jimbohemian

Members
  • Content Count

    15
  • Joined

  • Last visited

Community Reputation

0 Neutral

About jimbohemian

  • Rank
    Member
  1. After inadvertently backingup some.exe files and redo-ing the whole format again I am virus free. Thanks Blade81 for all the help
  2. I should be able to save .exe files on my external drive though. Are you saying I shouldn't or can't? I was hoping to save the folders from the Program files onto my external drive and drag and drop back onto my C drive when done reformatting. Is that not a good idea? Most programs I can re-install via disk after I'm done, I'm just curious about how I should do it.
  3. Hi, I have a SeaGate External HDD, not a Flash Drive. This would be alright to use to park my files on til I can reformat and re-install programs, wouldn't it?
  4. Also, how does this type of infection affect my computer and it's security? Is it more of a nuisance or is it a serious threat?
  5. So in this situation how would I go about doing that? Save and move files to another external drive and reformat my hard drive and then re-install my programs and such?
  6. Here's the KAS report: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Wednesday, February 10, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, February 11, 2010 00:00:47 Records in database: 3470642 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Scan statistics: Objects scanned: 107413 Threats found: 18 Infected objects found: 1570 Suspicious objects found: 0 Scan duration: 02:15:04 File name / Threat / Threats count C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe/C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe Infected: Virus.Win32.Sality.l 1 CTSysVol.exe\wmimgr32.dll/CTSysVol.exe\wmimgr32.dll Infected: Virus.Win32.Sality.k 1 C:\WINDOWS\system32\wmimgr32.dll/C:\WINDOWS\system32\wmimgr32.dll Infected: Virus.Win32.Sality.k 12 rundll32.exe\wmimgr32.dll/rundll32.exe\wmimgr32.dll Infected: Virus.Win32.Sality.k 1 C:\WINDOWS\system32\dla\tfswctrl.exe/C:\WINDOWS\system32\dla\tfswctrl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe/C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe/C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe Infected: Virus.Win32.Sality.l 1 dlbubmgr.exe\wmimgr32.dll/dlbubmgr.exe\wmimgr32.dll Infected: Virus.Win32.Sality.k 1 C:\Program Files\QuickTime\QTTask.exe/C:\Program Files\QuickTime\QTTask.exe Infected: Virus.Win32.Sality.l 1 QTTask.exe\wmimgr32.dll/QTTask.exe\wmimgr32.dll Infected: Virus.Win32.Sality.k 1 C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe/C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe Infected: Virus.Win32.Sality.l 1 wscntfy.exe\wmimgr32.dll/wscntfy.exe\wmimgr32.dll Infected: Virus.Win32.Sality.k 1 explorer.exe\wmimgr32.dll/explorer.exe\wmimgr32.dll Infected: Virus.Win32.Sality.k 1 C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\iftw.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\vroomsap.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140011_1abd48b3\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140011_29778780\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140011_6f756f9\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140011_eee05\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\CCS\CCSStop.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\All Users\Application Data\TaxCut\2008\Update\US62016801eupd.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\All Users\invokesi.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Aurora\Application Data\LimeWire\browser\xulrunner\crashreporter.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Aurora\Application Data\LimeWire\browser\xulrunner\updater.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Aurora\Application Data\LimeWire\browser\xulrunner\xpcshell.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Aurora\Application Data\LimeWire\browser\xulrunner\xpidl.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Aurora\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Aurora\Application Data\LimeWire\browser\xulrunner\xpt_link.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Aurora\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Aurora\Application Data\LimeWire\browser\xulrunner\xulrunner.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Dalton\Application Data\LimeWire\browser\xulrunner\crashreporter.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Dalton\Application Data\LimeWire\browser\xulrunner\updater.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Dalton\Application Data\LimeWire\browser\xulrunner\xpcshell.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Dalton\Application Data\LimeWire\browser\xulrunner\xpidl.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Dalton\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Dalton\Application Data\LimeWire\browser\xulrunner\xpt_link.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Dalton\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Dalton\Application Data\LimeWire\browser\xulrunner\xulrunner.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Dalton\Desktop\SetupPlaySushi.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Dalton\Desktop\xtractaurs_pc(2).exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Dalton\Desktop\xtractaurs_pc.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Dalton\Incomplete\T-5875524-jordan sparcks no air.au Infected: Trojan-Downloader.WMA.GetCodec.s 1 C:\Documents and Settings\Jim\Application Data\Microsoft\Installer\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}\DPS_DTLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\Application Data\Microsoft\Installer\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}\DPS_SMLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\Application Data\MSN6\msnupdate!@#@.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\My Documents\Malware Removal Programs\gmer\gmer.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\House Stuff\LaunchU3.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\House Stuff\Tax Forms\TaxCut04\Ereg\CpuDetect.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\House Stuff\Tax Forms\TaxCut04\Ereg\dlmain.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\House Stuff\Tax Forms\TaxCut04\Ereg\HRB1.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\House Stuff\Tax Forms\TaxCut04\Program\connectiontool.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\House Stuff\Tax Forms\TaxCut04\Program\DLMgr.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\House Stuff\Tax Forms\TaxCut04\Program\rmtc.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\House Stuff\Tax Forms\TaxCut04\Program\taxcut.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\House Stuff\Tax Forms\TaxCut05\Program\ConnectionTool.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\House Stuff\Tax Forms\TaxCut05\Program\DLMgr.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\House Stuff\Tax Forms\TaxCut05\Program\rmtc.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\House Stuff\Tax Forms\TaxCut05\Program\taxcut.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\Programs\CruzerLock21Install.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\Programs\hjsplit\hjsplit.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\Programs\mp3-to-wav.exe Infected: VirTool.Win32.Pepatcher.k 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\Programs\USBSwitchblade_noU3.rar Infected: not-a-virus:PSWTool.Win32.NetPass.ag 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\Programs\USBSwitchblade_noU3.rar Infected: not-a-virus:PSWTool.Win32.IEPassView.a 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\Programs\USBSwitchblade_noU3.rar Infected: not-a-virus:PSWTool.Win32.MailPassView.130 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\Programs\USBSwitchblade_noU3.rar Infected: not-a-virus:PSWTool.Win32.Messen.106 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\Programs\USBSwitchblade_noU3.rar Infected: not-a-virus:PSWTool.Win32.NetPass.q 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\Programs\USBSwitchblade_noU3.rar Infected: not-a-virus:PSWTool.Win32.IEPassView.q 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\Programs\USBSwitchblade_noU3.rar Infected: not-a-virus:PSWTool.Win32.ProductKey.e 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\Programs\USBSwitchblade_noU3.rar Infected: not-a-virus:PSWTool.Win32.PassView.162 1 C:\Documents and Settings\Jim\My Documents\Misc\Stuff\Programs\USBSwitchblade_noU3.rar Infected: not-a-virus:PSWTool.Win32.MailPassView.a 1 C:\Documents and Settings\Tiffany\Application Data\LimeWire\browser\xulrunner\crashreporter.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tiffany\Application Data\LimeWire\browser\xulrunner\updater.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tiffany\Application Data\LimeWire\browser\xulrunner\xpcshell.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tiffany\Application Data\LimeWire\browser\xulrunner\xpidl.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tiffany\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tiffany\Application Data\LimeWire\browser\xulrunner\xpt_link.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tiffany\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tiffany\Application Data\LimeWire\browser\xulrunner\xulrunner.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tiffany\Application Data\MSN6\MSNCoreFiles.NEW.{9D6EAA4F-27B2-4407-AC72-4BBD2FCB6ED1}\copymar.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tiffany\Application Data\MSN6\MSNCoreFiles.NEW.{9D6EAA4F-27B2-4407-AC72-4BBD2FCB6ED1}\msn.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tiffany\Application Data\MSN6\MSNCoreFiles.NEW.{9D6EAA4F-27B2-4407-AC72-4BBD2FCB6ED1}\pisynctw.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tiffany\Application Data\MSN6\MSNCoreFiles.NEW.{9D6EAA4F-27B2-4407-AC72-4BBD2FCB6ED1}\Setup\msnunin.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tiffany\Application Data\MSN6\MSNCoreFiles.NEW.{9D6EAA4F-27B2-4407-AC72-4BBD2FCB6ED1}\update.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tiffany\Application Data\MSN6\MSNCoreFiles.NEW.{9D6EAA4F-27B2-4407-AC72-4BBD2FCB6ED1}\updater.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tiffany\My Documents\My Music\iTunes\iTunes Music\everytime my heart calls your.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1 C:\Documents and Settings\Tiffany\My Documents\My Music\iTunes\iTunes Music\ill never get over you envogue.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1 C:\Documents and Settings\Tiffany\My Documents\My Music\iTunes\iTunes Music\You're So Good For Me.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1 C:\Documents and Settings\Tiffany\My Documents\My Music\iTunes\iTunes Music\youre driving me crazy nut new single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1 C:\Documents and Settings\Tyler\Application Data\LimeWire\browser\xulrunner\crashreporter.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tyler\Application Data\LimeWire\browser\xulrunner\updater.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tyler\Application Data\LimeWire\browser\xulrunner\xpcshell.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tyler\Application Data\LimeWire\browser\xulrunner\xpidl.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tyler\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tyler\Application Data\LimeWire\browser\xulrunner\xpt_link.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tyler\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tyler\Application Data\LimeWire\browser\xulrunner\xulrunner.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tyler\Application Data\MySpace\Toolbar\bin\MSTBCoreContainer.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tyler\Application Data\U3001773096097A3\Launchpad Removal.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tyler\Application Data\U3001773096097A3\LaunchPad.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tyler\Desktop\DesktopUSArmy.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tyler\Desktop\UnInstallUSArmyBFC.exe Infected: Virus.Win32.Sality.l 1 C:\Documents and Settings\Tyler\Incomplete\Preview-T-5188152-army cd 1 2 3 new hot single.au Infected: Trojan-Downloader.WMA.GetCodec.s 1 C:\Program Files\2Wire_USB_Drivers\2WireUninstall.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\ABBYY FineReader 5.0 Sprint\Scan\TWAIN\TWUNK_32.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\ABBYY FineReader 5.0 Sprint\Sprint.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\ABBYY FineReader 5.0 Sprint\Support\AInfo.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\ADB2.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\PhotoshopAlbum.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\PsaProxy.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Any DVD Cloner Platinum\ClonerPlatinum_U.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Any DVD Cloner Platinum\mplayer.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Broadcom\DrvInst\bdrvinst.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Broderbund\Brochures Newsletters and More\bnm.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Broderbund\Brochures Newsletters and More\Ereg\ereg32.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Broderbund\Brochures Newsletters and More\MSRUN32.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Broderbund\Brochures Newsletters and More\TryBeforeYouBuy\Runlink.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Broderbund\Business Card Creator\bcc.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Broderbund\Business Card Creator\ereg\ereg32.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Broderbund\Business Card Creator\MSRUN32.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Broderbund\Business Card Creator\TryBeforeYouBuy\Runlink.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Broderbund\Advanced Drawing\advdraw.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Broderbund\UMM\Adbook.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Broderbund\UMM\Crdmind.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver2.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Kodak\kodak_dr\ccsreg.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Kodak\kodak_dr\inst_act.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Kodak\kodak_dr\KodakCCS.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamServr.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Logitech\QCDRV\BIN\DelDev.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Logitech\QCDRV\BIN\InstFiles.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Logitech\QCDRV\BIN\InstMed.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Logitech\QCDRV\BIN\Launcher.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Logitech\QCDRV\BIN\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Logitech\QCDRV\BIN\Shutdown.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Logitech\QCDRV\BIN\SLAUNCH.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Logitech\QCDRV\BIN\StripInf.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Logitech\QCDRV\BIN\Update.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Logitech\QCDRV\BIN\VidCtrl2.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Microsoft Shared\Artgalry\ARTGALRY.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Microsoft Shared\Artgalry\CAG.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Microsoft Shared\MSInfo\OFFPROV.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Microsoft Shared\WordArt\WRDART32.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Scanner\ppupdstub.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSetup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\MediaSource\CTCMS.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\MediaSource\Wizard\AudioCvt\AudioCvt.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\MediaSource\Wizard\Import\CTImport.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\MediaSource\Wizard\ImportPlaylist\CTEPLImp.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Shared Files\CDASvc.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Shared Files\CTRegSvr.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Shared Files\Media Sniffer\startMS.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Shared Files\Music Analyzer\CTMetAcq.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\ShareDLL\CTNotify.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\ShareDLL\Mediadet.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Sound Blaster Live! 24-bit\Diagnostics\CTCplFW.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Sound Blaster Live! 24-bit\Diagnostics\diagnos3.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Sound Blaster Live! 24-bit\EAX\Ahqrun.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Sound Blaster Live! 24-bit\EAX\EAX.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Sound Blaster Live! 24-bit\Equalizer\CTEQ.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Sound Blaster Live! 24-bit\MiniDisc\CTMDCen.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Sound Blaster Live! 24-bit\MiniDisc\regsvr32.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\CTZapxx.Exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Restore.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Sound Blaster Live! 24-bit\SFBM\sfbm.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Sound Blaster Live! 24-bit\Speaker Settings\SpkSet.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\SurMixer.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Creative\Sound Blaster Live! 24-bit\WaveStudio\CtWave32.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\DeductionPro.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\JRE\bin\java.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\JRE\bin\javaw.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\JRE\bin\jpicpl32.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\JRE\bin\jucheck.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\JRE\bin\jusched.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\JRE\bin\keytool.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\JRE\bin\kinit.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\JRE\bin\klist.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\JRE\bin\ktab.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\JRE\bin\orbd.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\JRE\bin\policytool.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\JRE\bin\rmid.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\JRE\bin\rmiregistry.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\JRE\bin\servertool.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\JRE\bin\tnameserv.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\JRE\javaws\javaws.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2006\UNWISE.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2007\jre\bin\java.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2007\jre\bin\javaw.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2007\jre\bin\jpicpl32.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2007\jre\bin\jucheck.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2007\jre\bin\jusched.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2007\jre\bin\keytool.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2007\jre\bin\kinit.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2007\jre\bin\klist.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2007\jre\bin\ktab.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2007\jre\bin\orbd.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2007\jre\bin\policytool.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2007\jre\bin\rmid.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2007\jre\bin\rmiregistry.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2007\jre\bin\servertool.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2007\jre\bin\tnameserv.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2007\jre\javaws\javaws.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2008\jre\bin\java.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2008\jre\bin\javaw.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2008\jre\bin\jpicpl32.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2008\jre\bin\jucheck.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2008\jre\bin\jusched.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2008\jre\bin\keytool.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2008\jre\bin\kinit.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2008\jre\bin\klist.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2008\jre\bin\ktab.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2008\jre\bin\orbd.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2008\jre\bin\policytool.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2008\jre\bin\rmid.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2008\jre\bin\rmiregistry.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2008\jre\bin\servertool.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2008\jre\bin\tnameserv.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\DeductionPro 2008\jre\javaws\javaws.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Dell Photo AIO Printer 942\dlbuaiox.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Dell Photo AIO Printer 942\memcard.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Dell Photo AIO Printer 942\PowerMgr.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\ERUNT\AUTOBACK.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\ERUNT\ERUNT.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\ERUNT\NTREGOPT.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Google\Google Earth\client\earthflashsol.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Google\Google Earth\client\googleearth.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Google\Google Earth\client\gpsbabel.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Google\Google Earth\plugin\geplugin.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Heavenly Software\Bible Quiz For Kids\Quiz.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Hewlett-Packard\hp deskjet assistant\bin\browser.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Hewlett-Packard\hp deskjet assistant\bin\printpcl.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Hewlett-Packard\HPZ\Glue\hpfsched.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Hewlett-Packard\HPZ\Glue\hpzglu04.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Hewlett-Packard\HPZ\Glue\util\common\hpfpdi04.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Hewlett-Packard\HPZ\Glue\util\common\hpzghl04.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Hewlett-Packard\HPZ\Glue\util\common\hpzpin04.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\hp deskjet 960c series\ereg\register.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\hp deskjet 960c series\hpfinsta.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\hp deskjet 960c series\hpfiui.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\hp deskjet 960c series\hpfxicm.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\hp deskjet 960c series\printpcl.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{BCCBE608-5C44-4507-AE11-55B36AE0E41B}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{F23772E1-3DF8-4AC3-B9A5-2CB7335BCE0B}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\Setup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Kodak EasyShare software\bin\ptswia.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Kodak Utilities\kodnotif.