimenus"=1
"NoSMConfigurePrograms"=1
"NoBandCustomize"=1
"SpecifyDefaultButtons"=1
"Btn_Back"=1
"Btn_Forward"=1
"Btn_Stop"=1
"Btn_Refresh"=1
"Btn_Home"=1
"Btn_Search"=1
"Btn_Favorites"=1
"Btn_History"=2
"Btn_Media"=2
"Btn_Folders"=1
"Btn_Fullscreen"=2
"Btn_Tools"=1
"Btn_MailNews"=1
"Btn_Size"=2
"Btn_Print"=1
"Btn_Edit"=2
"Btn_Discussions"=1
"Btn_Cut"=2
"Btn_Copy"=1
"Btn_Paste"=1
"Btn_Encoding"=2
"NoDesktopCleanupWizard"=1
"NoWindowsUpdate"=0
"NoToolbarCustomize"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\Program Files\Numara Software\Remote\Host\NHSTW32.EXE"="C:\Program Files\Numara Software\Remote\Host\NHSTW32.EXE:*:Enabled:NetOp Host"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\WINDOWS\system32\~.exe"="C:\WINDOWS\system32\~.exe:*:Enabled:ipsec"
"C:\TEMP\skgtu.exe"="C:\TEMP\skgtu.exe:*:Enabled:ipsec"
"C:\TEMP\mhgth.exe"="C:\TEMP\mhgth.exe:*:Enabled:ipsec"
"C:\TEMP\wpvf.exe"="C:\TEMP\wpvf.exe:*:Enabled:ipsec"
"C:\TEMP\gpgx.exe"="C:\TEMP\gpgx.exe:*:Enabled:ipsec"
"C:\TEMP\winhuah.exe"="C:\TEMP\winhuah.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe"="C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe:*:Enabled:ipsec"
"C:\TEMP\winmhtv.exe"="C:\TEMP\winmhtv.exe:*:Enabled:ipsec"
"C:\TEMP\coaenr.exe"="C:\TEMP\coaenr.exe:*:Enabled:ipsec"
"C:\TEMP\winijha.exe"="C:\TEMP\winijha.exe:*:Enabled:ipsec"
"C:\TEMP\winvvgpvv.exe"="C:\TEMP\winvvgpvv.exe:*:Enabled:ipsec"
"C:\WINDOWS\Sminst\Recguard.exe"="C:\WINDOWS\Sminst\Recguard.exe:*:Enabled:ipsec"
"C:\WINDOWS\Creator\Remind_XP.exe"="C:\WINDOWS\Creator\Remind_XP.exe:*:Enabled:ipsec"
"C:\Program Files\CCleaner\CCleaner.exe"="C:\Program Files\CCleaner\CCleaner.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe"="C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe:*:Enabled:ipsec"
"C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\qlbPres.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\qlbPres.exe:*:Enabled:ipsec"
"C:\Program Files\InterVideo\DVD Check\DVDCheck.exe"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\Program Files\HPQ\Default Settings\cpqset.exe"="C:\Program Files\HPQ\Default Settings\cpqset.exe:*:Enabled:ipsec"
"C:\TEMP\winsbgk.exe"="C:\TEMP\winsbgk.exe:*:Enabled:ipsec"
"C:\TEMP\winbtnji.exe"="C:\TEMP\winbtnji.exe:*:Enabled:ipsec"
"C:\TEMP\winoajgyn.exe"="C:\TEMP\winoajgyn.exe:*:Enabled:ipsec"
"C:\TEMP\winhofn.exe"="C:\TEMP\winhofn.exe:*:Enabled:ipsec"
"C:\TEMP\winjcxu.exe"="C:\TEMP\winjcxu.exe:*:Enabled:ipsec"
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe:*:Enabled:ipsec"
"C:\TEMP\winbgscqp.exe"="C:\TEMP\winbgscqp.exe:*:Enabled:ipsec"
"C:\TEMP\yillg.exe"="C:\TEMP\yillg.exe:*:Enabled:ipsec"
"C:\TEMP\cqbh.exe"="C:\TEMP\cqbh.exe:*:Enabled:ipsec"
"C:\TEMP\winmtgo.exe"="C:\TEMP\winmtgo.exe:*:Enabled:ipsec"
"C:\TEMP\mtjmtc.exe"="C:\TEMP\mtjmtc.exe:*:Enabled:ipsec"
"C:\TEMP\wintaewif.exe"="C:\TEMP\wintaewif.exe:*:Enabled:ipsec"
"C:\TEMP\winkyasqn.exe"="C:\TEMP\winkyasqn.exe:*:Enabled:ipsec"
"C:\TEMP\oxbr.exe"="C:\TEMP\oxbr.exe:*:Enabled:ipsec"
"C:\TEMP\winyhck.exe"="C:\TEMP\winyhck.exe:*:Enabled:ipsec"
"C:\TEMP\agqcxr.exe"="C:\TEMP\agqcxr.exe:*:Enabled:ipsec"
"C:\TEMP\winhxtx.exe"="C:\TEMP\winhxtx.exe:*:Enabled:ipsec"
"C:\TEMP\winmveb.exe"="C:\TEMP\winmveb.exe:*:Enabled:ipsec"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"="C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe:*:Enabled:ipsec"
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\AccelerometerSt.exe"="C:\WINDOWS\system32\AccelerometerSt.exe:*:Enabled:ipsec"
"C:\TEMP\evkmmj.exe"="C:\TEMP\evkmmj.exe:*:Enabled:ipsec"
"C:\TEMP\wingqrta.exe"="C:\TEMP\wingqrta.exe:*:Enabled:ipsec"
"C:\TEMP\ygrtjn.exe"="C:\TEMP\ygrtjn.exe:*:Enabled:ipsec"
"C:\TEMP\winnhmbb.exe"="C:\TEMP\winnhmbb.exe:*:Enabled:ipsec"
"C:\TEMP\winhjryyr.exe"="C:\TEMP\winhjryyr.exe:*:Enabled:ipsec"
"C:\TEMP\gqvhl.exe"="C:\TEMP\gqvhl.exe:*:Enabled:ipsec"
"D:\aisxu.exe"="D:\aisxu.exe:*:Enabled:ipsec"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:ipsec"
"C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe"="C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe:*:Enabled:ipsec"
"C:\TEMP\windrlx.exe"="C:\TEMP\windrlx.exe:*:Enabled:ipsec"
"C:\TEMP\winbbvd.exe"="C:\TEMP\winbbvd.exe:*:Enabled:ipsec"
"C:\TEMP\ohftl.exe"="C:\TEMP\ohftl.exe:*:Enabled:ipsec"
"C:\TEMP\eqyx.exe"="C:\TEMP\eqyx.exe:*:Enabled:ipsec"
"C:\TEMP\sjelq.exe"="C:\TEMP\sjelq.exe:*:Enabled:ipsec"
"C:\TEMP\winfjxvm.exe"="C:\TEMP\winfjxvm.exe:*:Enabled:ipsec"
"C:\TEMP\wincngsfr.exe"="C:\TEMP\wincngsfr.exe:*:Enabled:ipsec"
"C:\TEMP\wintswyw.exe"="C:\TEMP\wintswyw.exe:*:Enabled:ipsec"
"C:\TEMP\winlsmh.exe"="C:\TEMP\winlsmh.exe:*:Enabled:ipsec"
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe:*:Enabled:ipsec"
"C:\TEMP\qxky.exe"="C:\TEMP\qxky.exe:*:Enabled:ipsec"
"C:\TEMP\sdso.exe"="C:\TEMP\sdso.exe:*:Enabled:ipsec"
"C:\TEMP\winjbprvs.exe"="C:\TEMP\winjbprvs.exe:*:Enabled:ipsec"
"C:\TEMP\nhbh.exe"="C:\TEMP\nhbh.exe:*:Enabled:ipsec"
"C:\TEMP\winbirpsw.exe"="C:\TEMP\winbirpsw.exe:*:Enabled:ipsec"
"C:\TEMP\wincaqj.exe"="C:\TEMP\wincaqj.exe:*:Enabled:ipsec"
"C:\TEMP\winpmlf.exe"="C:\TEMP\winpmlf.exe:*:Enabled:ipsec"
"C:\TEMP\vgjm.exe"="C:\TEMP\vgjm.exe:*:Enabled:ipsec"
"C:\TEMP\winkjew.exe"="C:\TEMP\winkjew.exe:*:Enabled:ipsec"
"C:\TEMP\jilsi.exe"="C:\TEMP\jilsi.exe:*:Enabled:ipsec"
"C:\TEMP\phkf.exe"="C:\TEMP\phkf.exe:*:Enabled:ipsec"
"C:\TEMP\winbagvbl.exe"="C:\TEMP\winbagvbl.exe:*:Enabled:ipsec"
"C:\TEMP\winonisqi.exe"="C:\TEMP\winonisqi.exe:*:Enabled:ipsec"
"C:\TEMP\winhrkl.exe"="C:\TEMP\winhrkl.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\nwiz.exe"="C:\WINDOWS\system32\nwiz.exe:*:Enabled:ipsec"
"C:\TEMP\winmrvh.exe"="C:\TEMP\winmrvh.exe:*:Enabled:ipsec"
"C:\TEMP\winevube.exe"="C:\TEMP\winevube.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\netsh.exe"="C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec"
"C:\TEMP\windxha.exe"="C:\TEMP\windxha.exe:*:Enabled:ipsec"
"C:\TEMP\winstmd.exe"="C:\TEMP\winstmd.exe:*:Enabled:ipsec"
"C:\TEMP\winaddhh.exe"="C:\TEMP\winaddhh.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\taskmgr.exe"="C:\WINDOWS\system32\taskmgr.exe:*:Enabled:ipsec"
"C:\TEMP\fpvvm.exe"="C:\TEMP\fpvvm.exe:*:Enabled:ipsec"
"C:\TEMP\ydgxy.exe"="C:\TEMP\ydgxy.exe:*:Enabled:ipsec"
"C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe:*:Enabled:ipsec"
"C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE"="C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE:*:Enabled:ipsec"
"C:\TEMP\ppgkp.exe"="C:\TEMP\ppgkp.exe:*:Enabled:ipsec"
"C:\TEMP\winibctx.exe"="C:\TEMP\winibctx.exe:*:Enabled:ipsec"
"C:\TEMP\winpyif.exe"="C:\TEMP\winpyif.exe:*:Enabled:ipsec"
"C:\TEMP\fmdi.exe"="C:\TEMP\fmdi.exe:*:Enabled:ipsec"
"C:\TEMP\winkjqv.exe"="C:\TEMP\winkjqv.exe:*:Enabled:ipsec"
"C:\TEMP\xebsol.exe"="C:\TEMP\xebsol.exe:*:Enabled:ipsec"
"C:\TEMP\winfkkect.exe"="C:\TEMP\winfkkect.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\WINDOWS\TIREMOTE\TIRemoteService.exe"="C:\WINDOWS\TIREMOTE\TIRemoteService.exe:*:Enabled:Track-It! Workstation Manager"
"C:\Program Files\Numara Software\Remote\Host\NHSTW32.EXE"="C:\Program Files\Numara Software\Remote\Host\NHSTW32.EXE:*:Enabled:NetOp Host"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer"
"C:\Sierra\SWAT3EEDemo\swat.exe"="C:\Sierra\SWAT3EEDemo\swat.exe:*:Enabled:Swat 3 : Close Quarters Battle"
"C:\WINDOWS\system32\~.exe"="C:\WINDOWS\system32\~.exe:*:Disabled:~"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1023ad56-ef0f-11dc-ae77-0016d4a4360f}]
shell\AUTOPLay\command - D:\aisxu.exe
shell\AutoRun\command - D:\aisxu.exe
shell\explORe\command - D:\aisxu.exe
shell\open\command - D:\aisxu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e916dd96-3699-11de-b080-0019d246ac46}]
shell\AutOPlay\command - D:\omqre.cmd
shell\AutoRun\command - D:\omqre.cmd
shell\explore\command - D:\omqre.cmd
shell\opEn\command - D:\omqre.cmd


======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-05-08 09:34:11 ----D---- C:\rsit
2009-05-08 09:31:18 ----A---- C:\WINDOWS\system32\chg.exe
2009-05-08 09:25:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-20 07:28:08 ----D---- C:\WINDOWS\system32\NtmsData
2009-04-17 13:48:51 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-04-16 21:34:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-16 21:34:09 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-16 21:15:49 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2009-05-08 09:34:12 ----D---- C:\TEMP
2009-05-08 09:34:08 ----D---- C:\WINDOWS\Prefetch
2009-05-08 09:32:32 ----D---- C:\WINDOWS
2009-05-08 09:32:25 ----D---- C:\WINDOWS\SMINST
2009-05-08 09:31:18 ----D---- C:\WINDOWS\system32
2009-05-08 09:29:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-08 09:25:16 ----D---- C:\WINDOWS\system32\drivers
2009-05-08 09:25:12 ----D---- C:\Program Files
2009-05-08 09:23:19 ----D---- C:\WINDOWS\Temp
2009-05-08 07:43:39 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-07 15:21:16 ----D---- C:\Documents and Settings\mhenry\Application Data\Adobe
2009-05-07 10:18:23 ----D---- C:\Y Drive
2009-05-07 07:21:56 ----D---- C:\WINDOWS\system32\LogFiles
2009-05-01 08:02:51 ----SHD---- C:\WINDOWS\Installer
2009-04-30 19:00:00 ----D---- C:\WINDOWS\security
2009-04-24 07:58:45 ----SHD---- C:\WINDOWS\CSC
2009-04-22 09:50:52 ----HD---- C:\WINDOWS\inf
2009-04-21 12:58:48 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-04-20 08:37:01 ----SD---- C:\WINDOWS\Tasks
2009-04-20 08:11:17 ----D---- C:\WINDOWS\Debug
2009-04-16 22:35:22 ----D---- C:\WINDOWS\WinSxS
2009-04-16 15:58:24 ----A---- C:\WINDOWS\system.ini
2009-04-16 15:18:11 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-04-15 19:46:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-15 19:42:05 ----D---- C:\WINDOWS\system32\wbem
2009-04-15 19:42:05 ----D---- C:\WINDOWS\AppPatch
2009-04-15 08:05:35 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-04-15 08:05:33 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-15 08:05:20 ----D---- C:\WINDOWS\system32\en-us
2009-04-15 08:05:20 ----D---- C:\Program Files\Internet Explorer
2009-04-15 08:04:14 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-03-17 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2006-03-17 22684]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 NHostNT1;Numara Remote Control Driver 1 ver. 9.00 (2007058); C:\WINDOWS\System32\Drivers\NHOSTNT1.SYS [2007-02-27 92432]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-06-13 25724]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-06-13 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-06-13 86844]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-06-13 14716]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-06-13 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-06-13 88476]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-06-13 94460]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-03-17 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-01-29 13059]
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-01-10 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-05-03 178176]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-30 130432]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-01-12 142720]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-15 1342570]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-01-29 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-01-29 201600]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 35968]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NHOSTNT3;Numara Remote Control Driver 3 ver. 9.00 (2007058) (NHOSTNT3); C:\WINDOWS\System32\Drivers\NHOSTNT3.SYS [2007-02-27 3216]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-26 7433472]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192736]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-19 1428096]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-01-29 718464]
S3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\pnnim.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-15 57096]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-02-15 258103]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-07-20 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2004-08-04 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2004-08-04 117248]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NetOp Host for NT Service;Numara Remote Control Helper ver. 9.00 (2007058); C:\Program Files\Numara Software\Remote\Host\NHOSTSVC.EXE [2007-02-27 1499408]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-26 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-08 66872]
R2 TIRmtSvc;Track-It! Workstation Manager; C:\WINDOWS\TIREMOTE\TIRemoteService.exe [2008-01-02 212480]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 995328]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 227520]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-02-06 148088]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-06 724480]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 256496]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 139264]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-02-07 137728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 158768]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------