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Legal Products\Broderbund Business Lawyer 2003\BL2003.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Legal Products\Broderbund Business Lawyer 2003\Ereg\EReg32.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Legal Products\Broderbund Business Lawyer 2003\Ereg\eregmodem.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Legal Products\Broderbund Business Lawyer 2003\Ereg\UNWISE.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Legal Products\Broderbund Business Lawyer 2003\UNWISE.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\LG Electronics\LG USB Modem Driver\ExeInvoker.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\LG Electronics\LG USB Modem Driver\ExeLauncher.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\LG Electronics\LG USB Modem Driver\ExeRemover.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\LG Electronics\LG USB Modem Driver\InstallUSB.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\LG Electronics\LG USB Modem Driver\InstallUSB9x.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\LG Electronics\LG USB Modem Driver\UninstallShld.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\LG Electronics\LG USB Modem Driver\UninstallShld9x.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\LG Electronics\LG USB Modem Driver\UninstallUSB.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\LG Electronics\LG USB Modem Driver\UninstallUSB9x.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\LimeWire\LimeWire.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Messenger\msmsgs.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\1033\MSOHELP.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\1033\WRKGADM.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\Business Planner\MHK3CEE.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\Business Planner\MSBP_STB.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\EXCEL.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\FINDER.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\GRAPH9.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\MAKECERT.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\MSACCESS.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\MSBP.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\MSDRAW82.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\MSOHTMED.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\MSPUB.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\OSA9.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\SBCMSTRT.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\SBT\DMM\directmail.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\SBT\SBCM\SBCMAUT.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\SBT\SBFM\anatools\projwiz\Projection.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\SELFCERT.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\SETLANG.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\UNPACK.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Microsoft Office\Office\WINWORD.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MSNCoreFiles\copymar.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MSNCoreFiles\install\msnsusii.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MSNCoreFiles\msn.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MSNCoreFiles\pisynctw.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MSNCoreFiles\Setup\msnunin.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MSNCoreFiles\update.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MSNCoreFiles\updater.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MSNCoreFiles.BAK.{FEC69D39-ADBA-4928-98F0-3571AA97ABDF}\copymar.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MSNCoreFiles.BAK.{FEC69D39-ADBA-4928-98F0-3571AA97ABDF}\Install\msnsusii.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MSNCoreFiles.BAK.{FEC69D39-ADBA-4928-98F0-3571AA97ABDF}\msn.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MSNCoreFiles.BAK.{FEC69D39-ADBA-4928-98F0-3571AA97ABDF}\pisynctw.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MSNCoreFiles.BAK.{FEC69D39-ADBA-4928-98F0-3571AA97ABDF}\Setup\msnunin.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MSNCoreFiles.BAK.{FEC69D39-ADBA-4928-98F0-3571AA97ABDF}\update.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MSNIA\msniasvc.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MSNIA\prestp.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MsnInstaller\msniadm.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MsnInstaller\msninst.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\MSN\MsnInstaller\msniusr.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\NBX Audio Converter\audioconverter.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\NBX Audio Converter\wmfdist.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\PDF995\res\convert\gswin32c.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\PDF995\res\drivedir\PSConvert.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\PDF995\res\utilities\burstpdf.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\PDF995\res\utilities\modps.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\PDF995\res\utilities\pdfcombine.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\PDF995\res\utilities\pdfcompress.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\PDF995\res\utilities\pdfextract.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\PDF995\res\utilities\PrintPDF.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\PDF995\res\utilities\sendattachment.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\PDF995\res\utilities\smtpsend.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\PDF995\res\utilities\splash.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Plus!\Themes\Beneath Autumn Boughs\wvinstall.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Plus!\Themes\Richie'sWorld\SpongeBobSquarePants\webviews\spongebob_wvinstall.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\QuickTime\PictureViewer.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\QuickTime\QTTask.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Qwest\QuickCare\agentui\quickcare.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Qwest\QuickCare\agentui\snapins\solutionflows\miniunzip.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Qwest\QuickCare\bin\dialogwaiter.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Qwest\QuickCare\bin\sdckillw.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Qwest\QuickCare\bin\tgshell.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Qwest\QuickCare\bin\togglekeylock.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Qwest\QuickCare\bin\wificfg.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Qwest\QuickConnect\QuickConnect.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Qwest\QuickConnect\QuickConnectClientUpdater.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\RegCleaner\Uninstall.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\SanDisk\SanDisk TransferMate\CheckUpdate\CheckUpdate.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\SanDisk\SanDisk TransferMate\SanDisk TransferMate.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\SanDisk\SanDisk TransferMate\Tools\EmailProof\Sendmail.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\SanDisk\SanDisk TransferMate\Tools\ScreenSaver\SanDisk Screen Saver.scr Infected: Virus.Win32.Sality.l 1 C:\Program Files\Snapshot Viewer\SNAPVIEW.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Sonic\Sonic Solutions Product CD\DLA\dlaunin.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Sonic\Sonic Solutions Product CD\DLA\install\dla.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Sonic\Sonic Solutions Product CD\DLA\install\ssdiag.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Sonic\Sonic Solutions Product CD\DLA\install\ssdsetup.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Sonic\Sonic Solutions Product CD\DLA\install\tfswcmd.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Sonic\Sonic Solutions Product CD\DLA\install\tfswctrl.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Sonic\Sonic Solutions Product CD\MyDVD\LeaderReg.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Sonic\Sonic Solutions Product CD\MyDVD\MyDVD.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Sonic\Sonic Solutions Product CD\MyDVD\MyDVDReg.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Sonic\Sonic Solutions Product CD\RecordNow!\Launch.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Sonic\Sonic Solutions Product CD\RecordNow!\LeaderReg.EXE Infected: Virus.Win32.Sality.l 1 C:\Program Files\Sonic\Sonic Solutions Product CD\RecordNow!\RecordNow.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\SourceTec\Sothink FLV Converter\FLVConverter.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\SourceTec\Sothink FLV Player\FLVPlayer.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\TaxCut05\Program\ConnectionTool.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\TaxCut05\Program\DLMgr.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\TaxCut05\Program\rmtc.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\TaxCut05\Program\TaxCut.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\TaxCut06\Program\ConnectionTool.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\TaxCut06\Program\rmtc.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\TaxCut06\Program\taxcut.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\TaxCut06\Program\TaxCutSWmgr.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\TaxCut07\Program\ConnectionTool.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\TaxCut08\Program\ConnectionTool.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\TLC\Amazon Trail 3\amazon3.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Windows Media Connect 2\wmccds.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Windows Media Connect 2\WMCCFG.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Windows Media Player\wmdbexport.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Windows Media Player\wmlaunch.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Windows Media Player\wmpenc.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Windows Media Player\wmpnetwk.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Windows Media Player\wmpnscfg.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Windows Media Player\wmpshare.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Windows Media Player\wmsetsdk.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Windows NT\hypertrm.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\WinRAR\Rar.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\WinRAR\RarExtLoader.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\WinRAR\Uninstall.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\WinRAR\UnRAR.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\WinRAR\WinRAR.exe Infected: Virus.Win32.Sality.l 1 C:\Program Files\Yahoo!\Messenger\UNWISE.EXE Infected: Virus.Win32.Sality.l 1 C:\ProgramData\Mattel\Xtractaurs (tm)\jpjw1.08-install.exe Infected: Virus.Win32.Sality.l 1 C:\ProgramData\Mattel\Xtractaurs (tm)\jpjwatcher.exe Infected: Virus.Win32.Sality.l 1 C:\ProgramData\Mattel\Xtractaurs (tm)\kencom.exe Infected: Virus.Win32.Sality.l 1 C:\ProgramData\Mattel\Xtractaurs (tm)\uninstall.exe Infected: Virus.Win32.Sality.l 1 C:\ProgramData\Mattel\Xtractaurs (tm)\uninstaller.exe Infected: Virus.Win32.Sality.l 1 C:\ProgramData\Mattel\Xtractaurs (tm)\xtractaurs_update.exe Infected: Virus.Win32.Sality.l 1 C:\Qoobox\Quarantine\C\Documents and Settings\Tyler\Application Data\Microsoft\winlog.exe.vir Infected: Worm.Win32.Carrier.ag 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\wmimgr32.dll.vir Infected: Virus.Win32.Sality.k 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\_wmimgr32_.dll.zip Infected: Virus.Win32.Sality.k 1 C:\Sierra\Print Artist 8.0\PA8CNVRT.exe Infected: Virus.Win32.Sality.l 1 C:\Sierra\Print Artist 8.0\PrintArt.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221548.dll Infected: Virus.Win32.Sality.k 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221549.dll Infected: Virus.Win32.Sality.k 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221551.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221566.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221567.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221568.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221569.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221570.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221571.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221572.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221583.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221584.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221591.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221592.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221593.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221594.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221595.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221596.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221597.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221598.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221599.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221600.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221601.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221602.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221603.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221604.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221605.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221606.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221607.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221609.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221613.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221614.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221618.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221619.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221620.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221628.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221629.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221630.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221631.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221632.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221633.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221634.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221635.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221637.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221640.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221641.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221642.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221643.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221644.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221645.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221646.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221647.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221648.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221649.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221650.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221651.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221652.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221656.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221657.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221658.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221666.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221669.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221671.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221672.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221673.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221674.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221675.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221676.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221677.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221684.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221686.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221689.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221690.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221691.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221692.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221694.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221696.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221697.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221698.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221700.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221733.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221734.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221735.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221738.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221739.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221740.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221746.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221748.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221749.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221750.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221751.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221752.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221753.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221754.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221755.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221756.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221757.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221758.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221759.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221760.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221761.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221762.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221763.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221764.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221765.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221768.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221771.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221772.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221773.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221778.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221779.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221780.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221781.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221782.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221783.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221784.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221785.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221786.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221787.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221788.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221789.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221790.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221791.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221792.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221793.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221794.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221795.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221796.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221797.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221798.Exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221799.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221800.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221801.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221802.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221803.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221804.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221805.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221806.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221807.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221808.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221809.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221810.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221811.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221812.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221813.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221814.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221815.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221816.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221817.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221818.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221819.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221820.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221821.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221822.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221823.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221825.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221828.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221829.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221830.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221831.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221832.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221833.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221834.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221835.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221836.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221837.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221838.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221839.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221840.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221841.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221842.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221843.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221847.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221848.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221849.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221850.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221851.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221852.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221853.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221854.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221855.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221856.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221857.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221858.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221859.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221860.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221861.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221862.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221864.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221865.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221866.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221867.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221868.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221869.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221875.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221876.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221877.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221878.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221898.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221899.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221900.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221901.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221902.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221903.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221904.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221905.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221906.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221907.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221908.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221909.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221910.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221911.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221912.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221914.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221915.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221916.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221917.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221918.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221920.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221921.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221922.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221924.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221927.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221928.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221929.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221930.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221931.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221932.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221933.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221934.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221935.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221936.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221937.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221938.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221939.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0221940.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222119.exe Infected: Worm.Win32.Carrier.ag 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222120.exe Infected: Worm.Win32.Carrier.ag 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222121.exe Infected: Worm.Win32.Carrier.ag 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222122.exe Infected: Worm.Win32.Carrier.ag 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222123.exe Infected: Worm.Win32.Carrier.ag 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222270.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222346.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222347.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222359.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222360.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222544.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222552.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222553.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222554.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222555.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222556.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222557.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222558.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222622.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222623.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1170\A0222628.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222746.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222747.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222748.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222749.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222750.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222751.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222752.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222753.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222754.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222757.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222770.dll Infected: Virus.Win32.Sality.k 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222771.dll Infected: Virus.Win32.Sality.k 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222789.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222798.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222799.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222800.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222801.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222802.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222803.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222804.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222815.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222819.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222820.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222834.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222838.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222841.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222844.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222846.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222850.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222863.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222934.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222935.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222940.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1172\A0222952.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1172\A0223028.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1172\A0223029.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1172\A0223030.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1172\A0223031.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1172\A0223032.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1172\A0223034.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1172\A0223035.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1172\A0223036.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223096.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223097.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223098.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223100.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223116.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223117.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223118.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223119.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223130.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223131.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223132.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223134.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223135.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223136.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223138.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223141.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223155.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1173\A0223156.rbf Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223167.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223168.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223169.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223170.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223221.dll Infected: Virus.Win32.Sality.k 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223222.dll Infected: Virus.Win32.Sality.k 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223223.dll Infected: Virus.Win32.Sality.k 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223224.dll Infected: Virus.Win32.Sality.k 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223225.dll Infected: Virus.Win32.Sality.k 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223226.dll Infected: Virus.Win32.Sality.k 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223227.dll Infected: Virus.Win32.Sality.k 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223228.dll Infected: Virus.Win32.Sality.k 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223232.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223241.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223242.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223243.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223244.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223245.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223246.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223247.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223257.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223258.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223263.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223264.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223265.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223266.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223267.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223268.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223269.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223270.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223271.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223272.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223273.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223274.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223275.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223276.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223277.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223278.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223279.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223281.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223285.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223286.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223289.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223290.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223291.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223293.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223294.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223295.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223296.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223297.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223298.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223299.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223300.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223301.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223304.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223305.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223306.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223307.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223308.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223309.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223310.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223311.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223312.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223313.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223314.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223315.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223316.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223318.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223321.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223322.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223323.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223331.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223336.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223338.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223339.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223340.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223341.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223342.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223343.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223344.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223346.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223349.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223350.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223351.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223352.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223354.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223356.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223357.exe Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223358.EXE Infected: Virus.Win32.Sality.l 1 C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1174\A0223360.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlmp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrpamp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB896424\update\arpidfix.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB923561\SP3QFE\wordpad.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlmp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrpamp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB931836\SP2QFE\tzchange.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB933360\SP2QFE\tzchange.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB955839\SP3QFE\tzchange.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntkrnlmp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntkrpamp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\sc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB960859\SP3QFE\telnet.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB960859\SP3QFE\tlntsess.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntkrnlmp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntkrpamp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB976325-IE8\SP3QFE\ie4uinit.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$hf_mig$\KB978207-IE8\SP3QFE\ie4uinit.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\admin.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ahui.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\alg.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\at.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\atmadm.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\attrib.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\auditusr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\author.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\autochk.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\autoconv.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\autofmt.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\autolfn.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\blastcln.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\cacls.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\cmd.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\cmstp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\comrereg.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\conf.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\conime.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\cscript.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\csrss.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\dcomcnfg.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ddeshare.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\defrag.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\diantz.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\diskpart.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\dmremote.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\dplaysvr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\dpnsvr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\dpvsetup.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\dvdupgrd.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\dwwin.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\eudcedit.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\evntcmd.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\evntwin.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\extrac32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\findstr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\fltmc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\fontview.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\forcedos.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\fpadmcgi.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\fpcount.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\fpremadm.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\fsquirt.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ftp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\fxsclnt.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\fxscover.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\grpconv.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\help.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\hh.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\hscupd.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\icwconn1.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\icwconn2.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\icwrmind.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ie4uinit.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\iexpress.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\imapi.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\inetwiz.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ipconfig.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ipv6.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ipxroute.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\locator.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\logman.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\logon.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\logonui.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\magnify.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\makecab.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\migload.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\migregdb.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\mmc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\mobsync.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\mofcomp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\moviemk.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\mplay32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\mplayer2.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\msconfig.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\msdtc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\mshta.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\msiexec.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\msimn.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\msiregmv.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\msoobe.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\mspaint.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\mstinit.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\mstsc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\mtstocom.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\narrator.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\net.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\net1.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\netdde.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\netsetup.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\netsh.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\netstat.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\notepad.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\nppagent.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\nslookup.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlmp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ntkrpamp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ntvdm.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\odbcad32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\odbcconf.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\oemig50.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\oobebaln.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\osk.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\packager.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\perfmon.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\pinball.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ping.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\pintlphr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\powercfg.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\progman.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\proquota.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\proxycfg.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\qprocess.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\rasphone.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\rcimlby.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\rcp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\rdpclip.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\rdsaddin.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\rdshost.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\reg.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\regedit.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\regsvr32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\rexec.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\rsh.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\rtcshare.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\runonce.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\savedump.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\scardsvr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\scrcons.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\scrnsave.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\sdbinst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\services.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\sessmgr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\sethc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\setup.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\setup50.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\shmgrate.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\shrpubw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\shtml.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\shutdown.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\sigverif.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\skeys.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\smbinst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\smi2smir.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\smlogsvc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\smss.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\sndrec32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\snmp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\snmptrap.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\sort.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\spider.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\spnpinst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ss3dfo.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ssbezier.