RSIT Info:

info.txt logfile of random's system information tool 1.06 2009-05-08 09:34:17

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{26DE0F0B-9CF1-4796-A1B5-01B912E35B46}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CA432A0-DBC7-4C5D-A6B6-5DF0E2E44BB0}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3475FBEC-E0F5-4A3F-823E-6C1DEA10F1AF}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E8581ECC-8BEA-4E91-AB5E-587654EBB2A7}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
Add or Remove Adobe Creative Suite 3 Design Premium-->C:\Program Files\Common Files\Adobe\Installers\498b43b77cac072081a5692bfc52804\Setup.exe
Add or Remove Adobe Creative Suite 3 Production Premium-->C:\Program Files\Common Files\Adobe\Installers\8c7a1e2e9e6a7b8aa308ba908bbd133\Setup.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3 Template Projects & Footage-->MsiExec.exe /I{73E81E9B-7319-43AD-B7CC-1C61405E5089}
Adobe After Effects CS3 Third Party Content-->MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{1BDC1AB0-2677-4593-8F94-329F7CA8F670}
Adobe Creative Suite 3 Production Premium-->MsiExec.exe /I{B4608CFE-B2EA-4675-9E74-CA5BA83C6DEA}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3 Library-->MsiExec.exe /I{F1D93F5B-881F-49E3-BA56-B4B8FA991059}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Glyphlet Creation Tool CS3-->MsiExec.exe /I{243DA072-8E39-424A-86A3-F63152021383}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe OnLocation CS3-->C:\Program Files\InstallShield Installation Information\{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}\Setup.exe -runfromtemp -l0x0409
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup-->MsiExec.exe /I{ABB48460-97A1-4D4C-BC73-E083C5CE732B}
Adobe Setup-->MsiExec.exe /I{C8BA6802-38DA-43F9-8ACB-73161C277C9A}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3 Scores-->MsiExec.exe /I{92A300C0-E97B-48CC-9702-AB1AAED167E1}
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Ultra CS3 - MSL Legacy Support-->C:\Program Files\InstallShield Installation Information\{995237D9-6E24-45D9-9B06-C13AA62F518B}\setup.exe -runfromtemp -l0x0409
Adobe Ultra CS3-->C:\Program Files\InstallShield Installation Information\{E907A385-B00D-4D03-8B16-B64F10938CE6}\Setup.exe -runfromtemp -l0x0409
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AnswerWorks Runtime-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Application Installer 4.00.B6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}\setup.exe" -l0x9
AutoCAD 2005 - English-->MsiExec.exe /I{5783F2D7-0301-0409-0012-0060B0CE6BBA}
AutoCAD 2005 Express Tools Volumes 1-9-->MsiExec.exe /X{5783F2D7-0311-0409-0000-0060B0CE6BBA}
Autodesk Batch Drawing Converter-->MsiExec.exe /X{5783F2D7-0221-0409-0000-0060B0CE6BBA}
Autodesk Buzzsaw 2007.4.2133.3-->C:\PROGRA~1\PROJEC~1\Setup.exe /remove
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AVS DVDMenu Editor 1.2.1.19-->"C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AVS Video Converter 5.6-->"C:\Program Files\AVS4YOU\AVSVideoConverter\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bluebeam PDF Revu v4.7.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{81D049A4-E8C6-49FC-995D-C25181C15C14}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel Applications-->C:\WINDOWS\Corel\Uninst32.exe
DWG TrueView 2008-->C:\Program Files\DWG TrueView 2008\Setup\Setup.exe /P {B1A9CD45-A702-4E3B-91ED-8CD562869901} /M AOEM
Elecard Converter Studio AVC HD Edition-->"C:\Program Files\Elecard\Elecard Converter Studio AVC HD Edition\Uninstall.exe" "C:\Program Files\Elecard\Elecard Converter Studio AVC HD Edition\install.log" -u
Fast Color Codes 1.02-->"C:\Program Files\Fast Color Codes\unins000.exe"
Google Earth Pro-->MsiExec.exe /X{9578C0CD-8108-4379-9026-4601F59859A0}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033m\HXFSETUP.EXE -U -IHPQ0033M.INF
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
HP Backup and Recovery Manager Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x9 -uninst -removeonly
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Mobile Data Protection System-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75ECB75A-522C-4312-8DE7-597CDA9D96A3}\setup.exe" -l0x9 UNINSTALL
HP Notebook Accessories Product Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}\setup.exe" -l0x9 -removeonly
HP Performance Tuning Framework-->MsiExec.exe /I{238C9494-4E09-4517-8C84-09D892F337C8}
HP Quick Launch Buttons 6.00 H1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP User Guides 0013-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F89F212-2052-414A-8B7E-D8604C431BDF}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 E1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Paint Shop Pro 8-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Macromedia FreeHand 9-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Macromedia\FreeHand 9\Uninst.isu"
Macromedia FreeHand MXa-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Project Standard 2003-->MsiExec.exe /I{903A0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MyFonts Order M1315623-->MsiExec.exe /I{FFA8DB36-A0ED-45DE-21D5-A2AD387D66A1}
Numara Remote Control Host-->MsiExec.exe /I{00000048-C690-11DB-9900-000E0CBD0225}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA Performance Drivers-->MsiExec.exe /I{71807498-D8E2-41C6-84CD-8ED7A076B6EC}
OcÚ Client Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75B40D99-9CF4-11D7-950B-00B0D0235AE8}\Setup.exe"
PDF Settings-->MsiExec.exe /I{DC017035-1939-425F-8F86-63B462C76C6A}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wolfenstein - Enemy Territory-->C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======System event log======

Computer Name: RNC-2077
Event Code: 20
Message: Printer Driver HP Color LaserJet 9500 PS for Windows NT x86 Version-3 was added or updated. Files:- PSCRIPT5.DLL, PS5UI.DLL, HPC9500S.PPD, PSCRIPT.HLP, hpcdmc32.DLL, hpbcfgre.DLL, hpzui42e.DLL, hpzsr42e.DLL, hpc9500s.XML, hpc9500d.INI, hpzsc42e.DTD, hpzfn42e.NTF, HPNRA.DLL, HPBNRAC2.DLL, HPBMINI.DLL, HPCEAC05.HPI, HPBMIAPI.DLL, HPBOID.DLL, HPBOIDPS.DLL, HPBPRO.DLL, HPBPROPS.DLL, HPPAPTS0.DLL, HPPASNM0.DLL, HPPAPML0.DLL, HPZIPM12.EXE, HPZIPT12.DLL, HPZINW12.EXE, HPZIPR12.DLL, HPZISN12.DLL, HPJCMN2U.DLL, HPJIPX1U.DLL, HPZIDR12.DLL, hpzst42e.DLL, hpzev42e.DLL, HPZHL42e.CAB, PSCRIPT.NTF, hpzls42e.DLL, hpzss42e.DLL, hplj9500.CFG.

Record Number: 27082
Source Name: Print
Time Written: 20090410141743.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: RNC-2077
Event Code: 11197
Message: The system failed to update and remove host (A) resource records (RRs)
for network adapter
with settings:


Adapter Name : {7A0F2ADF-A207-4624-BB2C-B62C8F4E7FD2}

Host Name : RNC-2077

Primary Domain Suffix : wlc.wlcarchitects.com

DNS server list :

10.1.10.10

Sent update to server : 10.1.1.1

IP Address(es) :

10.1.200.124


The reason the update request failed was because of a system problem.
For specific error code, see the record data displayed below.

Record Number: 27079
Source Name: DnsApi
Time Written: 20090410125705.000000-420
Event Type: warning
User:

Computer Name: RNC-2077
Event Code: 11197
Message: The system failed to update and remove host (A) resource records (RRs)
for network adapter
with settings:


Adapter Name : {7A0F2ADF-A207-4624-BB2C-B62C8F4E7FD2}

Host Name : RNC-2077

Primary Domain Suffix : wlc.wlcarchitects.com

DNS server list :

10.1.10.10

Sent update to server : 10.1.1.1

IP Address(es) :

10.1.200.124


The reason the update request failed was because of a system problem.
For specific error code, see the record data displayed below.

Record Number: 27078
Source Name: DnsApi
Time Written: 20090410115705.000000-420
Event Type: warning
User:

Computer Name: RNC-2077
Event Code: 4
Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 27077
Source Name: b57w2k
Time Written: 20090410115702.000000-420
Event Type: warning
User:

Computer Name: RNC-2077
Event Code: 12
Message: The device 'Communications Port (COM1)' (ACPI\PNP0501\5&1e8dc1e5&0) disappeared from the system without first being prepared for removal.

Record Number: 27076
Source Name: PlugPlayManager
Time Written: 20090410115702.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: RNC-2077
Event Code: 216
Message: The Numara Remote Control Helper Service has adjusted the permissions on <MACHINE\SYSTEM\CurrentControlSet\Services\nv\Enum> to grant
an access needed by Numara Remote Control.

Care has been taken to avoid granting unnecessary permissions.

This message is for information only, No user action is necessary.

Record Number: 10803
Source Name: NetOp Host for NT Service
Time Written: 20090319073526.000000-420
Event Type: audit success
User:

Computer Name: RNC-2077
Event Code: 216
Message: The Numara Remote Control Helper Service has adjusted the permissions on <MACHINE\SYSTEM\CurrentControlSet\Services\VgaSave\Enum> to grant
an access needed by Numara Remote Control.

Care has been taken to avoid granting unnecessary permissions.

This message is for information only, No user action is necessary.

Record Number: 10802
Source Name: NetOp Host for NT Service
Time Written: 20090319073526.000000-420
Event Type: audit success
User:

Computer Name: RNC-2077
Event Code: 216
Message: The Numara Remote Control Helper Service has adjusted the permissions on <MACHINE\SYSTEM\CurrentControlSet\Services\NHOSTNT3\Enum> to grant
an access needed by Numara Remote Control.

Care has been taken to avoid granting unnecessary permissions.

This message is for information only, No user action is necessary.

Record Number: 10801
Source Name: NetOp Host for NT Service
Time Written: 20090319073526.000000-420
Event Type: audit success
User:

Computer Name: RNC-2077
Event Code: 216
Message: The Numara Remote Control Helper Service has adjusted the permissions on <MACHINE\SYSTEM\CurrentControlSet\Services\mnmdd\Enum> to grant
an access needed by Numara Remote Control.

Care has been taken to avoid granting unnecessary permissions.

This message is for information only, No user action is necessary.

Record Number: 10800
Source Name: NetOp Host for NT Service
Time Written: 20090319073526.000000-420
Event Type: audit success
User:

Computer Name: RNC-2077
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Record Number: 10795
Source Name: Userenv
Time Written: 20090319073525.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Common Files\Repro Desk;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f06
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------


As a side note: every time I log in I get these 3 errors:

1. Synaptics touchpad enhancements has encountered a problem and needs to shut down.
2. Acro Tray has encountered a problem and needs to shut down.
3. NVIDIA nView Wizard version 111.76 has encountered a problem and needs to shut down.


#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:42 PM

Posted 08 May 2009 - 03:14 PM

Hi MZK39,



I notice you have not any antivirus program installed in your system. it's somewhat suicidal in this digital world nowadays.
Please get ONE antivirus and install it. Restart the computer for changes to take effect.

AVG Free 8.0 for Windows
AntiVir Free Edition

It seemed that you had McAfee leftovers. Please download MCPR to remove the leftovers.


Step1

Please disable Spybot S&D's protection,or it will interfere.
  • You can enable it after you're clean.
  • Open Spybot and click on 'Mode' and check 'Advanced Mode'.
  • Click on 'Tools' in bottom left hand corner.
  • Click on the 'System Startup' icon.
  • Uncheck 'Teatimer' box and/or uncheck 'Resident'.
  • Click the 'Allow Change' box.
  • Then, check next to the computer clock to see if the icon for Spybot is still there.
  • If it is, right click it and choose 'exit Spybot-S&D Resident'.
  • Restart the computer.
  • If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
  • http://www.russelltexas.com/malware/teatimer.htm
Step2
  • Please download Flash_Disinfector and save it to your desktop.
  • Double click to run it.
  • You will be prompted to plug in your flash drive. Remember to plug in the flash drive to disinfect as well.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
Step3

Download OTMoveIt3.exe by OldTimer and save it to your desktop.
  • Double click on OTMoveIt3.exe to run it
  • Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved
  • Note: Do not type it out to minimize the risk of typo error
    :Processes 
    explorer.exe
    
    :Services
    abp470n5
    MQAC
    
    :Files
    D:\aisxu.exe
    D:\omqre.cmd
    D:\aisxu.exe
    C:\TEMP
    C:\Program Files\MalwareRemovalBot
    C:\WINDOWS\system32\~.exe
    C:\WINDOWS\system32\drivers\pnnim.sys 
    C:\WINDOWS\system32\drivers\mqac.sys 
    
    :Reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1023ad56-ef0f-11dc-ae77-0016d4a4360f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e916dd96-3699-11de-b080-0019d246ac46}]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\system32\~.exe"=-
    "C:\TEMP\skgtu.exe"=-
    "C:\TEMP\mhgth.exe"=-
    "C:\TEMP\wpvf.exe"=-
    "C:\TEMP\gpgx.exe"=-
    "C:\TEMP\winhuah.exe"=-
    "C:\TEMP\winmhtv.exe"=-
    "C:\TEMP\coaenr.exe"=-
    "C:\TEMP\winijha.exe"=-
    "C:\TEMP\winvvgpvv.exe"=-
    "C:\TEMP\winsbgk.exe"=-
    "C:\TEMP\winbtnji.exe"=-
    "C:\TEMP\winoajgyn.exe"=-
    "C:\TEMP\winhofn.exe"=-
    "C:\TEMP\winjcxu.exe"=-
    "C:\TEMP\winbgscqp.exe"=-
    "C:\TEMP\yillg.exe"=-
    "C:\TEMP\cqbh.exe"=-
    "C:\TEMP\winmtgo.exe"=-
    "C:\TEMP\mtjmtc.exe"=-
    "C:\TEMP\wintaewif.exe"=-
    "C:\TEMP\winkyasqn.exe"=-
    "C:\TEMP\oxbr.exe"=-
    "C:\TEMP\winyhck.exe"=
    "C:\TEMP\agqcxr.exe"=-
    "C:\TEMP\winhxtx.exe"=-
    "C:\TEMP\winmveb.exe"=-
    "D:\aisxu.exe"=-
    "C:\TEMP\windrlx.exe"=-
    "C:\TEMP\winbbvd.exe"=-
    "C:\TEMP\ohftl.exe"=-
    "C:\TEMP\eqyx.exe"=-
    "C:\TEMP\sjelq.exe"=-
    "C:\TEMP\winfjxvm.exe"=-
    "C:\TEMP\wincngsfr.exe"=-
    "C:\TEMP\wintswyw.exe"=-
    "C:\TEMP\winlsmh.exe"=-
    "C:\TEMP\qxky.exe"=-
    "C:\TEMP\sdso.exe"=-
    "C:\TEMP\winjbprvs.exe"=-
    "C:\TEMP\nhbh.exe"=-
    "C:\TEMP\winbirpsw.exe"=-
    "C:\TEMP\wincaqj.exe"=-
    "C:\TEMP\winpmlf.exe"=-
    "C:\TEMP\vgjm.exe"=-
    "C:\TEMP\winkjew.exe"=-
    "C:\TEMP\jilsi.exe"=-
    "C:\TEMP\phkf.exe"=-
    "C:\TEMP\winbagvbl.exe"=-
    "C:\TEMP\winonisqi.exe"=-
    "C:\TEMP\winhrkl.exe"=-
    "C:\TEMP\winmrvh.exe"=-
    "C:\TEMP\winevube.exe"=-
    "C:\TEMP\windxha.exe"=-
    "C:\TEMP\winstmd.exe"=-
    "C:\TEMP\winaddhh.exe"=-
    "C:\WINDOWS\system32\taskmgr.exe"=-
    "C:\TEMP\fpvvm.exe"=-
    "C:\TEMP\ydgxy.exe"=-
    "C:\TEMP\ppgkp.exe"=-
    "C:\TEMP\winibctx.exe"=-
    "C:\TEMP\winpyif.exe"=-
    "C:\TEMP\fmdi.exe"=-
    "C:\TEMP\winkjqv.exe"=-
    "C:\TEMP\xebsol.exe"=-
    "C:\TEMP\winfkkect.exe"=-
    "C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe"=-
    "C:\WINDOWS\system32\userinit.exe"=-
    "C:\WINDOWS\Explorer.EXE"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "C:\WINDOWS\explorer.exe"=-
    "C:\WINDOWS\system32\~.exe"=-
    
    :Commands
    [EmptyTemp]
    [start explorer]
    [Reboot]
  • Click on MoveIt!
  • When done, click on Exit
  • Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
  • A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.
  • You may refer to this thread for your reference
Step4
  • Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from Here :
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
Then, Please rerun MBAM and post the log in your next reply.