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ssflwbox.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ssmarque.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ssmypics.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ssmyst.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\sspipes.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ssstars.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\sstext3d.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\stimon.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\sysocmgr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\tcptest.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\telnet.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\tourstart.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\tourstrt.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\tracert.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\tzchange.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\uploadm.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\upnpcont.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\ups.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\utilman.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\verclsid.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\vssvc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\wab.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\wabmig.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\wbemtest.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\wextract.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\wiaacmgr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\winhlp32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\winver.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\wmiadap.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\wmiapsrv.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\wordpad.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\wpabaln.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\wpnpinst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\wscript.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtServicePackUninstall$\xcopy.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB896358$\hh.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB896428$\telnet.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB902400$\migregdb.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB922582$\fltmc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB923561$\wordpad.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB925454$\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlmp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB929338$\ntkrpamp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB931768$\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlmp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB931784$\ntkrpamp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB933360$\tzchange.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB933566$\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB937143$\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB939653$\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB942615$\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB944533$\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB947864$\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB950759_0$\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB951072-v2$\tzchange.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB951978$\cscript.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB951978$\wscript.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB952069_WM9$\logagent.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB953838_0$\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB955839$\tzchange.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB956572$\ntkrnlmp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB956572$\ntkrnlpa.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB956572$\ntkrpamp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB956572$\ntoskrnl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB956572$\sc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB956572$\services.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB956572$\wmiprvse.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB956841$\ntkrnlpa.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB960859$\telnet.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB970653-v3$\tzchange.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB971486$\ntkrnlmp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB971486$\ntkrnlpa.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB971486$\ntkrpamp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB971486$\ntoskrnl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB976098-v2$\tzchange.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB977165$\ntkrnlmp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB977165$\ntkrnlpa.exe.000 Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB977165$\ntkrpamp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallKB977165$\ntoskrnl.exe.000 Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\dla.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Downloaded Program Files\Uploader.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ERDNT\2-3-2010\ERDNT.EXE Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ERDNT\AutoBackup\2-4-2010\ERDNT.EXE Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ERDNT\AutoBackup\2-6-2010\ERDNT.EXE Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ERDNT\AutoBackup\2-9-2010\ERDNT.EXE Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\GTRemove.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\accicons.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\bindico.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\fpicon.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\misc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\outicon.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\PEicons.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\pptico.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\wordicon.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\xlicons.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{00040409-78E1-11D2-B60F-006097C998E7}\accicons.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{00040409-78E1-11D2-B60F-006097C998E7}\bindico.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{00040409-78E1-11D2-B60F-006097C998E7}\misc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{00040409-78E1-11D2-B60F-006097C998E7}\pubs.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}\ARPPRODUCTICON.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}\NewShortcut2_11B569C24BF64ED09D17A4273943CB24.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}\NewShortcut3_11B569C24BF64ED09D17A4273943CB24.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}\ARPIcon.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{21657574-BD54-48A2-9450-EB03B2C7FC29}\MyDVD.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}\ARPPRODUCTICON.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{9541FED0-327F-4DF0-8B96-EF57EF622F19}\RecordNow.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\EasyShareDesktopShortcut.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\EasyShareStartMenu.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\EasyShareStartupShortcut.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut11.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut12.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut13.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut4.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut5.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut6.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut7.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut8.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\NewShortcut9.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{CA60320D-6A16-49C8-A34F-84EEF4799567}\TutorialSC.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{D1696920-9794-4BBC-8A30-7A88763DE5A2}\_A8BE1D773A10_45E3_8B88_4571889E5410.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{D81FBA6E-5492-4C46-BAE3-3A9242C27210}\ARPPRODUCTICON.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\IsUninst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\MIDIDEF.EXE Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\network diagnostic\xpnetdiag.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\P17DEF.EXE Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\accwiz.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\admin.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ahui.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\alg.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\at.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\atmadm.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\attrib.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\auditusr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\author.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\autochk.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\autoconv.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\autofmt.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\autolfn.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\blastcln.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\cacls.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\cisvc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\cmd.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\cmstp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\comrepl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\comrereg.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\conf.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\conime.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\cscript.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\csrss.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\dcomcnfg.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ddeshare.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\defrag.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\diantz.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\diskpart.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\dllhost.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\dmremote.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\dplaysvr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\dvdupgrd.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\dwwin.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\dxdiag.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\evntcmd.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\evntwin.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\explorer.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\extrac32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\faxpatch.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\findstr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\fltmc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\fontview.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\forcedos.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\fp98sadm.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\fp98swin.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\fpadmcgi.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\fpcount.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\fpremadm.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\fpsrvadm.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\fsquirt.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ftp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\fxsclnt.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\fxscover.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\grpconv.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\help.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\helpctr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\hh.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\hscupd.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\icwconn1.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\icwconn2.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\icwrmind.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ie4uinit.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\iedw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\iexplore.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\iexpress.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\imapi.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\inetwiz.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ipconfig.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ipv6.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ipxroute.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\irftp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\lang\cintsetp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\lang\cplexe.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\lang\imjpdsvr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\lang\imjpinst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\lang\imjpmig.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\lang\imjprw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\lang\imjputy.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\lang\imscinst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\lang\pintlphr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\lang\tintlphr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\lang\tintsetp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\lhmstsc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\locator.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\logman.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\logon.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\logonui.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\lsass.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\magnify.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\makecab.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\migload.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\migregdb.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\migwiz.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\migwiza.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\mmcperf.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\mnmsrvc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\mobsync.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\mofcomp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\moviemk.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\mplay32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\msconfig.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\msdtc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\mshta.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\msiexec.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\msimn.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\msiregmv.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\msnsusii.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\msoobe.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\mspaint.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\mstinit.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\mtstocom.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\muisetup.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\napstat.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\narrator.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\net.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\net1.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\netdde.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\netsetup.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\netsh.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\netstat.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\notepad.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\nppagent.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\nslookup.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ntkrnlmp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ntkrpamp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ntvdm.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\odbcad32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\odbcconf.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\oemig50.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\oobebaln.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\oschoice.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\osk.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\osloader.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\packager.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\perfmon.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\pinball.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ping.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\powercfg.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\progman.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\proquota.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\proxycfg.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\qprocess.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\rasphone.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\rcimlby.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\rcp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\rdpclip.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\rdsaddin.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\rdshost.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\reg.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\regedit.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\regsvr32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\rexec.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\rsh.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\rstrui.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\rtcshare.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\rundll32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\runonce.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\savedump.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\scardsvr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\scrcons.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\scrnsave.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\sdbinst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\services.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\sessmgr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\sethc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\setup.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\setup50.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\setupn.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\shmgrate.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\shrpubw.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\shtml.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\shutdown.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\sigverif.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\skeys.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\slrundll.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\slserv.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\smbinst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\smi2smir.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\smlogsvc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\smss.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\sndrec32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\snmp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\snmptrap.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\sort.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\spdwnwxp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\spider.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\spnpinst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\spupdwxp.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ss3dfo.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ssbezier.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ssflwbox.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ssmarque.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ssmypics.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ssmyst.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\sspipes.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ssstars.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\sstext3d.scr Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\stimon.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\stub_fpsrvadm.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\stub_fpsrvwin.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\svchost.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\sysocmgr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\tcptest.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\telnet.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\tourstrt.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\tp4mon.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\tracert.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\tzchange.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\uploadm.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\upnpcont.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\ups.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\userinit.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\utilman.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\verclsid.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\vssvc.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\wab.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\wabmig.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\wbemtest.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\wextract.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\wiaacmgr.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\winhlp32.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\winver.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\wmiadap.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\wmiapsrv.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\wordpad.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\wpabaln.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\wpnpinst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\wscript.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\wuauclt1.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\xcopy.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\i386\xpnetdg.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\ServicePackFiles\ServicePackCache\i386\msmsgs.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\system32\dla\tfswctrl.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\system32\LVCOMSX.EXE Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\system32\SoftwareDistribution\CTF\ctfs.dll Infected: not-a-virus:Monitor.Win32.FamilyKeyLogger.280 1 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\system32\wmimgr32.dll Infected: Virus.Win32.Sality.k 1 C:\WINDOWS\twain_32\LogiVid\HVideoS2.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\twain_32\LogiVid\InstVid.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\uninst.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Uninstall.exe Infected: Virus.Win32.Sality.l 1 C:\WINDOWS\Updreg.EXE Infected: Virus.Win32.Sality.l 1 K:\Seagate\keylogger.zip Infected: not-a-virus:Monitor.Win32.HomeKeyLogger.170 2 Selected area has been scanned.
  7. DDS.txt Log DDS (Ver_09-09-29.01) - NTFSx86 Run by Jim at 15:19:08.53 on Wed 02/10/2010 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.534 [GMT -7:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Java\jre6\bin\java.exe C:\Documents and Settings\Jim\My Documents\Malware Removal Programs\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://msn.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r mRun: [P17Helper] Rundll32 P17.dll,P17Helper mRun: [UpdReg] c:\windows\UpdReg.EXE mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [Dell Photo AIO Printer 942] "c:\program files\dell photo aio printer 942\dlbubmgr.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\jim\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_18.dll DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://ra.qwest.com/sdccommon/download/tgctlcm.cab DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jim\applic~1\mozilla\firefox\profiles\2maaxve9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - component: c:\documents and settings\jim\application data\mozilla\firefox\profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\jim\application data\mozilla\firefox\profiles\2maaxve9.default\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\components\nsCatcher.dll FF - plugin: c:\documents and settings\jim\application data\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-3 64288] S2 gupdate1c9969f58790564;Google Update Service (gupdate1c9969f58790564);c:\program files\google\update\GoogleUpdate.exe [2009-2-24 133104] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328] S2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;"c:\documents and settings\tyler\shared\my documents\leapfrog connect\commandservice.exe" --> c:\documents and settings\tyler\shared\my documents\leapfrog connect\CommandService.exe [?] =============== Created Last 30 ================ 2010-02-10 15:07 23,552 a------- c:\windows\system32\wmimgr32.dll 2010-02-09 17:04 <DIR> --d----- c:\docume~1\jim\applic~1\Facebook 2010-02-09 16:23 <DIR> acdshr-- C:\cmdcons 2010-02-09 16:20 261,632 a------- c:\windows\PEV.exe 2010-02-09 16:20 161,792 a------- c:\windows\SWREG.exe 2010-02-09 16:20 98,816 a------- c:\windows\sed.exe 2010-02-09 16:20 77,312 a------- c:\windows\MBR.exe 2010-02-09 14:24 17,814,134 ac---r-- C:\mymoney Backup_2010-02-09_142400.mbf 2010-02-08 15:20 17,474,087 ac---r-- C:\mymoney Backup_2010-02-08_152019.mbf 2010-02-05 04:32 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat 2010-02-05 03:03 <DIR> --d----- c:\windows\system32\XPSViewer 2010-02-05 03:03 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-02-05 03:03 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-02-05 03:03 117,760 -------- c:\windows\system32\prntvpt.dll 2010-02-05 03:03 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll 2010-02-05 03:03 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll 2010-02-05 03:03 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2010-02-05 03:03 575,488 -------- c:\windows\system32\xpsshhdr.dll 2010-02-04 07:59 <DIR> --d----- c:\program files\Trend Micro 2010-02-03 14:23 15,880 a------- c:\windows\system32\lsdelete.exe 2010-02-03 14:10 64,288 a------- c:\windows\system32\drivers\Lbd.sys 2010-02-03 14:07 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2010-01-28 13:43 <DIR> --d----- c:\program files\RegCleaner 2010-01-28 13:29 560,928 a--sh--- c:\windows\system32\drivers\fidbox.dat 2010-01-28 13:29 66,592 a--sh--- c:\windows\system32\drivers\fidbox2.dat 2010-01-28 13:29 9,632 a--sh--- c:\windows\system32\drivers\fidbox.idx 2010-01-28 13:29 8,336 a--sh--- c:\windows\system32\drivers\fidbox2.idx 2010-01-28 13:29 2,728 ac------ C:\rollback.ini 2010-01-28 13:10 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\ParetoLogic Anti-Virus PLUS 2010-01-28 13:10 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\ParetoLogic 2010-01-28 12:18 <DIR> --d----- c:\docume~1\jim\applic~1\Malwarebytes 2010-01-28 12:18 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-01-28 12:08 <DIR> --d----- c:\program files\common files\ParetoLogic 2010-01-28 09:51 <DIR> --d----- c:\docume~1\jim\applic~1\Verizon Wireless 2010-01-27 13:34 <DIR> --d----- c:\docume~1\jim\applic~1\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 2010-01-27 09:12 <DIR> --d----- c:\program files\Any DVD Cloner Platinum 2010-01-24 15:39 <DIR> --dsh--- c:\documents and settings\jim\PrivacIE 2010-01-24 15:31 <DIR> --dsh--- c:\documents and settings\jim\IETldCache 2010-01-24 15:28 <DIR> --d----- c:\windows\ie8updates 2010-01-24 15:26 81,920 a------- c:\windows\system32\ieencode.dll 2010-01-24 15:26 81,920 a------- c:\windows\system32\dllcache\ieencode.dll 2010-01-24 15:21 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll 2010-01-24 15:21 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2010-01-24 15:21 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2010-01-24 15:21 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2010-01-24 15:21 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll 2010-01-24 15:21 11,070,464 -c------ c:\windows\system32\dllcache\ieframe.dll 2010-01-24 15:20 92,160 -c------ c:\windows\system32\dllcache\iecompat.dll 2010-01-18 21:26 <DIR> --d----- c:\windows\CC33E708A7954AB3908A8F45919BC097.TMP 2010-01-18 21:26 110 a------- c:\windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini 2010-01-18 21:25 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2010-01-18 21:21 <DIR> --d----- c:\program files\LeapFrog 2010-01-15 11:41 35 ac------ C:\FILE_ID.DIZ 2010-01-13 04:18 471,552 -c------ c:\windows\system32\dllcache\aclayers.dll ==================== Find3M ==================== 2010-01-24 21:27 110,592 a------- c:\windows\Updreg.EXE 2009-12-21 22:21 667,136 -------- c:\windows\system32\wininet.dll 2009-12-17 17:14 411,368 a------- c:\windows\system32\deploytk.dll 2009-11-21 08:51 471,552 a------- c:\windows\apppatch\aclayers.dll 2009-07-17 10:55 300,848 ac------ c:\documents and settings\all users\dcmsvcsetup.exe 2009-07-17 10:55 27,136 ac------ c:\documents and settings\all users\invokesi.exe 2007-11-28 11:26 8 a------- c:\docume~1\jim\applic~1\usb.dat.bin 2007-10-07 13:22 0 a---h--- c:\program files\AppUpdate.log ============= FINISH: 15:19:16.85 ===============
  8. Hi, Here is the ComboFix Log: ComboFix 10-02-10.01 - Jim 02/10/2010 14:51:39.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.622 [GMT -7:00] Running from: c:\documents and settings\Jim\My Documents\Malware Removal Programs\ComboFix.exe Command switches used :: c:\documents and settings\Jim\My Documents\Malware Removal Programs\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\mw2mmgr32 c:\windows\system32\wmimgr32.dll . ((((((((((((((((((((((((( Files Created from 2010-01-10 to 2010-02-10 ))))))))))))))))))))))))))))))) . 2010-02-10 00:04 . 2010-02-10 00:04 -------- d-----w- c:\documents and settings\Jim\Application Data\Facebook 2010-02-05 10:03 . 2010-02-05 10:03 -------- d-----w- c:\windows\system32\XPSViewer 2010-02-05 10:03 . 2010-02-05 10:03 -------- d-----w- c:\program files\MSBuild 2010-02-05 10:03 . 2010-02-05 10:03 -------- d-----w- c:\program files\Reference Assemblies 2010-02-05 10:03 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-02-05 10:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-02-05 10:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-02-05 10:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-02-05 10:03 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-02-05 10:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-02-05 10:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-02-05 10:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-02-05 10:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-02-04 14:59 . 2010-02-04 14:59 -------- d-----w- c:\program files\Trend Micro 2010-02-04 02:42 . 2010-02-04 02:42 -------- d-----w- c:\program files\ERUNT 2010-02-03 21:23 . 2010-02-03 21:10 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-02-03 21:10 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-02-03 21:07 . 2010-02-03 21:07 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2010-01-28 20:43 . 2010-01-28 20:57 -------- d-----w- c:\program files\RegCleaner 2010-01-28 20:29 . 2010-01-29 05:51 66592 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-01-28 20:29 . 2010-01-29 05:51 560928 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-01-28 20:10 . 2010-01-28 20:58 -------- dc----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2010-01-28 20:10 . 2010-01-28 20:10 -------- dc----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS 2010-01-28 19:18 . 2010-01-28 19:18 -------- d-----w- c:\documents and settings\Jim\Application Data\Malwarebytes 2010-01-28 19:18 . 2010-01-28 19:18 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-28 19:08 . 2010-01-28 20:58 -------- d-----w- c:\program files\Common Files\ParetoLogic 2010-01-28 19:08 . 2010-02-04 19:24 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\Downloaded Installations 2010-01-28 16:51 . 2010-01-28 16:51 -------- d-----w- c:\documents and settings\Jim\Application Data\Verizon Wireless 2010-01-27 20:34 . 2010-01-27 20:34 -------- d-----w- c:\documents and settings\Jim\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 2010-01-27 16:12 . 2010-01-27 19:31 -------- d-----w- c:\program files\Any DVD Cloner Platinum 2010-01-27 04:12 . 2010-01-27 04:12 -------- d-sh--w- c:\documents and settings\Dalton\IETldCache 2010-01-26 15:47 . 2010-01-26 15:47 -------- d-sh--w- c:\documents and settings\Tiffany\IETldCache 2010-01-25 01:54 . 2010-01-25 01:54 -------- d-sh--w- c:\documents and settings\Aurora\IETldCache 2010-01-24 23:41 . 