In your next reply, please post back:


1.OTMoveIT log
2.RSIT log. txt
3.MBAM log

Tell me how your pc is running now.

Edited by sundavis, 08 May 2009 - 03:30 PM.


#7 MZK39

MZK39
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 08 May 2009 - 05:21 PM

Hi Sundavis,

the virus is still there. At one point I was able to access my task manager but after a reboot it was greyed out again.

OtMovit Log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver abp470n5 deleted successfully.
Service\Driver MQAC not found.
Service\Driver MQAC not found.
========== FILES ==========
File/Folder D:\aisxu.exe not found.
File/Folder D:\omqre.cmd not found.
File/Folder D:\aisxu.exe not found.
C:\TEMP\WPDNSE moved successfully.
Folder move failed. C:\TEMP\Bluebeam Software scheduled to be moved on reboot.
C:\TEMP\0001C704_Rar moved successfully.
C:\TEMP\0001C6E5_Rar moved successfully.
Folder move failed. C:\TEMP scheduled to be moved on reboot.
File/Folder C:\Program Files\MalwareRemovalBot not found.
File/Folder C:\WINDOWS\system32\~.exe not found.
File/Folder C:\WINDOWS\system32\drivers\pnnim.sys not found.
C:\WINDOWS\system32\drivers\mqac.sys moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1023ad56-ef0f-11dc-ae77-0016d4a4360f}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e916dd96-3699-11de-b080-0019d246ac46}\\ not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\~.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\skgtu.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\mhgth.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\wpvf.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\gpgx.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winhuah.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winmhtv.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\coaenr.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winijha.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winvvgpvv.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winsbgk.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winbtnji.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winoajgyn.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winhofn.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winjcxu.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winbgscqp.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\yillg.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\cqbh.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winmtgo.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\mtjmtc.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\wintaewif.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winkyasqn.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\oxbr.exe not found.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\TEMP\winyhck.exe"| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\agqcxr.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winhxtx.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winmveb.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\D:\aisxu.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\windrlx.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winbbvd.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\ohftl.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\eqyx.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\sjelq.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winfjxvm.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\wincngsfr.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\wintswyw.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winlsmh.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\qxky.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\sdso.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winjbprvs.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\nhbh.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winbirpsw.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\wincaqj.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winpmlf.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\vgjm.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winkjew.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\jilsi.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\phkf.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winbagvbl.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winonisqi.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winhrkl.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winmrvh.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winevube.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\windxha.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winstmd.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winaddhh.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\taskmgr.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\fpvvm.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\ydgxy.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\ppgkp.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winibctx.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winpyif.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\fmdi.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winkjqv.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\xebsol.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\TEMP\winfkkect.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\userinit.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\Explorer.EXE not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list\\C:\WINDOWS\explorer.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list\\C:\WINDOWS\system32\~.exe not found.
========== COMMANDS ==========
File delete failed. C:\TEMP\Bluebeam Software\Stapler.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\mhenry\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Buf1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_d6c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05082009_145806

Files moved on Reboot...
C:\TEMP\Bluebeam Software moved successfully.
C:\TEMP\WPDNSE moved successfully.
C:\TEMP\BTN%Copy%1\BTN%Copy%2 moved successfully.
Folder move failed. C:\TEMP\BTN%Copy%1 scheduled to be moved on reboot.
Folder move failed. C:\TEMP scheduled to be moved on reboot.
File C:\TEMP\Bluebeam Software\Stapler.log not found!
File move failed. C:\WINDOWS\temp\Buf1.tmp scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_d6c.dat not found!


RSIT Log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by mhenry at 2009-05-08 15:12:02
Microsoft Windows XP Professional Service Pack 2
System drive C: has 36 GB (38%) free of 95 GB
Total RAM: 3455 MB (87% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:05 PM, on 5/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\TIREMOTE\TIRemoteService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\mhenry\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\mhenry.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://WLCIntranet
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://WLCIntranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://WLCIntranet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.2:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [PbAdminACAD] C:\Program Files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe /install_user
O4 - HKLM\..\Run: [MicroBrew] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://WLCIntranet
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wlc.wlcarchitects.com
O17 - HKLM\Software\..\Telephony: DomainName = wlc.wlcarchitects.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wlc.wlcarchitects.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wlc.wlcarchitects.com
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Numara Remote Control Helper ver. 9.00 (2007058) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Numara Software\Remote\Host\NHOSTSVC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Numara Software, Inc. - C:\WINDOWS\TIREMOTE\TIRemoteService.exe

--
End of file - 11985 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-06-13 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-24 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-21 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-24 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-26 8523776]
"nwiz"=nwiz.exe /install []
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 794624]
"AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.exe [2006-01-16 53248]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 831580]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-02-14 454656]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-05-08 131072]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-02-22 114688]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1261568]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-11-08 262144]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2004-08-04 143360]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 693624]
""= []
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1961984]
"PbAdminACAD"=C:\Program Files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe [2006-09-21 217088]
"MicroBrew"=C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe [2006-09-21 495616]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-06-13 127036]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2008-04-25 214336]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-26 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 1159168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-31 39408]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2217816]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
"DisableRegistryTools"=1
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"Intellimenus"=1
"NoSMConfigurePrograms"=1
"NoBandCustomize"=1
"SpecifyDefaultButtons"=1
"Btn_Back"=1
"Btn_Forward"=1
"Btn_Stop"=1
"Btn_Refresh"=1
"Btn_Home"=1
"Btn_Search"=1
"Btn_Favorites"=1
"Btn_History"=2
"Btn_Media"=2
"Btn_Folders"=1
"Btn_Fullscreen"=2
"Btn_Tools"=1
"Btn_MailNews"=1
"Btn_Size"=2
"Btn_Print"=1
"Btn_Edit"=2
"Btn_Discussions"=1
"Btn_Cut"=2
"Btn_Copy"=1
"Btn_Paste"=1
"Btn_Encoding"=2
"NoDesktopCleanupWizard"=1
"NoToolbarCustomize"=0
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\Program Files\Numara Software\Remote\Host\NHSTW32.EXE"="C:\Program Files\Numara Software\Remote\Host\NHSTW32.EXE:*:Enabled:NetOp Host"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe"="C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe:*:Enabled:ipsec"
"C:\WINDOWS\Sminst\Recguard.exe"="C:\WINDOWS\Sminst\Recguard.exe:*:Enabled:ipsec"
"C:\WINDOWS\Creator\Remind_XP.exe"="C:\WINDOWS\Creator\Remind_XP.exe:*:Enabled:ipsec"
"C:\Program Files\CCleaner\CCleaner.exe"="C:\Program Files\CCleaner\CCleaner.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe"="C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe:*:Enabled:ipsec"
"C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\qlbPres.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\qlbPres.exe:*:Enabled:ipsec"
"C:\Program Files\InterVideo\DVD Check\DVDCheck.exe"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe:*:Enabled:ipsec"
"C:\Program Files\HPQ\Default Settings\cpqset.exe"="C:\Program Files\HPQ\Default Settings\cpqset.exe:*:Enabled:ipsec"
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe:*:Enabled:ipsec"
"C:\TEMP\winyhck.exe"=""
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"="C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe:*:Enabled:ipsec"
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\AccelerometerSt.exe"="C:\WINDOWS\system32\AccelerometerSt.exe:*:Enabled:ipsec"
"C:\TEMP\evkmmj.exe"="C:\TEMP\evkmmj.exe:*:Enabled:ipsec"
"C:\TEMP\wingqrta.exe"="C:\TEMP\wingqrta.exe:*:Enabled:ipsec"
"C:\TEMP\ygrtjn.exe"="C:\TEMP\ygrtjn.exe:*:Enabled:ipsec"
"C:\TEMP\winnhmbb.exe"="C:\TEMP\winnhmbb.exe:*:Enabled:ipsec"
"C:\TEMP\winhjryyr.exe"="C:\TEMP\winhjryyr.exe:*:Enabled:ipsec"
"C:\TEMP\gqvhl.exe"="C:\TEMP\gqvhl.exe:*:Enabled:ipsec"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:ipsec"
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\nwiz.exe"="C:\WINDOWS\system32\nwiz.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\netsh.exe"="C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec"
"C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe:*:Enabled:ipsec"
"C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE"="C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE:*:Enabled:ipsec"
"C:\TEMP\oxpp.exe"="C:\TEMP\oxpp.exe:*:Enabled:ipsec"
"C:\TEMP\winbflogp.exe"="C:\TEMP\winbflogp.exe:*:Enabled:ipsec"
"C:\TEMP\xjgm.exe"="C:\TEMP\xjgm.exe:*:Enabled:ipsec"
"C:\TEMP\winugct.exe"="C:\TEMP\winugct.exe:*:Enabled:ipsec"
"C:\TEMP\winimtb.exe"="C:\TEMP\winimtb.exe:*:Enabled:ipsec"
"C:\TEMP\winjldwwf.exe"="C:\TEMP\winjldwwf.exe:*:Enabled:ipsec"
"C:\TEMP\winmpjj.exe"="C:\TEMP\winmpjj.exe:*:Enabled:ipsec"
"C:\TEMP\wlydg.exe"="C:\TEMP\wlydg.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winjygsnt.exe"="C:\WINDOWS\TEMP\NetOpTMP\winjygsnt.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\nhrcg.exe"="C:\WINDOWS\TEMP\NetOpTMP\nhrcg.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winrgkq.exe"="C:\WINDOWS\TEMP\NetOpTMP\winrgkq.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winousd.exe"="C:\WINDOWS\TEMP\NetOpTMP\winousd.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\bhrv.exe"="C:\WINDOWS\TEMP\NetOpTMP\bhrv.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\wineebk.exe"="C:\WINDOWS\TEMP\NetOpTMP\wineebk.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winwoxxh.exe"="C:\WINDOWS\TEMP\NetOpTMP\winwoxxh.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winqbrel.exe"="C:\WINDOWS\TEMP\NetOpTMP\winqbrel.exe:*:Enabled:ipsec"
"C:\TEMP\enjmfo.exe"="C:\TEMP\enjmfo.exe:*:Enabled:ipsec"
"C:\TEMP\winlgrss.exe"="C:\TEMP\winlgrss.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winigko.exe"="C:\WINDOWS\TEMP\NetOpTMP\winigko.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winykhv.exe"="C:\WINDOWS\TEMP\NetOpTMP\winykhv.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winyayxb.exe"="C:\WINDOWS\TEMP\NetOpTMP\winyayxb.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winojglvc.exe"="C:\WINDOWS\TEMP\NetOpTMP\winojglvc.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\ylyfvb.exe"="C:\WINDOWS\TEMP\NetOpTMP\ylyfvb.exe:*:Enabled:ipsec"
"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\rysj.exe"="C:\WINDOWS\TEMP\NetOpTMP\rysj.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\eymwwo.exe"="C:\WINDOWS\TEMP\NetOpTMP\eymwwo.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\qpkpe.exe"="C:\WINDOWS\TEMP\NetOpTMP\qpkpe.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\mxccst.exe"="C:\WINDOWS\TEMP\NetOpTMP\mxccst.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winscylt.exe"="C:\WINDOWS\TEMP\NetOpTMP\winscylt.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winmeyy.exe"="C:\WINDOWS\TEMP\NetOpTMP\winmeyy.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"="C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe:*:Enabled:ipsec"
"C:\Program Files\Macromedia\FreeHand MXa\FreeHand MX.exe"="C:\Program Files\Macromedia\FreeHand MXa\FreeHand MX.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winhjvwcx.exe"="C:\WINDOWS\TEMP\NetOpTMP\winhjvwcx.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\efkish.exe"="C:\WINDOWS\TEMP\NetOpTMP\efkish.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\mkwyvt.exe"="C:\WINDOWS\TEMP\NetOpTMP\mkwyvt.exe:*:Enabled:ipsec"
"C:\TEMP\winkokby.exe"="C:\TEMP\winkokby.exe:*:Enabled:ipsec"
"C:\TEMP\uqueny.exe"="C:\TEMP\uqueny.exe:*:Enabled:ipsec"
"C:\TEMP\jhbksp.exe"="C:\TEMP\jhbksp.exe:*:Enabled:ipsec"
"C:\TEMP\winsqaqs.exe"="C:\TEMP\winsqaqs.exe:*:Enabled:ipsec"
"C:\TEMP\windkojhp.exe"="C:\TEMP\windkojhp.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"="C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe:*:Enabled:ipsec"
"C:\TEMP\winkmbbf.exe"="C:\TEMP\winkmbbf.exe:*:Enabled:ipsec"
"C:\TEMP\rpllad.exe"="C:\TEMP\rpllad.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\RUNDLL32.EXE"="C:\WINDOWS\system32\RUNDLL32.EXE:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\WINDOWS\TIREMOTE\TIRemoteService.exe"="C:\WINDOWS\TIREMOTE\TIRemoteService.exe:*:Enabled:Track-It! Workstation Manager"
"C:\Program Files\Numara Software\Remote\Host\NHSTW32.EXE"="C:\Program Files\Numara Software\Remote\Host\NHSTW32.EXE:*:Enabled:NetOp Host"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Sierra\SWAT3EEDemo\swat.exe"="C:\Sierra\SWAT3EEDemo\swat.exe:*:Enabled:Swat 3 : Close Quarters Battle"

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-05-08 15:12:02 ----D---- C:\rsit
2009-05-08 15:10:22 ----A---- C:\WINDOWS\system32\chg.exe
2009-05-08 14:45:22 ----D---- C:\_OTMoveIt
2009-05-08 14:43:20 ----RASHD---- C:\autorun.inf
2009-05-08 09:25:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-20 07:28:08 ----D---- C:\WINDOWS\system32\NtmsData
2009-04-17 13:48:51 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-04-16 21:34:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-16 21:34:09 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-16 21:15:49 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2009-05-08 15:12:04 ----D---- C:\TEMP
2009-05-08 15:10:58 ----D---- C:\WINDOWS\system32\drivers
2009-05-08 15:10:35 ----D---- C:\WINDOWS
2009-05-08 15:10:30 ----D---- C:\WINDOWS\SMINST
2009-05-08 15:10:22 ----D---- C:\WINDOWS\system32
2009-05-08 15:08:57 ----D---- C:\WINDOWS\Temp
2009-05-08 15:08:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-08 14:58:17 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-05-08 14:58:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-08 14:56:55 ----D---- C:\WINDOWS\Prefetch
2009-05-08 09:40:52 ----D---- C:\Y Drive
2009-05-08 09:25:12 ----D---- C:\Program Files
2009-05-07 15:21:16 ----D---- C:\Documents and Settings\mhenry\Application Data\Adobe
2009-05-07 07:21:56 ----D---- C:\WINDOWS\system32\LogFiles
2009-05-01 08:02:51 ----SHD---- C:\WINDOWS\Installer
2009-04-30 19:00:00 ----D---- C:\WINDOWS\security
2009-04-24 07:58:45 ----SHD---- C:\WINDOWS\CSC
2009-04-22 09:50:52 ----HD---- C:\WINDOWS\inf
2009-04-21 12:58:48 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-04-20 08:37:01 ----SD---- C:\WINDOWS\Tasks
2009-04-20 08:11:17 ----D---- C:\WINDOWS\Debug
2009-04-16 22:35:22 ----D---- C:\WINDOWS\WinSxS
2009-04-16 15:58:24 ----A---- C:\WINDOWS\system.ini
2009-04-16 15:18:11 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-04-15 19:46:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-15 19:42:05 ----D---- C:\WINDOWS\system32\wbem
2009-04-15 19:42:05 ----D---- C:\WINDOWS\AppPatch
2009-04-15 08:05:33 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-15 08:05:20 ----D---- C:\WINDOWS\system32\en-us
2009-04-15 08:05:20 ----D---- C:\Program Files\Internet Explorer
2009-04-15 08:04:14 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-03-17 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2006-03-17 22684]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 NHostNT1;Numara Remote Control Driver 1 ver. 9.00 (2007058); C:\WINDOWS\System32\Drivers\NHOSTNT1.SYS [2007-02-27 92432]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-06-13 25724]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-06-13 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-06-13 86844]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-06-13 14716]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-06-13 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-06-13 88476]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-06-13 94460]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-03-17 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-01-29 13059]
R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\pnnim.sys []
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-01-10 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-05-03 178176]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-30 130432]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-01-12 142720]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-15 1342570]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-01-29 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-01-29 201600]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 35968]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NHOSTNT3;Numara Remote Control Driver 3 ver. 9.00 (2007058) (NHOSTNT3); C:\WINDOWS\System32\Drivers\NHOSTNT3.SYS [2007-02-27 3216]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-26 7433472]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192736]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-19 1428096]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-01-29 718464]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-15 57096]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-02-15 258103]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-07-20 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NetOp Host for NT Service;Numara Remote Control Helper ver. 9.00 (2007058); C:\Program Files\Numara Software\Remote\Host\NHOSTSVC.EXE [2007-02-27 1499408]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-26 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-08 66872]
R2 TIRmtSvc;Track-It! Workstation Manager; C:\WINDOWS\TIREMOTE\TIRemoteService.exe [2008-01-02 212480]
S2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2004-08-04 4608]
S2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2004-08-04 117248]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 995328]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 227520]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-02-06 148088]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-06 724480]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 256496]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 139264]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-02-07 137728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 158768]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

MBAM Log:

Malwarebytes' Anti-Malware 1.36
Database version: 2094
Windows 5.1.2600 Service Pack 2

5/8/2009 3:08:39 PM
mbam-log-2009-05-08 (15-08-39).txt

Scan type: Quick Scan
Objects scanned: 92952
Time elapsed: 1 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks again for your help!

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:42 PM

Posted 08 May 2009 - 09:58 PM

Hi MZK39,


You should install antivirus program asap. Otherwise, all our efforts would be to no avail.

AntiVir Free Edition


Step1


If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
C:\TEMP\winyhck.exe
C:\TEMP\evkmmj.exe
C:\TEMP\wingqrta.exe
C:\TEMP\ygrtjn.exe
C:\TEMP\winnhmbb.exe
C:\TEMP\winhjryyr.exe
C:\TEMP\gqvhl.exe
C:\TEMP\oxpp.exe
C:\TEMP\winbflogp.exe
C:\TEMP\xjgm.exe
C:\TEMP\winugct.exe
C:\TEMP\winimtb.exe
C:\TEMP\winjldwwf.exe
C:\TEMP\winmpjj.exe
C:\TEMP\wlydg.exe
C:\TEMP\enjmfo.exe
C:\TEMP\winlgrss.exe
C:\TEMP\winkokby.exe
C:\TEMP\uqueny.exe
C:\TEMP\jhbksp.exe
C:\TEMP\winsqaqs.exe
C:\TEMP\windkojhp.exe
C:\TEMP\winkmbbf.exe
C:\TEMP\rpllad.exe
C:\WINDOWS\system32\drivers\pnnim.sys 

Folder::
C:\WINDOWS\TEMP\NetOpTMP

Driver::
abp470n5

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\TEMP\winyhck.exe"=-
"C:\TEMP\evkmmj.exe"=-
"C:\TEMP\wingqrta.exe"=-
"C:\TEMP\ygrtjn.exe"=-
"C:\TEMP\winnhmbb.exe"=-
"C:\TEMP\winhjryyr.exe"=-
"C:\TEMP\gqvhl.exe"=-
"C:\TEMP\oxpp.exe"=-
"C:\TEMP\winbflogp.exe"=-
"C:\TEMP\xjgm.exe"=-
"C:\TEMP\winugct.exe"=-
"C:\TEMP\winimtb.exe"=-
"C:\TEMP\winjldwwf.exe"=-
"C:\TEMP\winmpjj.exe"=-
"C:\TEMP\wlydg.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\winjygsnt.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\nhrcg.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\winrgkq.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\winousd.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\bhrv.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\wineebk.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\winwoxxh.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\winqbrel.exe"=-
"C:\TEMP\enjmfo.exe"=-
"C:\TEMP\winlgrss.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\winigko.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\winykhv.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\winyayxb.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\winojglvc.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\ylyfvb.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\rysj.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\eymwwo.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\qpkpe.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\mxccst.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\winscylt.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\winmeyy.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\winhjvwcx.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\efkish.exe"=-
"C:\WINDOWS\TEMP\NetOpTMP\mkwyvt.exe"=-
"C:\TEMP\winkokby.exe"=-
"C:\TEMP\uqueny.exe"=-
"C:\TEMP\jhbksp.exe"=-
"C:\TEMP\winsqaqs.exe"=-
"C:\TEMP\windkojhp.exe"=-
"C:\TEMP\winkmbbf.exe"=-
"C:\TEMP\rpllad.exe"=-
"C:\WINDOWS\system32\RUNDLL32.EXE"=-


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step2


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step3

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.


In your next reply, please post back:


1.Combofix log
2.BitDefender log
3.RSIT log. txt

Tell me how things are going now.

#9 MZK39

MZK39
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 11 May 2009 - 12:37 PM

Hi Sundavis,

Acess to bitdefender was seemingly blocked. I could not access that site no matter what I tried.

Combo fix log:

ComboFix 09-05-10.07 - mhenry 05/11/2009 10:12:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3455.2903 [GMT -7:00]
Running from: C:\Documents and Settings\mhenry\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\mhenry\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated)

FILE ::
C:\TEMP\enjmfo.exe
C:\TEMP\evkmmj.exe
C:\TEMP\gqvhl.exe
C:\TEMP\jhbksp.exe
C:\TEMP\oxpp.exe
C:\TEMP\rpllad.exe
C:\TEMP\uqueny.exe
C:\TEMP\winbflogp.exe
C:\TEMP\windkojhp.exe
C:\TEMP\wingqrta.exe
C:\TEMP\winhjryyr.exe
C:\TEMP\winimtb.exe
C:\TEMP\winjldwwf.exe
C:\TEMP\winkmbbf.exe
C:\TEMP\winkokby.exe
C:\TEMP\winlgrss.exe
C:\TEMP\winmpjj.exe
C:\TEMP\winnhmbb.exe
C:\TEMP\winsqaqs.exe
C:\TEMP\winugct.exe
C:\TEMP\winyhck.exe
C:\TEMP\wlydg.exe
C:\TEMP\xjgm.exe
C:\TEMP\ygrtjn.exe
C:\WINDOWS\system32\drivers\pnnim.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\regsvr32.dll
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\TEMP\NetOpTMP

----- BITS: Possible infected sites -----

hxxp://rnc-it-wsus-01
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5
-------\Service_abp470n5


((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.

2009-05-11 17:15:48 . 2009-05-11 17:15:48 53248 ----a-w C:\temp\catchme.dll
2009-05-11 17:13:49 . 2009-05-11 17:13:49 60416 ----a-w C:\temp\Perflib_Perfdata__755.dat
2009-05-11 17:03:56 . 2009-05-11 17:03:56 0 d-----w C:\temp\BTN%Copy%1
2009-05-11 16:49:16 . 2009-05-11 17:13:42 0 d-----w C:\temp\000955F4_Rar
2009-05-11 16:48:53 . 2009-05-11 16:48:53 0 d-----w C:\temp\WPDNSE
2009-05-11 14:52:23 . 2009-05-11 17:13:42 0 d-----w C:\temp\Bluebeam Software
2009-05-11 14:43:12 . 2009-03-24 23:08:22 55640 ----a-w C:\WINDOWS\system32\drivers\avgntflt.sys
2009-05-11 14:43:10 . 2009-05-11 14:43:10 0 d-----w C:\Documents and Settings\All Users\Application Data\Avira
2009-05-11 14:43:10 . 2009-05-11 14:43:10 0 d-----w C:\Program Files\Avira
2009-05-08 21:45:22 . 2009-05-08 21:45:22 0 d-----w C:\_OTMoveIt
2009-05-08 16:25:16 . 2009-04-06 22:32:46 15504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2009-05-08 16:25:14 . 2009-04-06 22:32:54 38496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-05-08 16:25:12 . 2009-05-08 16:25:17 0 d-----w C:\Program Files\Malwarebytes' Anti-Malware
2009-04-20 14:28:08 . 2009-05-11 17:04:03 0 d-----w C:\WINDOWS\system32\NtmsData
2009-04-17 20:48:51 . 2009-04-17 20:48:51 0 d--h--w C:\WINDOWS\system32\GroupPolicy
2009-04-17 04:34:09 . 2009-04-22 22:50:53 0 d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-17 04:34:09 . 2009-04-22 22:49:08 0 d-----w C:\Program Files\Spybot - Search & Destroy
2009-04-17 04:15:49 . 2009-04-17 04:15:49 0 d-----w C:\Program Files\Trend Micro
2009-04-15 14:29:04 . 2009-02-03 20:08:52 55808 ----a-w C:\WINDOWS\system32\dllcache\secur32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 14:52:37 . 2008-02-07 18:55:19 110704 ----a-w C:\Documents and Settings\mhenry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-22 15:09:40 . 2006-09-19 05:58:39 192398 ----a-w C:\WINDOWS\system32\nvModes.dat
2009-04-21 19:58:57 . 2008-02-08 23:30:59 138512 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2009-04-21 19:58:48 . 2008-02-08 23:30:52 201440 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2009-04-03 22:14:48 . 2008-02-06 19:38:20 0 d-----w C:\Program Files\Common Files\Adobe
2009-03-06 14:00:22 . 2004-08-04 08:00:00 284160 ----a-w C:\WINDOWS\system32\pdh.dll
2009-03-03 00:18:25 . 2004-08-04 08:00:00 826368 ----a-w C:\WINDOWS\system32\wininet.dll
2009-02-20 18:09:38 . 2004-08-04 08:00:00 78336 ----a-w C:\WINDOWS\system32\ieencode.dll
.


RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by mhenry at 2009-05-11 10:25:34
Microsoft Windows XP Professional Service Pack 2
System drive C: has 35 GB (37%) free of 95 GB
Total RAM: 3455 MB (87% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:37 AM, on 5/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\TIREMOTE\TIRemoteService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\mhenry\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\mhenry.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://WLCIntranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.2:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [PbAdminACAD] C:\Program Files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe /install_user
O4 - HKLM\..\Run: [MicroBrew] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://WLCIntranet
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wlc.wlcarchitects.com
O17 - HKLM\Software\..\Telephony: DomainName = wlc.wlcarchitects.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wlc.wlcarchitects.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wlc.wlcarchitects.com
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Numara Remote Control Helper ver. 9.00 (2007058) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Numara Software\Remote\Host\NHOSTSVC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Numara Software, Inc. - C:\WINDOWS\TIREMOTE\TIRemoteService.exe