2010-01-24 23:41 -------- d-sh--w- c:\documents and settings\Tyler\IECompatCache 2010-01-24 23:17 . 2010-01-24 23:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-01-24 22:46 . 2010-01-24 22:46 -------- d-sh--w- c:\documents and settings\Tyler\PrivacIE 2010-01-24 22:44 . 2010-01-24 22:44 -------- d-sh--w- c:\documents and settings\Tyler\IETldCache 2010-01-24 22:39 . 2010-01-24 22:39 -------- d-sh--w- c:\documents and settings\Jim\PrivacIE 2010-01-24 22:31 . 2010-01-24 22:31 -------- d-sh--w- c:\documents and settings\Jim\IETldCache 2010-01-24 22:28 . 2010-01-28 16:50 -------- d-----w- c:\windows\ie8updates 2010-01-24 22:26 . 2009-12-22 05:20 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-01-24 22:26 . 2009-12-22 05:20 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll 2010-01-24 22:21 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-01-24 22:21 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-01-24 22:21 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-01-24 22:21 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-01-24 22:21 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-01-24 22:21 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-01-24 22:20 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-01-19 04:26 . 2010-01-19 04:26 -------- d-----w- c:\windows\CC33E708A7954AB3908A8F45919BC097.TMP 2010-01-19 04:25 . 2010-01-19 04:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-19 04:21 . 2010-01-19 04:21 -------- d-----w- c:\program files\LeapFrog 2010-01-13 11:18 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 1601-01-01 00:00 . 1601-01-01 00:00 -------- d-----w- c:\windows\LastGood.Tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-10 21:48 . 2006-12-29 18:48 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-02-10 19:57 . 2007-01-11 22:52 -------- d-----w- c:\documents and settings\Tyler\Application Data\LimeWire 2010-02-10 19:56 . 2007-01-11 03:50 664 ----a-w- c:\documents and settings\Tyler\Local Settings\Application Data\d3d9caps.tmp 2010-02-10 00:04 . 2010-02-10 00:04 50354 ----a-w- c:\documents and settings\Jim\Application Data\Facebook\uninstall.exe 2010-02-09 22:14 . 2009-02-24 16:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-02-09 04:48 . 2009-09-09 14:20 2175232 ----a-w- c:\documents and settings\Tyler\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.56.0.exe 2010-02-08 22:07 . 2007-12-08 16:17 -------- d-----w- c:\program files\Microsoft Money Plus 2010-02-08 04:22 . 2007-04-25 01:17 119216 ----a-w- c:\documents and settings\Jim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-07 23:15 . 2006-12-30 21:12 664 ----a-w- c:\documents and settings\Aurora\Local Settings\Application Data\d3d9caps.tmp 2010-02-07 19:24 . 2006-12-29 03:33 -------- d-----w- c:\documents and settings\Aurora\Application Data\LimeWire 2010-02-07 05:34 . 2009-08-31 00:29 93018 ----a-w- c:\documents and settings\Tyler\Application Data\MySpace\Toolbar\bin\Uninstall.exe 2010-02-07 00:47 . 2007-04-18 23:14 119216 ----a-w- c:\documents and settings\Dalton\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-05 23:11 . 2009-03-17 21:22 119216 ----a-w- c:\documents and settings\Aurora\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-04 21:10 . 2010-02-03 21:10 389784 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2010-02-04 21:10 . 2010-02-03 21:09 3803208 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2010-02-04 21:10 . 2010-02-03 21:09 823928 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2010-02-04 21:10 . 2010-02-03 21:09 1181328 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2010-02-03 21:10 . 2010-02-03 21:10 862040 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2010-02-03 21:10 . 2010-02-03 21:10 206944 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2010-02-03 21:10 . 2010-02-03 21:10 15880 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2010-02-03 21:10 . 2010-02-03 21:10 390288 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2010-02-03 21:10 . 2010-02-03 21:10 537576 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll 2010-02-03 21:10 . 2010-02-03 21:10 8 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll 2010-02-03 21:10 . 2010-02-03 21:10 163728 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2010-02-03 21:09 . 2010-02-03 21:09 6296864 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2010-02-03 21:09 . 2010-02-03 21:09 327000 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2010-02-03 21:09 . 2010-02-03 21:09 87496 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2010-02-03 21:09 . 2010-02-03 21:09 933120 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2010-02-03 21:09 . 2010-02-03 21:09 816784 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2010-02-03 21:09 . 2010-02-03 21:09 1643272 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2010-02-03 21:09 . 2010-02-03 21:09 788880 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2010-02-03 21:06 . 2007-12-08 18:36 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-02-03 07:28 . 2007-01-02 01:08 -------- d-----w- c:\program files\Google 2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Jim\Application Data\Facebook\axfbootloader.dll 2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Jim\Application Data\Facebook\npfbplugin_1_0_1.dll 2010-01-29 05:51 . 2010-01-28 20:29 9632 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-01-29 05:51 . 2010-01-28 20:29 8336 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-01-28 20:29 . 2010-01-28 20:29 146432 -c--a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe 2010-01-28 18:47 . 2006-12-29 03:18 -------- d-----w- c:\program files\Java 2010-01-28 18:37 . 2007-01-04 04:52 -------- d-----w- c:\program files\Jasc Software Inc 2010-01-28 15:52 . 2006-12-29 02:30 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee 2010-01-27 23:24 . 2010-01-27 23:24 503808 ----a-w- c:\documents and settings\Aurora\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-44f6253a-n\msvcp71.dll 2010-01-27 23:24 . 2010-01-27 23:24 499712 ----a-w- c:\documents and settings\Aurora\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-44f6253a-n\jmc.dll 2010-01-27 23:24 . 2010-01-27 23:24 348160 ----a-w- c:\documents and settings\Aurora\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-44f6253a-n\msvcr71.dll 2010-01-27 23:24 . 2010-01-27 23:24 61440 ----a-w- c:\documents and settings\Aurora\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-12d54fcc-n\decora-sse.dll 2010-01-27 23:24 . 2010-01-27 23:24 12800 ----a-w- c:\documents and settings\Aurora\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-12d54fcc-n\decora-d3d.dll 2010-01-27 18:52 . 2010-01-27 18:52 503808 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7fc19ca6-n\msvcp71.dll 2010-01-27 18:52 . 2010-01-27 18:52 499712 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7fc19ca6-n\jmc.dll 2010-01-27 18:52 . 2010-01-27 18:52 348160 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7fc19ca6-n\msvcr71.dll 2010-01-27 18:52 . 2010-01-27 18:52 61440 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-41aa2478-n\decora-sse.dll 2010-01-27 18:52 . 2010-01-27 18:52 12800 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-41aa2478-n\decora-d3d.dll 2010-01-27 18:46 . 2010-02-09 19:09 57344 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll 2010-01-27 16:12 . 2008-05-17 14:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-27 14:49 . 2006-12-29 03:15 -------- d-----w- c:\program files\Common Files\Java 2010-01-27 14:44 . 2010-01-27 14:44 348160 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25ac1ce9-n\msvcr71.dll 2010-01-27 14:44 . 2010-01-27 14:44 503808 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25ac1ce9-n\msvcp71.dll 2010-01-27 14:44 . 2010-01-27 14:44 499712 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25ac1ce9-n\jmc.dll 2010-01-27 14:43 . 2010-01-27 14:43 61440 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7070c05f-n\decora-sse.dll 2010-01-27 14:43 . 2010-01-27 14:43 12800 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7070c05f-n\decora-d3d.dll 2010-01-26 20:30 . 2006-12-29 03:39 -------- d-----w- c:\documents and settings\Tiffany\Application Data\LimeWire 2010-01-25 04:27 . 2006-12-29 01:40 110592 ----a-w- c:\windows\Updreg.EXE 2010-01-19 04:25 . 2010-01-19 04:25 28696928 -c--a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe 2010-01-19 04:22 . 2010-01-19 04:22 3106632 -c--a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\MyPalsPlugin.exe 2010-01-15 18:49 . 2007-02-26 00:14 -------- d-----w- c:\program files\Windows Media Connect 2 2010-01-15 18:48 . 2009-10-27 15:10 -------- d-----w- c:\program files\iPod 2010-01-15 16:00 . 2007-12-17 02:27 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-08 04:10 . 2010-01-08 04:10 -------- d-----w- c:\documents and settings\Tyler\Application Data\Sony 2010-01-07 01:31 . 2006-12-29 02:55 -------- d-----w- c:\documents and settings\Jim\Application Data\Apple Computer 2010-01-06 23:01 . 2007-01-21 21:25 664 ----a-w- c:\documents and settings\Dalton\Local Settings\Application Data\d3d9caps.tmp 2009-12-26 21:05 . 2009-12-26 21:05 -------- dc----w- c:\documents and settings\All Users\Application Data\Leapfrog 2009-12-24 05:25 . 2009-12-24 05:25 -------- d-----w- c:\documents and settings\Tyler\Application Data\CyberLink 2009-12-22 05:21 . 2004-08-12 14:09 667136 ------w- c:\windows\system32\wininet.dll 2009-12-20 12:36 . 2007-01-11 01:23 -------- d-----w- c:\documents and settings\Tyler\Application Data\Apple Computer 2009-12-18 00:14 . 2008-12-20 06:35 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-16 21:42 . 2010-01-19 22:54 872960 ----a-w- c:\documents and settings\Aurora\Application Data\Mozilla\Firefox\Profiles\r3eku69m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-12-16 21:42 . 