--
End of file - 11383 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-06-13 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-24 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-21 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-24 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /install []
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 1003520]
"AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.exe [2006-01-16 126976]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 114799]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 831580]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-02-14 524288]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-05-08 131072]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe []
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe []
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-11-08 262144]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2004-08-04 143360]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 693624]
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1961984]
"PbAdminACAD"=C:\Program Files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe [2006-09-21 217088]
"MicroBrew"=C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe [2006-09-21 495616]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-06-13 127036]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2008-04-25 214336]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 1159168]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-26 8523776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1763840]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-31 39408]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2217816]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"Intellimenus"=1
"NoSMConfigurePrograms"=1
"NoBandCustomize"=1
"SpecifyDefaultButtons"=1
"Btn_Back"=1
"Btn_Forward"=1
"Btn_Stop"=1
"Btn_Refresh"=1
"Btn_Home"=1
"Btn_Search"=1
"Btn_Favorites"=1
"Btn_History"=2
"Btn_Media"=2
"Btn_Folders"=1
"Btn_Fullscreen"=2
"Btn_Tools"=1
"Btn_MailNews"=1
"Btn_Size"=2
"Btn_Print"=1
"Btn_Edit"=2
"Btn_Discussions"=1
"Btn_Cut"=2
"Btn_Copy"=1
"Btn_Paste"=1
"Btn_Encoding"=2
"NoDesktopCleanupWizard"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\Program Files\Numara Software\Remote\Host\NHSTW32.EXE"="C:\Program Files\Numara Software\Remote\Host\NHSTW32.EXE:*:Enabled:NetOp Host"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe"="C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe:*:Enabled:ipsec"
"C:\WINDOWS\Sminst\Recguard.exe"="C:\WINDOWS\Sminst\Recguard.exe:*:Enabled:ipsec"
"C:\WINDOWS\Creator\Remind_XP.exe"="C:\WINDOWS\Creator\Remind_XP.exe:*:Enabled:ipsec"
"C:\Program Files\CCleaner\CCleaner.exe"="C:\Program Files\CCleaner\CCleaner.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe"="C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe:*:Enabled:ipsec"
"C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\qlbPres.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\qlbPres.exe:*:Enabled:ipsec"
"C:\Program Files\InterVideo\DVD Check\DVDCheck.exe"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe:*:Enabled:ipsec"
"C:\Program Files\HPQ\Default Settings\cpqset.exe"="C:\Program Files\HPQ\Default Settings\cpqset.exe:*:Enabled:ipsec"
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe:*:Enabled:ipsec"
"C:\TEMP\winyhck.exe"=""
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"="C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe:*:Enabled:ipsec"
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\AccelerometerSt.exe"="C:\WINDOWS\system32\AccelerometerSt.exe:*:Enabled:ipsec"
"C:\TEMP\evkmmj.exe"="C:\TEMP\evkmmj.exe:*:Enabled:ipsec"
"C:\TEMP\wingqrta.exe"="C:\TEMP\wingqrta.exe:*:Enabled:ipsec"
"C:\TEMP\ygrtjn.exe"="C:\TEMP\ygrtjn.exe:*:Enabled:ipsec"
"C:\TEMP\winnhmbb.exe"="C:\TEMP\winnhmbb.exe:*:Enabled:ipsec"
"C:\TEMP\winhjryyr.exe"="C:\TEMP\winhjryyr.exe:*:Enabled:ipsec"
"C:\TEMP\gqvhl.exe"="C:\TEMP\gqvhl.exe:*:Enabled:ipsec"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:ipsec"
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\nwiz.exe"="C:\WINDOWS\system32\nwiz.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\netsh.exe"="C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec"
"C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe:*:Enabled:ipsec"
"C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE"="C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE:*:Enabled:ipsec"
"C:\TEMP\oxpp.exe"="C:\TEMP\oxpp.exe:*:Enabled:ipsec"
"C:\TEMP\winbflogp.exe"="C:\TEMP\winbflogp.exe:*:Enabled:ipsec"
"C:\TEMP\xjgm.exe"="C:\TEMP\xjgm.exe:*:Enabled:ipsec"
"C:\TEMP\winugct.exe"="C:\TEMP\winugct.exe:*:Enabled:ipsec"
"C:\TEMP\winimtb.exe"="C:\TEMP\winimtb.exe:*:Enabled:ipsec"
"C:\TEMP\winjldwwf.exe"="C:\TEMP\winjldwwf.exe:*:Enabled:ipsec"
"C:\TEMP\winmpjj.exe"="C:\TEMP\winmpjj.exe:*:Enabled:ipsec"
"C:\TEMP\wlydg.exe"="C:\TEMP\wlydg.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winjygsnt.exe"="C:\WINDOWS\TEMP\NetOpTMP\winjygsnt.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\nhrcg.exe"="C:\WINDOWS\TEMP\NetOpTMP\nhrcg.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winrgkq.exe"="C:\WINDOWS\TEMP\NetOpTMP\winrgkq.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winousd.exe"="C:\WINDOWS\TEMP\NetOpTMP\winousd.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\bhrv.exe"="C:\WINDOWS\TEMP\NetOpTMP\bhrv.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\wineebk.exe"="C:\WINDOWS\TEMP\NetOpTMP\wineebk.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winwoxxh.exe"="C:\WINDOWS\TEMP\NetOpTMP\winwoxxh.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winqbrel.exe"="C:\WINDOWS\TEMP\NetOpTMP\winqbrel.exe:*:Enabled:ipsec"
"C:\TEMP\enjmfo.exe"="C:\TEMP\enjmfo.exe:*:Enabled:ipsec"
"C:\TEMP\winlgrss.exe"="C:\TEMP\winlgrss.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winigko.exe"="C:\WINDOWS\TEMP\NetOpTMP\winigko.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winykhv.exe"="C:\WINDOWS\TEMP\NetOpTMP\winykhv.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winyayxb.exe"="C:\WINDOWS\TEMP\NetOpTMP\winyayxb.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winojglvc.exe"="C:\WINDOWS\TEMP\NetOpTMP\winojglvc.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\ylyfvb.exe"="C:\WINDOWS\TEMP\NetOpTMP\ylyfvb.exe:*:Enabled:ipsec"
"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\rysj.exe"="C:\WINDOWS\TEMP\NetOpTMP\rysj.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\eymwwo.exe"="C:\WINDOWS\TEMP\NetOpTMP\eymwwo.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\qpkpe.exe"="C:\WINDOWS\TEMP\NetOpTMP\qpkpe.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\mxccst.exe"="C:\WINDOWS\TEMP\NetOpTMP\mxccst.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winscylt.exe"="C:\WINDOWS\TEMP\NetOpTMP\winscylt.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winmeyy.exe"="C:\WINDOWS\TEMP\NetOpTMP\winmeyy.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"="C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe:*:Enabled:ipsec"
"C:\Program Files\Macromedia\FreeHand MXa\FreeHand MX.exe"="C:\Program Files\Macromedia\FreeHand MXa\FreeHand MX.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\winhjvwcx.exe"="C:\WINDOWS\TEMP\NetOpTMP\winhjvwcx.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\efkish.exe"="C:\WINDOWS\TEMP\NetOpTMP\efkish.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\NetOpTMP\mkwyvt.exe"="C:\WINDOWS\TEMP\NetOpTMP\mkwyvt.exe:*:Enabled:ipsec"
"C:\TEMP\winkokby.exe"="C:\TEMP\winkokby.exe:*:Enabled:ipsec"
"C:\TEMP\uqueny.exe"="C:\TEMP\uqueny.exe:*:Enabled:ipsec"
"C:\TEMP\jhbksp.exe"="C:\TEMP\jhbksp.exe:*:Enabled:ipsec"
"C:\TEMP\winsqaqs.exe"="C:\TEMP\winsqaqs.exe:*:Enabled:ipsec"
"C:\TEMP\windkojhp.exe"="C:\TEMP\windkojhp.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"="C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe:*:Enabled:ipsec"
"C:\TEMP\winkmbbf.exe"="C:\TEMP\winkmbbf.exe:*:Enabled:ipsec"
"C:\TEMP\rpllad.exe"="C:\TEMP\rpllad.exe:*:Enabled:ipsec"
"C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe:*:Enabled:ipsec"
"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\WINDOWS\TIREMOTE\TIRemoteService.exe"="C:\WINDOWS\TIREMOTE\TIRemoteService.exe:*:Enabled:Track-It! Workstation Manager"
"C:\Program Files\Numara Software\Remote\Host\NHSTW32.EXE"="C:\Program Files\Numara Software\Remote\Host\NHSTW32.EXE:*:Enabled:NetOp Host"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Sierra\SWAT3EEDemo\swat.exe"="C:\Sierra\SWAT3EEDemo\swat.exe:*:Enabled:Swat 3 : Close Quarters Battle"

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-05-11 10:25:34 ----D---- C:\rsit
2009-05-11 10:20:08 ----SHD---- C:\RECYCLER
2009-05-11 10:12:23 ----A---- C:\WINDOWS\PSEXESVC.EXE
2009-05-11 10:11:58 ----D---- C:\ComboFix
2009-05-11 10:11:58 ----A---- C:\WINDOWS\system32\CF28585.exe
2009-05-11 10:10:37 ----A---- C:\Boot.bak
2009-05-11 10:10:32 ----D---- C:\cmdcons
2009-05-11 10:08:16 ----A---- C:\WINDOWS\zip.exe
2009-05-11 10:08:16 ----A---- C:\WINDOWS\vFind.exe
2009-05-11 10:08:16 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-11 10:08:16 ----A---- C:\WINDOWS\SWSC.exe
2009-05-11 10:08:16 ----A---- C:\WINDOWS\SWREG.exe
2009-05-11 10:08:16 ----A---- C:\WINDOWS\sed.exe
2009-05-11 10:08:16 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-11 10:08:16 ----A---- C:\WINDOWS\grep.exe
2009-05-11 10:08:12 ----D---- C:\WINDOWS\ERDNT
2009-05-11 10:08:10 ----D---- C:\Qoobox
2009-05-11 07:43:10 ----D---- C:\Program Files\Avira
2009-05-11 07:43:10 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-05-08 14:45:22 ----D---- C:\_OTMoveIt
2009-05-08 14:43:20 ----RASHD---- C:\autorun.inf
2009-05-08 09:25:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-20 07:28:08 ----D---- C:\WINDOWS\system32\NtmsData
2009-04-17 13:48:51 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-04-16 21:34:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-16 21:34:09 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-16 21:15:49 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2009-05-11 10:25:34 ----D---- C:\TEMP
2009-05-11 10:21:17 ----D---- C:\WINDOWS\Temp
2009-05-11 10:20:48 ----D---- C:\WINDOWS
2009-05-11 10:20:08 ----D---- C:\WINDOWS\Prefetch
2009-05-11 10:16:27 ----D---- C:\WINDOWS\SMINST
2009-05-11 10:15:53 ----A---- C:\WINDOWS\system.ini
2009-05-11 10:15:47 ----D---- C:\WINDOWS\system32
2009-05-11 10:15:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-11 10:15:13 ----D---- C:\WINDOWS\system32\drivers
2009-05-11 10:13:58 ----D---- C:\WINDOWS\system32\config
2009-05-11 10:13:21 ----D---- C:\WINDOWS\AppPatch
2009-05-11 10:13:20 ----D---- C:\Program Files\Common Files
2009-05-11 10:10:37 ----RASH---- C:\boot.ini
2009-05-11 10:09:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-11 07:50:12 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-05-11 07:43:17 ----HD---- C:\WINDOWS\inf
2009-05-11 07:43:10 ----D---- C:\Program Files
2009-05-11 07:41:55 ----SHD---- C:\WINDOWS\Installer
2009-05-11 07:41:55 ----D---- C:\WINDOWS\WinSxS
2009-05-08 09:40:52 ----D---- C:\Y Drive
2009-05-07 15:21:16 ----D---- C:\Documents and Settings\mhenry\Application Data\Adobe
2009-05-07 07:21:56 ----D---- C:\WINDOWS\system32\LogFiles
2009-04-30 19:00:00 ----D---- C:\WINDOWS\security
2009-04-24 07:58:45 ----SHD---- C:\WINDOWS\CSC
2009-04-21 12:58:48 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-04-20 08:37:01 ----SD---- C:\WINDOWS\Tasks
2009-04-20 08:11:17 ----D---- C:\WINDOWS\Debug
2009-04-16 15:18:11 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-04-15 19:46:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-15 19:42:05 ----D---- C:\WINDOWS\system32\wbem
2009-04-15 08:05:33 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-15 08:05:20 ----D---- C:\WINDOWS\system32\en-us
2009-04-15 08:05:20 ----D---- C:\Program Files\Internet Explorer
2009-04-15 08:04:14 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-03-17 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2006-03-17 22684]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 NHostNT1;Numara Remote Control Driver 1 ver. 9.00 (2007058); C:\WINDOWS\System32\Drivers\NHOSTNT1.SYS [2007-02-27 92432]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-06-13 25724]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-06-13 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-06-13 86844]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-06-13 14716]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-06-13 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-06-13 88476]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-06-13 94460]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-03-17 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-01-29 13059]
R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\pnnim.sys []
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-01-10 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-05-03 178176]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-30 130432]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-01-12 142720]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-15 1342570]
R3 catchme;catchme; \??\C:\TEMP\catchme.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-01-29 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-01-29 201600]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 35968]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NHOSTNT3;Numara Remote Control Driver 3 ver. 9.00 (2007058) (NHOSTNT3); C:\WINDOWS\System32\Drivers\NHOSTNT3.SYS [2007-02-27 3216]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-26 7433472]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192736]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-19 1428096]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-01-29 718464]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-15 57096]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-02-15 258103]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-07-20 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NetOp Host for NT Service;Numara Remote Control Helper ver. 9.00 (2007058); C:\Program Files\Numara Software\Remote\Host\NHOSTSVC.EXE [2007-02-27 1499408]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-26 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-08 66872]
R2 TIRmtSvc;Track-It! Workstation Manager; C:\WINDOWS\TIREMOTE\TIRemoteService.exe [2008-01-02 212480]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
S2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2004-08-04 4608]
S2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2004-08-04 117248]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 995328]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 227520]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-02-06 148088]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-06 724480]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 256496]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 139264]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-02-07 137728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 158768]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Thanks again for your help.

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:42 PM

Posted 11 May 2009 - 12:42 PM

Hi MZK39,


The Combofix log is not a complete one. Can you post that again? Thanks.

#11 MZK39

MZK39
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 11 May 2009 - 03:37 PM

Sundavis,

Sorry about that.

Combo Fix Log:

ComboFix 09-05-10.07 - mhenry 05/11/2009 13:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3455.2954 [GMT -7:00]
Running from: c:\documents and settings\mhenry\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mhenry\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated)

FILE ::
c:\temp\enjmfo.exe
c:\temp\evkmmj.exe
c:\temp\gqvhl.exe
c:\temp\jhbksp.exe
c:\temp\oxpp.exe
c:\temp\rpllad.exe
c:\temp\uqueny.exe
c:\temp\winbflogp.exe
c:\temp\windkojhp.exe
c:\temp\wingqrta.exe
c:\temp\winhjryyr.exe
c:\temp\winimtb.exe
c:\temp\winjldwwf.exe
c:\temp\winkmbbf.exe
c:\temp\winkokby.exe
c:\temp\winlgrss.exe
c:\temp\winmpjj.exe
c:\temp\winnhmbb.exe
c:\temp\winsqaqs.exe
c:\temp\winugct.exe
c:\temp\winyhck.exe
c:\temp\wlydg.exe
c:\temp\xjgm.exe
c:\temp\ygrtjn.exe
c:\windows\system32\drivers\pnnim.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\NetOpTMP
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\lsprst7.dll
c:\windows\system32\regsvr32.dll
c:\windows\system32\ssprs.dll
c:\windows\TEMP\NetOpTMP

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5
-------\Service_abp470n5
-------\Service_abp470n5


((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.

2009-05-11 20:31 . 2009-05-11 20:31 -------- d-----w c:\temp\00025625_Rar
2009-05-11 20:31 . 2009-05-11 20:31 -------- d-----w c:\temp\WPDNSE
2009-05-11 20:27 . 2009-05-11 20:27 60416 ----a-w c:\temp\Perflib_Perfdata__755.dat
2009-05-11 20:03 . 2009-05-11 20:27 -------- d-----w c:\temp\008A5E0E_Rar
2009-05-11 17:21 . 2009-05-11 17:21 -------- d-----w c:\temp\Google Toolbar
2009-05-11 17:11 . 2009-05-11 17:11 466432 ----a-w c:\windows\system32\CF28585.exe
2009-05-11 17:03 . 2009-05-11 17:03 -------- d-----w c:\temp\BTN%Copy%1
2009-05-11 14:52 . 2009-05-11 20:31 -------- d-----w c:\temp\Bluebeam Software
2009-05-11 14:43 . 2009-03-24 23:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-11 14:43 . 2009-05-11 14:43 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-11 14:43 . 2009-05-11 14:43 -------- d-----w c:\program files\Avira
2009-05-08 21:45 . 2009-05-08 21:45 -------- d-----w C:\_OTMoveIt
2009-05-08 16:25 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-08 16:25 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 16:25 . 2009-05-08 16:25 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-20 14:28 . 2009-05-11 20:29 -------- d-----w c:\windows\system32\NtmsData
2009-04-17 20:48 . 2009-04-17 20:48 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-17 04:34 . 2009-04-22 22:50 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-17 04:34 . 2009-04-22 22:49 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-17 04:15 . 2009-04-17 04:15 -------- d-----w c:\program files\Trend Micro
2009-04-15 14:29 . 2009-02-03 20:08 55808 ----a-w c:\windows\system32\dllcache\secur32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 19:57 . 2008-02-07 00:49 -------- d-----w c:\program files\DWG TrueView 2008
2009-05-11 19:57 . 2008-02-07 00:52 -------- d-----w c:\program files\Common Files\Repro Desk
2009-05-11 14:52 . 2008-02-07 18:55 110704 ----a-w c:\documents and settings\mhenry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-22 15:09 . 2006-09-19 05:58 192398 ----a-w c:\windows\system32\nvModes.dat
2009-04-21 19:58 . 2008-02-08 23:30 138512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-21 19:58 . 2008-02-08 23:30 201440 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-03 22:14 . 2008-02-06 19:38 -------- d-----w c:\program files\Common Files\Adobe
2009-03-06 14:00 . 2004-08-04 08:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 08:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 08:00 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1763840]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-31 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2217816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 1003520]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-17 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 114799]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 831580]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 524288]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 131072]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 262144]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 693624]
"PbAdminACAD"="c:\program files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe" [2006-09-22 217088]
"MicroBrew"="c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe" [2006-09-22 495616]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2008-04-25 214336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 1159168]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-26 8523776]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-26 1835008]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2007-07-06 177152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 659517]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-2-6 262144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoBandCustomize"= 1 (0x1)
"SpecifyDefaultButtons"= 1 (0x1)
"Btn_Back"= 1 (0x1)
"Btn_Forward"= 1 (0x1)
"Btn_Stop"= 1 (0x1)
"Btn_Refresh"= 1 (0x1)
"Btn_Home"= 1 (0x1)
"Btn_Search"= 1 (0x1)
"Btn_Favorites"= 1 (0x1)
"Btn_History"= 2 (0x2)
"Btn_Media"= 2 (0x2)
"Btn_Folders"= 1 (0x1)
"Btn_Fullscreen"= 2 (0x2)
"Btn_Tools"= 1 (0x1)
"Btn_MailNews"= 1 (0x1)
"Btn_Size"= 2 (0x2)
"Btn_Print"= 1 (0x1)
"Btn_Edit"= 2 (0x2)
"Btn_Discussions"= 1 (0x1)
"Btn_Cut"= 2 (0x2)
"Btn_Copy"= 1 (0x1)
"Btn_Paste"= 1 (0x1)
"Btn_Encoding"= 2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=RevitUpdate-RC.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\1]
"Script"=AutoCADUpdate-RC.bat

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Numara Software\\Remote\\Host\\NHSTW32.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\WINDOWS\\Creator\\Remind_XP.exe"=
"c:\\Program Files\\Common Files\\Bluebeam Software\\Brewery\\V45\\Printer Support\\MicroBrew2.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\qlbPres.exe"=
"c:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\AcroDist.exe"=
"c:\\WINDOWS\\system32\\AccelerometerSt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"=
"c:\\PROGRA~1\\HPQ\\Shared\\HPQTOA~1.EXE"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Program Files\\Common Files\\Macromedia Shared\\Service\\Macromedia Licensing.exe"=
"c:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 NHostNT1;Numara Remote Control Driver 1 ver. 9.00 (2007058);c:\windows\system32\drivers\NHOSTNT1.SYS [2/12/2008 4:20 PM 92432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/11/2009 7:43 AM 108289]
R2 NetOp Host for NT Service;Numara Remote Control Helper ver. 9.00 (2007058);c:\program files\Numara Software\Remote\Host\NHOSTSVC.EXE [2/12/2008 4:20 PM 1499408]
R2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [2/12/2008 4:20 PM 212480]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [9/18/2006 10:55 PM 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/10/2005 6:26 AM 35968]
R3 NHOSTNT3;Numara Remote Control Driver 3 ver. 9.00 (2007058) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [2/12/2008 4:20 PM 3216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cpqset - c:\program files\HPQ\Default Settings\cpqset.exe
HKLM-Run-Recguard - c:\windows\Sminst\Recguard.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://WLCIntranet/
uInternet Settings,ProxyServer = 192.168.0.2:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 13:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:53,ee,09,b8,cc,cb,27,a6,10,aa,c9,22,f9,f9,88,13,41,77,d0,c2,c7,
3b,20,47,dd,dd,4b,c5,4c,d7,e8,cd,b5,9a,f6,f1,b2,e6,4d,ff,09,f3,2b,1f,4e,df,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:53,ee,09,b8,cc,cb,27,a6,10,aa,c9,22,f9,f9,88,13,41,77,d0,c2,c7,
3b,20,47,dd,dd,4b,c5,4c,d7,e8,cd,b5,9a,f6,f1,b2,e6,4d,ff,09,f3,2b,1f,4e,df,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1516)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\windows\system32\msdtc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Numara Software\Remote\Host\NHSTW32.EXE
c:\program files\Numara Software\Remote\Host\nldrw32.exe
c:\program files\McAfee\Common Framework\Mctray.exe
.
**************************************************************************
.
Completion time: 2009-05-11 13:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-11 20:34

Pre-Run: 36,992,258,048 bytes free
Post-Run: 36,988,018,688 bytes free

281 --- E O F --- 2009-05-01 15:02

#12 MZK39

MZK39
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 11 May 2009 - 03:54 PM

Hi Sudavis,

I also ran a scan with Avira which detected multiple copies of these 2 viruses:

W32/Cholera Windows virus
W32/Cholera.3 Windows virus

Also multiples of:

TR/Dropper.Gen Trojan
TR/Crypt.TPM.Gen Trojan

393 objects quarantined.

#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:42 PM

Posted 11 May 2009 - 06:35 PM

Hi MZK39,




Step1

Please disable Spybot S&D's protection,or it will interfere.
  • You can enable it after you're clean.
  • Open Spybot and click on 'Mode' and check 'Advanced Mode'.
  • Click on 'Tools' in bottom left hand corner.
  • Click on the 'System Startup' icon.
  • Uncheck 'Teatimer' box and/or uncheck 'Resident'.
  • Click the 'Allow Change' box.
  • Then, check next to the computer clock to see if the icon for Spybot is still there.
  • If it is, right click it and choose 'exit Spybot-S&D Resident'.
  • Restart the computer.
  • If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
  • http://www.russelltexas.com/malware/teatimer.htm
Step2
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
c:\temp\00025625_Rar
c:\temp\008A5E0E_Rar
c:\temp\BTN%Copy%1

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegedit"=-
"DisableTaskMgr"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
"UacDisableNotify"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step3

Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from Here
Double-click FixPolicies.exe.
Click the "Install" button on the bottom toolbar of the box that will open.
The program will create a new Folder called FixPolicies.
Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
A black box will briefly appear and then close. This will enable your Control Panel and stop the Administrative warnings, at least until the malware infection resets the registry policy keys again. You can run this as many times as you like. A permanent fix requires removing the infection.


Step4

Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 13...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.

Step5

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step6

Please do an online scan with Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.

1.Combofix log
2.KAS Scan Report
3.Fresh RIST log(Before running RIST, delete the folder in C:\rist)

Tell me how your pc is running now.

#14 MZK39

MZK39
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 13 May 2009 - 10:24 AM

Hi Sundavis,

Combofix Log:

ComboFix 09-05-10.07 - mhenry 05/12/2009 13:32.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3455.2884 [GMT -7:00]
Running from: e:\fix 5 12 2009\ComboFix.exe
Command switches used :: c:\documents and settings\mhenry\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated)

FILE ::
c:\temp\00025625_Rar
c:\temp\008A5E0E_Rar
c:\temp\BTN%Copy%1
.

((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
.

2009-05-12 20:33 . 2009-05-12 20:33 53248 ----a-w c:\temp\catchme.dll
2009-05-12 20:32 . 2009-05-12 20:32 -------- d-----w c:\temp\WPDNSE
2009-05-12 20:25 . 2009-05-12 20:25 16384 ----atw c:\temp\Perflib_Perfdata_12c.dat
2009-05-12 16:03 . 2009-05-12 20:29 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-11 23:19 . 2009-05-11 23:26 -------- d-----w c:\program files\Exterminate It!
2009-05-11 14:52 . 2009-05-12 20:19 -------- d-----w c:\temp\Bluebeam Software
2009-05-11 14:43 . 2009-03-24 23:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-11 14:43 . 2009-05-11 14:43 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-11 14:43 . 2009-05-11 14:43 -------- d-----w c:\program files\Avira
2009-05-08 16:25 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-08 16:25 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 16:25 . 2009-05-08 16:25 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-20 14:28 . 2009-05-12 20:14 -------- d-----w c:\windows\system32\NtmsData
2009-04-17 20:48 . 2009-04-17 20:48 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-17 04:34 . 2009-05-12 15:11 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-17 04:34 . 2009-05-12 15:17 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-17 04:15 . 2009-04-17 04:15 -------- d-----w c:\program files\Trend Micro
2009-04-15 14:29 . 2009-02-03 20:08 55808 ----a-w c:\windows\system32\dllcache\secur32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 20:04 . 2008-02-07 17:13 -------- d-----w c:\program files\Macromedia
2009-05-12 20:04 . 2008-02-06 16:05 -------- d-----w c:\program files\Google
2009-05-12 20:02 . 2008-02-08 19:36 -------- d-----w c:\program files\Common Files\AVSMedia
2009-05-11 19:57 . 2008-02-07 00:49 -------- d-----w c:\program files\DWG TrueView 2008
2009-05-11 19:57 . 2008-02-07 00:52 -------- d-----w c:\program files\Common Files\Repro Desk
2009-05-11 14:52 . 2008-02-07 18:55 110704 ----a-w c:\documents and settings\mhenry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-22 15:09 . 2006-09-19 05:58 192398 ----a-w c:\windows\system32\nvModes.dat
2009-04-21 19:58 . 2008-02-08 23:30 138512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-21 19:58 . 2008-02-08 23:30 201440 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-03 22:14 . 2008-02-06 19:38 -------- d-----w c:\program files\Common Files\Adobe
2009-03-06 14:00 . 2004-08-04 08:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 08:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 08:00 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-11_20.31.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 1998-10-29 18:45 . 1998-10-30 00:45 376320 c:\windows\IsUninst.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1763840]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 1003520]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-17 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 831580]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 524288]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 131072]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 262144]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 693624]
"PbAdminACAD"="c:\program files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe" [2006-09-22 217088]
"MicroBrew"="c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe" [2006-09-22 495616]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2008-04-25 214336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 1159168]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-26 8523776]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-26 1835008]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2007-07-06 177152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 659517]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-2-6 262144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoBandCustomize"= 1 (0x1)
"SpecifyDefaultButtons"= 1 (0x1)
"Btn_Back"= 1 (0x1)
"Btn_Forward"= 1 (0x1)
"Btn_Stop"= 1 (0x1)
"Btn_Refresh"= 1 (0x1)
"Btn_Home"= 1 (0x1)
"Btn_Search"= 1 (0x1)
"Btn_Favorites"= 1 (0x1)
"Btn_History"= 2 (0x2)
"Btn_Media"= 2 (0x2)
"Btn_Folders"= 1 (0x1)
"Btn_Fullscreen"= 2 (0x2)
"Btn_Tools"= 1 (0x1)
"Btn_MailNews"= 1 (0x1)
"Btn_Size"= 2 (0x2)
"Btn_Print"= 1 (0x1)
"Btn_Edit"= 2 (0x2)
"Btn_Discussions"= 1 (0x1)
"Btn_Cut"= 2 (0x2)
"Btn_Copy"= 1 (0x1)
"Btn_Paste"= 1 (0x1)
"Btn_Encoding"= 2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=RevitUpdate-RC.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\1]
"Script"=AutoCADUpdate-RC.bat

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Numara Software\\Remote\\Host\\NHSTW32.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\Creator\\Remind_XP.exe"=
"c:\\Program Files\\Common Files\\Bluebeam Software\\Brewery\\V45\\Printer Support\\MicroBrew2.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\qlbPres.exe"=
"c:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\AcroDist.exe"=
"c:\\WINDOWS\\system32\\AccelerometerSt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"=
"c:\\PROGRA~1\\HPQ\\Shared\\HPQTOA~1.EXE"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Program Files\\Common Files\\Macromedia Shared\\Service\\Macromedia Licensing.exe"=
"c:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 NHostNT1;Numara Remote Control Driver 1 ver. 9.00 (2007058);c:\windows\system32\drivers\NHOSTNT1.SYS [2/12/2008 4:20 PM 92432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/11/2009 7:43 AM 108289]
R2 NetOp Host for NT Service;Numara Remote Control Helper ver. 9.00 (2007058);c:\program files\Numara Software\Remote\Host\NHOSTSVC.EXE [2/12/2008 4:20 PM 1499408]
R2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [2/12/2008 4:20 PM 212480]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\pnnim.sys --> c:\windows\system32\drivers\pnnim.sys [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [9/18/2006 10:55 PM 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/10/2005 6:26 AM 35968]
R3 NHOSTNT3;Numara Remote Control Driver 3 ver. 9.00 (2007058) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [2/12/2008 4:20 PM 3216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ABP470N5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1023ad56-ef0f-11dc-ae77-0016d4a4360f}]
\SHelL\AUTOPLay\cOMmand - D:\aisxu.exe
\SHelL\AutoRun\command - D:\aisxu.exe
\SHelL\explORe\COmMaNd - D:\aisxu.exe
\SHelL\open\COmMand - D:\aisxu.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://WLCIntranet/
uInternet Settings,ProxyServer = 192.168.0.2:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 13:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:53,ee,09,b8,cc,cb,27,a6,10,aa,c9,22,f9,f9,88,13,41,77,d0,c2,c7,
3b,20,47,dd,dd,4b,c5,4c,d7,e8,cd,b5,9a,f6,f1,b2,e6,4d,ff,09,f3,2b,1f,4e,df,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:53,ee,09,b8,cc,cb,27,a6,10,aa,c9,22,f9,f9,88,13,41,77,d0,c2,c7,
3b,20,47,dd,dd,4b,c5,4c,d7,e8,cd,b5,9a,f6,f1,b2,e6,4d,ff,09,f3,2b,1f,4e,df,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(972)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(1528)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-12 13:34
ComboFix-quarantined-files.txt 2009-05-12 20:34
ComboFix2.txt 2009-05-12 15:53
ComboFix3.txt 2009-05-11 20:34

Pre-Run: 44,318,015,488 bytes free
Post-Run: 44,303,544,320 bytes free

232 --- E O F --- 2009-05-01 15:02

#15 MZK39

MZK39
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 13 May 2009 - 10:31 AM

KAS Scan Report Part 1:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, May 12, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, May 12, 2009 22:43:44
Records in database: 2169442
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
E:\
F:\
L:\
M:\
N:\
O:\
P:\
Q:\
R:\
S:\
V:\