2009-12-20 12:32 872960 ----a-w- c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\mjlg72ns.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-12-16 21:42 . 2010-01-19 22:54 43008 ----a-w- c:\documents and settings\Aurora\Application Data\Mozilla\Firefox\Profiles\r3eku69m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-12-16 21:42 . 2009-12-20 12:32 43008 ----a-w- c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\mjlg72ns.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-12-16 21:42 . 2010-01-19 22:54 340480 ----a-w- c:\documents and settings\Aurora\Application Data\Mozilla\Firefox\Profiles\r3eku69m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-12-16 21:42 . 2009-12-20 12:32 340480 ----a-w- c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\mjlg72ns.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-12-16 21:41 . 2010-01-19 22:54 346624 ----a-w- c:\documents and settings\Aurora\Application Data\Mozilla\Firefox\Profiles\r3eku69m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-12-16 21:41 . 2009-12-20 12:32 346624 ----a-w- c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\mjlg72ns.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-12-07 14:10 . 2010-02-03 21:07 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe 2009-11-24 18:53 . 2009-12-29 17:10 57344 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}-trash\components\nsCatcher.dll 2009-11-21 15:51 . 2004-08-12 13:55 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-19 18:48 . 2009-12-02 02:11 872960 ----a-w- c:\documents and settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\d5cxuzn7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-11-19 18:48 . 2009-12-01 16:14 872960 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-11-19 18:48 . 2009-12-02 02:11 43008 ----a-w- c:\documents and settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\d5cxuzn7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-11-19 18:48 . 2009-12-01 16:14 43008 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-11-19 18:48 . 2009-12-02 02:11 340480 ----a-w- c:\documents and settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\d5cxuzn7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-11-19 18:48 . 2009-12-01 16:14 340480 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-11-19 18:48 . 2009-12-02 02:11 346624 ----a-w- c:\documents and settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\d5cxuzn7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-11-19 18:48 . 2009-12-01 16:14 346624 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2007-10-07 20:22 . 2007-10-07 20:22 0 ---ha-w- c:\program files\AppUpdate.log . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . --- c:\documents and settings\all users\dcmsvcsetup.exe --- Company: File Description: dcmsvc Setup File Version: Product Name: dcmsvc Copyright: Original Filename: ------ File size: 300848 Created time: 2009-07-17 17:55 Modified time: 2009-07-17 17:55 MD5: 9E0CBD97F112EB2E19092BB6B384CBDD SHA1: CC38D51388907372CB93DC38240BA2518127E345 --- c:\documents and settings\all users\invokesi.exe --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File size: 27136 Created time: 2009-07-17 17:55 Modified time: 2009-07-17 17:55 MD5: AD5ED8B1B90E434C8293A9ECD8DC5043 SHA1: 1A67F28C4CB3319B090AE5E31D64AF0C6CED017D ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 77824] "P17Helper"="P17.dll" [2004-06-10 60928] "UpdReg"="c:\windows\UpdReg.EXE" [2010-01-25 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 143360] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 217088] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 315392] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 438272] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] c:\documents and settings\Tyler\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-7-31 160256] c:\documents and settings\Jim\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 59392] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 86016] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor.lnk backup=c:\windows\pss\Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\Jim\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellMCM] 2004-07-27 14:08 282624 ----a-w- c:\program files\Dell Photo AIO Printer 942\memcard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] 2004-10-12 23:54 77824 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-09-21 22:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QUICKCARE] 2006-11-08 03:07 212992 ----a-w- c:\program files\Qwest\QuickCare\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-05 07:54 438272 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] 2004-01-07 08:01 131072 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "KodakCCS"=3 (0x3) "Creative Service for CDROM Access"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "usnjsvc"=3 (0x3) "MpfService"=2 (0x2) "McSysmon"=3 (0x3) "McShield"=2 (0x2) "McProxy"=2 (0x2) "McODS"=3 (0x3) "McNASvc"=2 (0x2) "mcmscsvc"=2 (0x2) "iPod Service"=3 (0x3) "dlbu_device"=3 (0x3) "Apple Mobile Device"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\ABBYY FineReader 5.0 Sprint\\Sprint.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/3/2010 2:10 PM 64288] S2 gupdate1c9969f58790564;Google Update Service (gupdate1c9969f58790564);c:\program files\Google\Update\GoogleUpdate.exe [2/24/2009 9:45 AM 133104] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 6:19 AM 1181328] . Contents of the 'Scheduled Tasks' folder 2010-02-10 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:10] 2010-02-10 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:10] 2010-02-10 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:10] 2010-02-10 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:10] 2010-02-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:10] 2010-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2010-02-10 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-24 01:16] 2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 16:45] 2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 16:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://msn.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - component: c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll FF - plugin: c:\documents and settings\Jim\Application Data\Facebook\npfbplugin_1_0_1.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-02-10 15:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3364) c:\windows\system32\wmimgr32.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\Rundll32.exe c:\program files\Dell Photo AIO Printer 942\dlbubmon.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-02-10 15:08:05 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-10 22:08 Pre-Run: 44,322,844,672 bytes free Post-Run: 44,198,928,384 bytes free - - End Of File - - CC832D3A760BE8CB0FFF3ADE89441FB3
  9. [b]Here is the DDS Log: [/b] DDS (Ver_09-09-29.01) - NTFSx86 Run by Jim at 13:11:58.45 on Wed 02/10/2010 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.629 [GMT -7:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe C:\WINDOWS\explorer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Documents and Settings\Jim\My Documents\Malware Removal Programs\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://msn.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r mRun: [P17Helper] Rundll32 P17.dll,P17Helper mRun: [UpdReg] c:\windows\UpdReg.EXE mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [Dell Photo AIO Printer 942] "c:\program files\dell photo aio printer 942\dlbubmgr.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\jim\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_18.dll DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://ra.qwest.com/sdccommon/download/tgctlcm.cab DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jim\applic~1\mozilla\firefox\profiles\2maaxve9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - component: c:\documents and settings\jim\application data\mozilla\firefox\profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\jim\application data\mozilla\firefox\profiles\2maaxve9.default\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\components\nsCatcher.dll FF - plugin: c:\documents and settings\jim\application data\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-3 64288] S2 gupdate1c9969f58790564;Google Update Service (gupdate1c9969f58790564);c:\program files\google\update\GoogleUpdate.exe [2009-2-24 133104] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328] S2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;"c:\documents and settings\tyler\shared\my documents\leapfrog connect\commandservice.exe" --> c:\documents and settings\tyler\shared\my documents\leapfrog connect\CommandService.exe [?] =============== Created Last 30 ================ 2010-02-09 17:04 <DIR> --d----- c:\docume~1\jim\applic~1\Facebook 2010-02-09 16:50 23,552 a------- c:\windows\system32\wmimgr32.dll 2010-02-09 16:23 <DIR> acdshr-- C:\cmdcons 2010-02-09 16:20 282,112 a------- c:\windows\PEV.exe 2010-02-09 16:20 182,272 a------- c:\windows\SWREG.exe 2010-02-09 16:20 119,296 a------- c:\windows\sed.exe 2010-02-09 16:20 97,792 a------- c:\windows\MBR.exe 2010-02-09 14:24 17,814,134 ac---r-- C:\mymoney Backup_2010-02-09_142400.mbf 2010-02-08 15:20 17,474,087 ac---r-- C:\mymoney Backup_2010-02-08_152019.mbf 2010-02-05 04:32 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat 2010-02-05 03:03 <DIR> --d----- c:\windows\system32\XPSViewer 2010-02-05 03:03 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-02-05 03:03 