Scan statistics:
Files scanned: 298961
Threat name: 4
Infected objects: 3969
Suspicious objects: 0
Duration of the scan: 04:14:44


File name / Threat name / Threats count
C:\WINDOWS\system32\nwiz.exe/C:\WINDOWS\system32\nwiz.exe Infected: Virus.Win32.Sality.ae 1
C:\WINDOWS\system32\AccelerometerSt.exe/C:\WINDOWS\system32\AccelerometerSt.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe/C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe/C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe/C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\McAfee\Common Framework\UdaterUI.exe/C:\Program Files\McAfee\Common Framework\UdaterUI.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Messenger\msmsgs.exe/C:\Program Files\Messenger\msmsgs.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe/C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Infected: Virus.Win32.Sality.ae 1
C:\CAD\AutoCAD\R2005\Express\alias.exe Infected: Virus.Win32.Sality.ae 1
C:\CAD\AutoCAD\R2005\Express\dumpshx.exe Infected: Virus.Win32.Sality.ae 1
C:\CAD\AutoCAD\R2005\Support\flashplayer7_winax.exe Infected: Virus.Win32.Sality.ae 1
C:\cmdcons\autochk.exe Infected: Virus.Win32.Sality.ae 1
C:\cmdcons\autofmt.exe Infected: Virus.Win32.Sality.ae 1
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\PATCH___1100\Install\0000\PatchScanInstaller.exe Infected: Virus.Win32.Sality.ae 1
C:\Documents and Settings\mhenry\Application Data\Move Networks\MoveMediaPlayer_071101000055.exe Infected: Virus.Win32.Sality.ae 1
C:\Documents and Settings\mhenry\Local Settings\Application Data\Adobe\Updater5\Install\acrobat8pro-en_US\KB404307.exe Infected: Virus.Win32.Sality.ae 1
C:\Documents and Settings\mhenry\Local Settings\Application Data\Adobe\Updater5\Install\acrobat8pro-en_US\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\I386\AUTOCHK.EXE Infected: Virus.Win32.Sality.ae 1
C:\I386\AUTOFMT.EXE Infected: Virus.Win32.Sality.ae 1
C:\I386\DRW\DWWIN.EXE Infected: Virus.Win32.Sality.ae 1
C:\I386\NETSETUP.EXE Infected: Virus.Win32.Sality.ae 1
C:\I386\NTSD.EXE Infected: Virus.Win32.Sality.ae 1
C:\I386\REGEDIT.EXE Infected: Virus.Win32.Sality.ae 1
C:\I386\SYSPARSE.EXE Infected: Virus.Win32.Sality.ae 1
C:\I386\TELNET.EXE Infected: Virus.Win32.Sality.ae 1
C:\I386\WINNT32.EXE Infected: Virus.Win32.Sality.ae 1
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DW20.EXE Infected: Virus.Win32.Sality.ae 1
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DWTRIG20.EXE Infected: Virus.Win32.Sality.ae 1
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OFFCLN.EXE Infected: Virus.Win32.Sality.ae 1
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXE Infected: Virus.Win32.Sality.ae 1
C:\NVIDIA\Win2k\169.96\English\nvudisp.exe Infected: Virus.Win32.Sality.ae 1
C:\NVIDIA\Win2k\169.96\English\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrodist.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\PDFPrevHndlrShim.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\Acrobat Elements.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Acrobat 8.0\Designer 8.0\ConvertIFD\ConvertIFD.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Acrobat 8.0\Designer 8.0\ConvertIP.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Acrobat 8.0\Designer 8.0\ConvertPDF.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Acrobat 8.0\Designer 8.0\ConvertWord.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Acrobat 8.0\Designer 8.0\FormDesigner.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Acrobat 8.0\PDFMaker\AutoCAD\PDFMAec.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\(PCI)\Setup\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AELinkServer2.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\pipltool.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\Effects\Synthetic Aperture\(Color Finesse 2 Support)\Color Finesse 2\SA Color Finesse 2 UI.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\restool.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Bridge CS3\Bridge.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Bridge CS3\Photodownloader.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Device Central CS3\DeviceCentral.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Encore CS3\Adobe Encore.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Encore CS3\PhotoshopServer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Encore CS3\Setup\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Extension Manager\Extension Manager.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Extension Manager\Replace.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\Flash.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\java.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\javaw.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\javaws.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\jucheck.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\jusched.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\keytool.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\kinit.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\klist.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\ktab.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\orbd.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\pack200.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\policytool.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\rmid.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\rmiregistry.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\servertool.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\tnameserv.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\unpack200.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\Players\FlashPlayer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3\Players\Release\FlashPlayer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Flash CS3 Video Encoder\Flash Video Encoder.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Help Viewer\1.0\ahv.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Help Viewer\1.1\ahv.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe InDesign CS3\InDesign.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe InDesign CS3\PMReaderApp.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe OnLocation CS3\Adobe OnLocation.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Photoshop CS3\Required\Droplet Template.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Premiere Pro CS3\Adobe Premiere Pro.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Premiere Pro CS3\MPEGHDVExport.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Premiere Pro CS3\PhotoshopServer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Premiere Pro CS3\pxhpinst.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Premiere Pro CS3\Setup\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Premiere Pro CS3\WMEncodingHelper.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Soundbooth CS3\Setup\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Stock Photos CS3\Adobe Stock Photos CS3.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Ultra CS3\Bin\Adobe Ultra.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit 2\ExtendScript Toolkit 2.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Analog Devices\SoundMAX\DevSetup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Analog Devices\SoundMAX\SMWizard.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Apple Software Update\SoftwareUpdate.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\AutoCAD 2005\acad.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\AutoCAD 2005\AcSignApply.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\AutoCAD 2005\addplwiz.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\AutoCAD 2005\AdRefMan.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\AutoCAD 2005\DwgCheckStandards.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\AutoCAD 2005\Express\alias.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\AutoCAD 2005\Express\dumpshx.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\AutoCAD 2005\HPSETUP.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\AutoCAD 2005\pc3exe.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\AutoCAD 2005\senddmp.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\AutoCAD 2005\sfxfe32.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\AutoCAD 2005\slidelib.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\AutoCAD 2005\styexe.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\AutoCAD 2005\styshwiz.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\AutoCAD 2005\Support\flashplayer7_winax.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Autodesk\Autodesk DWF Viewer\DWFViewer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Autodesk\Migration Tools\DwgCvt.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Bluebeam Software\Pushbutton PDF\AutoCAD\AutoCAD16\DWFTools\BBDWF.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Borland\Common Files\Bde\Mergesql.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Asset Services CS3\AssetServicesCS3.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VCPrefsHelper.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Ctl.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\database-template\bin\x86\mysqladmin.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\database-template\bin\x86\mysqld-nt.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\database-template\bin\x86\mysqldump.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\database-template\bin\x86\mysqlimport.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\jre\bin\java.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\jre\bin\javaw.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\jre\bin\javaws.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\jre\bin\jucheck.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\jre\bin\jusched.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\jre\bin\keytool.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\jre\bin\kinit.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\jre\bin\klist.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\jre\bin\ktab.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\jre\bin\orbd.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\jre\bin\pack200.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\jre\bin\policytool.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\jre\bin\rmid.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\jre\bin\rmiregistry.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\jre\bin\servertool.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\jre\bin\tnameserv.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\jre\bin\unpack200.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\plugins\com.adobe.versioncue.aum_3.1.0\native\win32\VCUpdateCheck.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Installers\498b43b77cac072081a5692bfc52804\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Installers\8c7a1e2e9e6a7b8aa308ba908bbd133\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdaterInstallMgr.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Autodesk Shared\AcHelp.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcLauncher.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Autodesk Shared\dwf common\ExpressViewer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Autodesk Shared\dwf common\RegCleaner.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Autodesk Shared\mtstack16.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Elecard\Registrator.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriver.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriver2.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver2.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver2.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\LightScribe\LSLauncher.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Microsoft Shared\MODI\11.0\MSPOCRDC.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Microsoft Shared\MODI\11.0\MSPSCAN.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Microsoft Shared\MSInfo\OINFOP11.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\link.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Microsoft Shared\Web Components\11\DFUICOM.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Repro Desk\LDFViewer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Repro Desk\Print Drivers\PCC.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Repro Desk\Print Drivers\Win95-98\BZWEBEX.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Repro Desk\ProxyMan.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Sonic Shared\Sonic Central\Audio\Launch.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Sonic Shared\Sonic Central\Data\Launch.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\LeaderReg.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033m\HXFSetup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\Shared\Writing Tools\9.0\pfreg.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\Shared\Writing Tools\9.0\wt9sptlEN.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\config\redist\CCDIST.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\Font Navigator\FontNav.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\programs\convert\cdrconv.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\programs\pfim90.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\programs\pfis90.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\programs\pop90.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\programs\prwin9.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\programs\ps90.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\programs\qfinder.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\programs\qfschd90.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\programs\ua90.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\programs\wpwin9.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\shared\equation\eqnedt32.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\shared\textart\textart.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\trellix_PE\program\TlxLauncher.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\trellix_PE\program\Trellix.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Corel\WordPerfect Office 2000\trellix_PE\program\Trellix_startup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\DWG TrueView 2008\addplwiz.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\DWG TrueView 2008\DWGVIEWR.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\DWG TrueView 2008\pc3exe.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\DWG TrueView 2008\senddmp.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\DWG TrueView 2008\Setup\AcDelTree.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\DWG TrueView 2008\Setup\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\DWG TrueView 2008\styexe.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\DWG TrueView 2008\styshwiz.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Elecard\Elecard Converter Studio AVC HD Edition\ConverterStudio.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Fast Color Codes\ARColorCodes.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarUser_4E01D8E52F3A3A47.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Google\Google Toolbar\Component\GoogleUpdaterService_5898FABCFA121C11.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Google\Google Toolbar\Component\SearchWithGoogleUpdate_4DE6AC39DE1AFE56.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Google\GoogleToolbarNotifier\swg-5.1.1309.3572\SearchWithGoogleUpdate.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Hewlett-Packard\HP Info Center\HpInfoSetup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Hewlett-Packard\HP Mobile Data Protection\Remove.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Hewlett-Packard\HP Mobile Data Protection\Winsys32\accelerometerST.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Hewlett-Packard\HP Notebook Accessories Product Tour\HP Notebook Accessories Product Tour.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Hewlett-Packard\HP Performance Tuning Framework\HTfUG\HPProcessMonitor.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Hewlett-Packard\HP Performance Tuning Framework\HTfUG\HyperTune.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Hewlett-Packard\HP Performance Tuning Framework\HTfUG\UGLogAnalyzer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\DspSwtch.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\hpSysInfo.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\MonDisp.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBMedia.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\qlbPres.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QMenu.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Hewlett-Packard\SDP\HPUpdater.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\HPQ\BrandIt\BrdItVer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\HPQ\HP Wireless Assistant\HPQWA_UI.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\HPQ\HP Wireless Assistant\Wireless.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{1CA432A0-DBC7-4C5D-A6B6-5DF0E2E44BB0}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{1F89F212-2052-414A-8B7E-D8604C431BDF}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{3475FBEC-E0F5-4A3F-823E-6C1DEA10F1AF}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{3FE31026-246F-4BAF-A313-8838962BCB95}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{75B40D99-9CF4-11D7-950B-00B0D0235AE8}\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{75ECB75A-522C-4312-8DE7-597CDA9D96A3}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{81BB112E-C4DF-4CDF-ADB4-21D26219F112}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{91CB0076-2D69-4402-A90C-15D76B11EAC9}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{9E11661F-C75F-4566-A91F-85BD90D09C70}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{E8581ECC-8BEA-4E91-AB5E-587654EBB2A7}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{E907A385-B00D-4D03-8B16-B64F10938CE6}\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{FC6E442D-ACBF-4EE3-BB0F-E9EFD6A43D07}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InstallShield Installation Information\{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InterVideo\DVD Check\DVDCheck.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\InterVideo\WinDVD\WinDVD.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Jasc Software Inc\Animation Shop 3\anim.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Learning Center\TourSync.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\register.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Macromedia\FreeHand MXa\FH_FL_Reader_Installer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Macromedia\FreeHand MXa\FH_FW_Reader_Installer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Macromedia\FreeHand MXa\Macromedia Flash Player 6.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\McAfee\Common Framework\Cleanup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\McAfee\Common Framework\CmdAgent.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\McAfee\Common Framework\FrameworkService.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\McAfee\Common Framework\FrmInst.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\McAfee\Common Framework\McScript.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\McAfee\Common Framework\UdaterUI.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Messenger\msmsgs.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\Office\MAKECERT.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\Office\SELFCERT.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\Office10\MAKECERT.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\Office10\SELFCERT.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\1033\MSOHELP.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\DSSM.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\GRAPH.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\MSE7.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\MSOHTMED.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\MSQRY32.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\MSTORDB.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\MSTORE.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\OIS.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\OSA.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\PJSPOOL.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\PPTVIEW.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\PROFLWIZ.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\SELFCERT.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\SETLANG.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\UNBIND.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\WINPROJ.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\Office12\excelcnv.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\Office12\Moc.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\Office12\Oice.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Office\Office12\PPCNVCOM.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Microsoft Silverlight\slup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Mil Incorporated\Mil Shield\Uninstaller.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Network Associates\System Compliance Profiler\PatchScanInstaller.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Network Associates\System Compliance Profiler\PtchScan.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Numara Software\Remote\Host\NHSTW32.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Numara Software\Remote\Host\RMServerConsoleMediator.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvpd.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvunin.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Oce\Publisher\Publisher.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\QuickTime\PictureViewer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\QuickTime\QTInfo.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\QuickTime\QTSystem\ExportController.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\QuickTime\QTTask.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\QuickTime\QuickTimePlayer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\MyDVD.EXE Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\MyDVDReg.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\RDC.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sonic\DLA\install\dlactrlw.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sonic\DLA\install\dladiagsetup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sonic\Express Labeler 2\stax.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\Announce\SPUAnnounce.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\AVCHDAuthor\SPUAVCHDAuthor.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\AVCHDAuthor\SPUAVCHDUDF.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\AVCHDAuthor\SPUMPThumb.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\AVCHDPlayer\SPUAVCHDPlayer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\Browser\SPUBrowser.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\Browser\SPUMPThumb.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\DVDAuthor\SPUDVDAuthor.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\DVDAuthor\SPUMPThumb.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\Importer\DCF\SPUDCFImporter.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\Importer\DCF\SPUMPThumb.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\Importer\Disc\SPUDiscImporter.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\Importer\Disc\SPUDiscImporterLauncher.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\InitTool\SPUInit.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\InitTool\SPULocaleSetting.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\Mapview\SPUMapview.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\Shared2\DrpGeneralObject.dll Infected: Trojan.Win32.Patched.fa 1
C:\Program Files\Sony\Sony Picture Utility\Shared2\SPUContentPreview.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\VideoConversion2\SPUVideoConversion.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\VideoDiscCopier\SPUMPThumb.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\VideoDiscCopier\SPUVideoDiscCopier.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\VideoTrimming\SPUVideoTrimming.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Spybot - Search & Destroy\YHYCPEWVHNT.scr Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Synaptics\SynTP\Media\InstNT.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Synaptics\SynTP\Media\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Synaptics\SynTP\Media\SynMood.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Synaptics\SynTP\Media\SynTPLpr.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Synaptics\SynTP\SynZMetr.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Synaptics\SynTP\Tutorial.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Trend Micro\HijackThis\mhenry.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\WIDCOMM\Bluetooth Software\bin\BcbtRmv_1.7.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\WIDCOMM\Bluetooth Software\bin\BtDfuWizard.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_explorer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\WIDCOMM\Bluetooth Software\gzip.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Windows Media Player\wmdbexport.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Windows Media Player\wmlaunch.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Windows Media Player\wmpnetwk.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Windows Media Player\wmpnscfg.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Windows Media Player\wmpshare.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\Windows Media Player\wmsetsdk.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\WinRAR\Rar.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\WinRAR\RarExtLoader.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\WinRAR\Uninstall.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\WinRAR\UnRAR.exe Infected: Virus.Win32.Sality.ae 1
C:\Program Files\WinRAR\WinRAR.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Adobe\instmsia.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Adobe\instmsiw.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\AppInstl\US\Disk1\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\audio\DevSetup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\audio\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\audio\SMax4PNP.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\audio\SMAXWDM\W2K_XP\SMax4PNP.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\audio\SM_Micro\Wizards\SMWizard.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\audio\SM_Panel\Sys\SMax4.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\BIOSCFG\Disk1\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\BrandIT\Disk1\Brandit.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\BrandIT\Disk1\Google_toolbar_ALL_EN_AU-01.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\BrandIT\Disk1\Google_toolbar_ALL_EN_GB-01.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\BrandIT\Disk1\My PC Essentials\Essentials.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\BrandIT\Disk1\NetSafe\netsafe.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\BrandIT\Disk1\Warranty\DA\splash.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\BrandIT\Disk1\Warranty\DE\splash.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\BrandIT\Disk1\Warranty\FI\splash.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\BrandIT\Disk1\Warranty\NL\splash.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\BrandIT\Disk1\Warranty\SV\splash.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Btooth\Inst.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Btooth\instmsia.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Btooth\instmsiw.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Btooth\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Btooth\TZ\instmsia.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Btooth\TZ\instmsiw.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Btooth\TZ\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\CHIPSET\Setup\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\credman\Disk1\instmsiw.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\credman\Disk1\Program Files\HPQ\IAM\Bin\asghost.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\credman\Disk1\Program Files\HPQ\IAM\Bin\ASPanel.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\credman\Disk1\Program Files\HPQ\IAM\Bin\LDIF2REG.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Default\Disk1\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\DNetSP1\NDPSP.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\DotNet1\dotnetfx.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\DVD\3rdPartyApp\aspiinst.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\DVD\3rdPartyApp\atl.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\DVD\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\ESPtools\Disk1\instmsia.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\ESPtools\Disk1\instmsiw.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\ESPtools\Disk1\program files\ProtectTools\Embedded Security Software\PSDrt.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\ESPtools\Disk1\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\ESPtools\Disk1\program files\ProtectTools\Embedded Security Software\SpBackupWz.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\ESPtools\Disk1\program files\ProtectTools\Embedded Security Software\SpMigWz.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\ESPtools\Disk1\program files\ProtectTools\Embedded Security Software\SpMUIHlp.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\ESPtools\Disk1\program files\ProtectTools\Embedded Security Software\SpP12Wz.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\ESPtools\Disk1\program files\ProtectTools\Embedded Security Software\SpPwdResetWz.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\ESPtools\Disk1\program files\ProtectTools\Embedded Security Software\SpTNA.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\ESPtools\Disk1\program files\ProtectTools\Embedded Security Software\SpTPMWz.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\ESPtools\Disk1\program files\ProtectTools\Embedded Security Software\SpUpgrade.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\ESPtools\Disk1\program files\ProtectTools\Embedded Security Software\SpUserWz.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\ESUXP\SEDInstaller\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\ESUXP\US\Disk1\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\GGLTB\FC\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\GGLTB\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Guides\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\HDD\F6flpy32.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\HPMDP\Disk1\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\HPRMA\SP31232.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\hptool\Disk1\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\HSC\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\CDStart.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\NAV\External\CommonFi\SYMSHARE\SMNLnch.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\NAV\External\NORTON\APP\NavShcom.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\NAV\External\NORTON\APP\NAVStub.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\NAV\External\NORTON\APP\qconsole.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\NAV\External\NORTON\ccIMScn.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\NAV\External\NORTON\CfgWiz.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\NAV\External\NORTON\OPScan.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\NAV\Omigrate.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Setup\asCore\AntiSpam\EudoHelp.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Setup\ISCommon\APP\AlertAst.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Setup\ISCommon\APP\ALEScan.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Setup\ISCommon\APP\ccPwdSvc.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Setup\ISCommon\APP\HNetWiz.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Setup\ISCommon\ccEmFlSv.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Setup\PControl\APP\PCWiz.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Setup\Setup\AntiSpam\EudoHelp.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Setup\Setup\APP\comHost.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Setup\SymLT\CfgWiz.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Setup\SymLT\SYMSHARE\DRMLFC.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Setup\SymLT\SYMSHARE\SMNLnch.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Setup\SymLT\SYMSHARE\SSAutoRN.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Setup\SymLT\WebReg.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Support\ccCommon\ccCommon\ccLgView.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Support\FRE\FREUpdt.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Support\LUpdate\LUSetup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Support\NISTools\ISRlRstr.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Support\NSC\NSCCore\SCenter\SYMSCUI.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Support\NSC\NSCCore\SecCon\NSCSRVCE.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Support\SPBBC\SPBBC\SYMSHARE\SPBBC\UPDMGR.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Support\SymLnch\SymLnch.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Support\SymNet\SymNet\SYMSHARE\SNDInst.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Support\SymNet\SymNet\SYMSHARE\SNDSrvc.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Support\SymSC\SYMWMIAV\SymSC\UsrPrmpt.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Support\SymSC\SYMWMIIS\SymSC\UsrPrmpt.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\Support\URLList\URLList.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\InetSec06\SymSetup.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Misc3\Base\instmsiw.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Misc3\Base\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Misc3\uminst.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Modem\agrsmdel.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Modem\AGRSMMsg.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Modem\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\MPrint\hpboid.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\MPrint\hpbpro.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\MPrint\hpnra.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\MPrint\hpzinw12.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\MPrint\hpzipm12.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\MSUAA\Disk1\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\MultWlan\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Network\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\ProdTour\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\QLB\Disk1\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\INS9XMSI.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\INSNTMSI.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\CONTENT.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\IMGCHS.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\IMGESN.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\IMGFIN.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\IMGFRA.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\IMGITA.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\IMGKOR.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\IMGPTB.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\IMGPTG.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\IMGSVE.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\TUTCHS.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\TUTCHT.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\TUTDAN.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\TUTDEU.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\TUTENU.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\TUTFIN.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\TUTFRA.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\TUTPTG.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\MYDVD_62\BIN\TUTSVE.EXE Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\SC_AUDIO_206\BIN\MRating.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\SC_COPY_206\BIN\MRating.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\SC_DATA_206\BIN\MRating.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SDMPL\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SFT\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SFT\Update\sminst\Scheduler.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\SmartC\Disk1\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Touchpad\Setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Touchpad\SynTPEnh.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\Touchpad\SynZMetr.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\VID1\nvudisp.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\VID1\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\WLAN\Broadcom\bcmwls32.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\WLAN\Broadcom\bcmwlu00.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\WLAN\Broadcom\is.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\WLAN\Broadcom\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\WLAN\Intel-3945\DPInst.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\WLAN\Intel-3945\iProDifX.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\WLAN\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\WLASST\Disk1\setup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\WMCNT\US\WMCSetup.exe Infected: Virus.Win32.Sality.ae 1
C:\SwSetup\WMP10\US\mp10setup.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023031.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023033.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023035.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023038.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023039.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023042.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023047.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023048.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023049.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023051.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023052.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023063.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023065.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023066.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023067.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023068.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023069.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023073.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023074.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023086.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023089.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023090.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023091.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023092.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023093.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023097.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023098.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023100.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023101.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023103.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023104.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023105.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023106.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023107.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023108.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023109.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023110.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023111.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023112.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023153.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023201.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023296.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023298.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023299.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023309.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023314.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023315.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023317.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023318.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023319.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023323.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023324.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023326.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023327.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023340.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023343.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023344.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023345.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023346.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023347.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023351.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023352.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023356.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023358.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023359.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023365.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP128\A0023368.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023372.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023373.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023375.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023376.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023378.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023379.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023380.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023381.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023382.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023384.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023385.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023386.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023387.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023397.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023399.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023401.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023403.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023404.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023405.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023410.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023411.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP129\A0023413.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023418.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023419.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023422.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023423.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023424.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023426.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023441.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023442.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023446.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023447.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023448.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023453.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023455.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023461.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023473.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023477.exe Infected: not-a-virus:FraudTool.Win32.MalwareRomovalBot.b 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023478.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023479.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023480.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023481.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023482.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023484.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023485.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023487.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023490.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023491.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023492.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023493.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023494.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023497.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023499.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023500.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023501.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023502.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023503.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023504.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023505.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023506.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023507.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023508.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023509.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023510.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023511.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023512.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023513.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023514.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023515.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023516.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023519.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023520.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023521.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023522.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023523.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023524.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023526.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023527.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023528.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023529.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023530.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023532.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023533.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023534.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023535.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023536.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023537.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023538.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023545.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023546.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023548.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023549.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023550.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023551.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023552.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023553.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023554.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023555.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023561.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023562.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023563.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023565.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023567.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023568.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023570.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023571.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023572.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023573.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023574.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023575.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023576.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023577.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023578.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023579.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023580.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023581.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023582.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023583.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023584.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023585.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023586.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023587.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023588.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023589.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023590.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023591.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023593.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023594.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023595.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023596.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023597.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023598.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023604.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023605.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023611.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023612.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023613.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023614.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023617.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023618.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023619.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023620.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023621.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023623.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023624.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023626.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023628.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023629.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023630.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023631.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023632.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023633.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023634.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023635.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023636.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023637.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023638.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023641.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023643.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023644.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023645.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023646.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023651.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023652.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023653.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023654.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023655.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023656.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023657.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023658.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023659.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023661.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023662.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023663.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023664.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023665.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023666.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023667.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023668.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023669.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023670.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023671.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023672.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023673.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023674.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023675.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023676.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023677.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023688.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023689.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023690.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023691.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023693.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023694.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023695.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023699.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023701.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023710.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023711.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP130\A0023712.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023713.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023715.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023716.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023717.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023718.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023721.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023722.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023723.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023725.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023726.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023728.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023729.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023730.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023731.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023732.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023733.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023734.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023735.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023736.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023737.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023738.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023739.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023740.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023741.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023742.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023745.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023746.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023747.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023748.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023749.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023750.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023752.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023753.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023754.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023755.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023756.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023759.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023761.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023762.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023763.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023764.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023765.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023766.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023767.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023774.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023775.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023776.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023777.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023778.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023779.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023780.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023781.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023782.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023783.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023784.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023785.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023786.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023792.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023793.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023794.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023796.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023797.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023799.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023800.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023801.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023802.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023803.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023804.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023805.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023806.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023807.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023808.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023809.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023810.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023811.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023812.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023813.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023814.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023815.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023816.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023817.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023818.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023819.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023820.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023821.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023822.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023823.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023829.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023831.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023832.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023833.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023839.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023840.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023846.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023847.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023848.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023849.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023852.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023853.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023854.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023855.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023856.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023857.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023858.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023860.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023861.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023862.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023863.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023865.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023866.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023867.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023868.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023869.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023870.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023871.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023872.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023873.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023874.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023875.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023878.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023880.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023881.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023882.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023883.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023889.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023890.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023891.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023892.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023893.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023894.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023895.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023896.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023897.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023898.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023899.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023900.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023901.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023903.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023904.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023905.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023906.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023907.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023908.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023909.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023910.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023911.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023912.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023913.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023914.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023915.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023916.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023917.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023918.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023919.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023920.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023921.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023930.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023935.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023994.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023996.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0023997.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024040.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024041.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024042.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024046.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024048.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024050.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024051.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024053.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024055.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024056.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024057.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024069.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024070.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024072.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024073.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024074.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024078.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024080.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024082.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024083.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024084.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024086.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024087.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024088.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024089.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024090.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024091.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024092.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024093.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024104.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024105.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024106.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024107.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024108.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024109.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024113.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024115.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024116.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024118.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024121.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024122.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024124.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0024125.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025104.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025105.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025106.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025107.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025108.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025112.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025113.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025115.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025117.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025118.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025129.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025130.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025132.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025133.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025134.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025138.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025140.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025141.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025142.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025145.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025146.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025147.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025149.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025152.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025153.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025155.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025156.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025157.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025158.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025579.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0025845.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0036043.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038808.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038809.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038810.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038811.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038812.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038814.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038815.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038816.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038818.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038819.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038820.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038822.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038823.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038824.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038825.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038826.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038829.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038886.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038887.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038890.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038891.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038892.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038893.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038894.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038895.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038897.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038898.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038899.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038900.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038902.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038916.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038918.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038919.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038920.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038921.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038922.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038924.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP131\A0038925.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038934.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038935.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038936.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038938.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038939.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038940.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038941.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038942.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038943.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038945.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038947.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038948.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038950.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038951.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038952.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038954.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038955.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038956.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038957.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038958.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038959.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038960.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038963.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038969.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038970.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038971.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038973.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038974.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038975.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038976.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038978.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038979.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038980.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038981.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038982.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038983.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038984.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038985.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038986.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038987.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038988.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038989.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038990.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038991.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038992.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038993.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038994.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038995.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038996.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038997.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038998.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0038999.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039000.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039001.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039002.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039003.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039004.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039005.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039006.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039012.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039013.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039019.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039020.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039021.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039022.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039025.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039026.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039027.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039028.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039029.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039030.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039031.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039033.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039034.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039035.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039036.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039038.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039039.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039040.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039041.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039042.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039043.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039044.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039045.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039046.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039047.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039048.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039051.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039053.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039054.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039055.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039056.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039062.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039063.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039122.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039123.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039124.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039125.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039126.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039127.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039128.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039129.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039130.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039132.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039133.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039134.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039135.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039136.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039137.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039138.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039139.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039140.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039141.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039142.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039143.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039144.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039145.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039146.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039147.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0039148.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040120.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040131.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040132.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040143.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040144.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040145.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040146.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040147.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040151.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040153.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040154.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040156.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040158.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040159.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040160.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040164.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040165.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040166.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040167.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040168.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040170.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040172.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040173.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040174.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040175.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040176.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040177.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040178.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040179.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040180.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040181.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040184.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040185.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040186.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040187.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040188.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040189.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040191.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040192.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040193.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040194.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040195.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040196.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040198.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040199.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040200.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040201.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040202.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040203.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040204.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040211.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040212.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040213.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040214.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040215.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040216.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040217.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040218.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040219.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040220.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040221.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP132\A0040222.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040223.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040224.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040225.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040227.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040229.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040230.EXE Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040232.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040238.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040239.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040240.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040242.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040243.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040245.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040246.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040247.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040248.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040249.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040250.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040251.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040252.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040253.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040254.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040255.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040256.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040257.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040258.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040259.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040260.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040261.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040262.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040263.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040264.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040265.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040266.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040267.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040268.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040269.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040270.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040272.exe Infected: Virus.Win32.Sality.ae 1
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP133\A0040273.exe Infected: Virus.Win32.Sality.ae 1




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users