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-02-05 03:03 117,760 -------- c:\windows\system32\prntvpt.dll 2010-02-05 03:03 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll 2010-02-05 03:03 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll 2010-02-05 03:03 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2010-02-05 03:03 575,488 -------- c:\windows\system32\xpsshhdr.dll 2010-02-04 07:59 <DIR> --d----- c:\program files\Trend Micro 2010-02-03 14:23 15,880 a------- c:\windows\system32\lsdelete.exe 2010-02-03 14:10 64,288 a------- c:\windows\system32\drivers\Lbd.sys 2010-02-03 14:07 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2010-01-28 13:43 <DIR> --d----- c:\program files\RegCleaner 2010-01-28 13:29 560,928 a--sh--- c:\windows\system32\drivers\fidbox.dat 2010-01-28 13:29 66,592 a--sh--- c:\windows\system32\drivers\fidbox2.dat 2010-01-28 13:29 9,632 a--sh--- c:\windows\system32\drivers\fidbox.idx 2010-01-28 13:29 8,336 a--sh--- c:\windows\system32\drivers\fidbox2.idx 2010-01-28 13:29 2,728 ac------ C:\rollback.ini 2010-01-28 13:10 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\ParetoLogic Anti-Virus PLUS 2010-01-28 13:10 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\ParetoLogic 2010-01-28 12:18 <DIR> --d----- c:\docume~1\jim\applic~1\Malwarebytes 2010-01-28 12:18 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-01-28 12:08 <DIR> --d----- c:\program files\common files\ParetoLogic 2010-01-28 09:51 <DIR> --d----- c:\docume~1\jim\applic~1\Verizon Wireless 2010-01-27 13:34 <DIR> --d----- c:\docume~1\jim\applic~1\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 2010-01-27 09:12 <DIR> --d----- c:\program files\Any DVD Cloner Platinum 2010-01-24 15:39 <DIR> --dsh--- c:\documents and settings\jim\PrivacIE 2010-01-24 15:31 <DIR> --dsh--- c:\documents and settings\jim\IETldCache 2010-01-24 15:28 <DIR> --d----- c:\windows\ie8updates 2010-01-24 15:26 81,920 a------- c:\windows\system32\ieencode.dll 2010-01-24 15:26 81,920 a------- c:\windows\system32\dllcache\ieencode.dll 2010-01-24 15:21 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll 2010-01-24 15:21 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2010-01-24 15:21 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2010-01-24 15:21 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2010-01-24 15:21 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll 2010-01-24 15:21 11,070,464 -c------ c:\windows\system32\dllcache\ieframe.dll 2010-01-24 15:20 92,160 -c------ c:\windows\system32\dllcache\iecompat.dll 2010-01-18 21:26 <DIR> --d----- c:\windows\CC33E708A7954AB3908A8F45919BC097.TMP 2010-01-18 21:26 110 a------- c:\windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini 2010-01-18 21:25 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2010-01-18 21:21 <DIR> --d----- c:\program files\LeapFrog 2010-01-15 11:41 35 ac------ C:\FILE_ID.DIZ 2010-01-15 11:31 <DIR> --d-h--- c:\windows\mw2mmgr32 2010-01-13 04:18 471,552 -c------ c:\windows\system32\dllcache\aclayers.dll ==================== Find3M ==================== 2010-01-24 21:27 110,592 a------- c:\windows\Updreg.EXE 2009-12-21 22:21 667,136 -------- c:\windows\system32\wininet.dll 2009-12-17 17:14 411,368 a------- c:\windows\system32\deploytk.dll 2009-11-21 08:51 471,552 a------- c:\windows\apppatch\aclayers.dll 2009-07-17 10:55 300,848 ac------ c:\documents and settings\all users\dcmsvcsetup.exe 2009-07-17 10:55 27,136 ac------ c:\documents and settings\all users\invokesi.exe 2007-11-28 11:26 8 a------- c:\docume~1\jim\applic~1\usb.dat.bin 2007-10-07 13:22 0 a---h--- c:\program files\AppUpdate.log ============= FINISH: 13:12:15.90 ===============
  10. [b]Log:[/b] ComboFix 10-02-09.03 - Jim 02/09/2010 16:25:50.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.731 [GMT -7:00] Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Tyler\Application Data\Microsoft\winlog.exe C:\Thumbs.db c:\windows\EventSystem.log c:\windows\system32\COMCTL32.OCA c:\windows\system32\Data c:\windows\system32\wmimgr32.dll K:\Autorun.inf ----- BITS: Possible infected sites ----- hxxp://armmf.adobe.com . ((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 ))))))))))))))))))))))))))))))) . 2010-02-05 10:03 . 2010-02-05 10:03 -------- d-----w- c:\windows\system32\XPSViewer 2010-02-05 10:03 . 2010-02-05 10:03 -------- d-----w- c:\program files\MSBuild 2010-02-05 10:03 . 2010-02-05 10:03 -------- d-----w- c:\program files\Reference Assemblies 2010-02-05 10:03 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-02-05 10:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-02-05 10:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-02-05 10:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-02-05 10:03 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-02-05 10:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-02-05 10:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-02-05 10:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-02-05 10:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-02-04 14:59 . 2010-02-04 14:59 -------- d-----w- c:\program files\Trend Micro 2010-02-04 02:42 . 2010-02-04 02:42 -------- d-----w- c:\program files\ERUNT 2010-02-03 21:23 . 2010-02-03 21:10 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-02-03 21:10 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-02-03 21:07 . 2010-02-03 21:07 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2010-01-28 20:43 . 2010-01-28 20:57 -------- d-----w- c:\program files\RegCleaner 2010-01-28 20:29 . 2010-01-29 05:51 66592 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-01-28 20:29 . 2010-01-29 05:51 560928 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-01-28 20:10 . 2010-01-28 20:58 -------- dc----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2010-01-28 20:10 . 2010-01-28 20:10 -------- dc----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS 2010-01-28 19:18 . 2010-01-28 19:18 -------- d-----w- c:\documents and settings\Jim\Application Data\Malwarebytes 2010-01-28 19:18 . 2010-01-28 19:18 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-28 19:08 . 2010-01-28 20:58 -------- d-----w- c:\program files\Common Files\ParetoLogic 2010-01-28 19:08 . 2010-02-04 19:24 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\Downloaded Installations 2010-01-28 16:51 . 2010-01-28 16:51 -------- d-----w- c:\documents and settings\Jim\Application Data\Verizon Wireless 2010-01-27 20:34 . 2010-01-27 20:34 -------- d-----w- c:\documents and settings\Jim\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 2010-01-27 16:12 . 2010-01-27 19:31 -------- d-----w- c:\program files\Any DVD Cloner Platinum 2010-01-27 04:12 . 2010-01-27 04:12 -------- d-sh--w- c:\documents and settings\Dalton\IETldCache 2010-01-26 15:47 . 2010-01-26 15:47 -------- d-sh--w- c:\documents and settings\Tiffany\IETldCache 2010-01-25 01:54 . 2010-01-25 01:54 -------- d-sh--w- c:\documents and settings\Aurora\IETldCache 2010-01-24 23:41 . 2010-01-24 23:41 -------- d-sh--w- c:\documents and settings\Tyler\IECompatCache 2010-01-24 23:17 . 2010-01-24 23:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-01-24 22:46 . 2010-01-24 22:46 -------- d-sh--w- c:\documents and settings\Tyler\PrivacIE 2010-01-24 22:44 . 2010-01-24 22:44 -------- d-sh--w- c:\documents and settings\Tyler\IETldCache 2010-01-24 22:39 . 2010-01-24 22:39 -------- d-sh--w- c:\documents and settings\Jim\PrivacIE 2010-01-24 22:31 . 2010-01-24 22:31 -------- d-sh--w- c:\documents and settings\Jim\IETldCache 2010-01-24 22:28 . 2010-01-28 16:50 -------- d-----w- c:\windows\ie8updates 2010-01-24 22:26 . 2009-12-22 05:20 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-01-24 22:26 . 2009-12-22 05:20 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll 2010-01-24 22:21 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-01-24 22:21 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-01-24 22:21 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-01-24 22:21 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-01-24 22:21 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-01-24 22:21 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-01-24 22:20 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-01-19 04:26 . 2010-01-19 04:26 -------- d-----w- c:\windows\CC33E708A7954AB3908A8F45919BC097.TMP 2010-01-19 04:25 . 2010-01-19 04:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-19 04:21 . 2010-01-19 04:21 -------- d-----w- c:\program files\LeapFrog 2010-01-15 18:31 . 2010-01-17 16:31 -------- d--h--w- c:\windows\mw2mmgr32 2010-01-13 11:18 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-09 22:14 . 2009-02-24 16:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-02-09 20:33 . 2006-12-29 18:48 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-02-09 20:11 . 2007-01-11 22:52 -------- d-----w- c:\documents and settings\Tyler\Application Data\LimeWire 2010-02-09 15:28 . 2007-01-11 03:50 664 ----a-w- c:\documents and settings\Tyler\Local Settings\Application Data\d3d9caps.tmp 2010-02-09 04:48 . 2009-09-09 14:20 2175232 ----a-w- c:\documents and settings\Tyler\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.56.0.exe 2010-02-08 22:07 . 2007-12-08 16:17 -------- d-----w- c:\program files\Microsoft Money Plus 2010-02-08 04:22 . 2007-04-25 01:17 119216 ----a-w- c:\documents and settings\Jim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-07 23:15 . 2006-12-30 21:12 664 ----a-w- c:\documents and settings\Aurora\Local Settings\Application Data\d3d9caps.tmp 2010-02-07 19:24 . 2006-12-29 03:33 -------- d-----w- c:\documents and settings\Aurora\Application Data\LimeWire 2010-02-07 05:34 . 2009-08-31 00:29 93018 ----a-w- c:\documents and settings\Tyler\Application Data\MySpace\Toolbar\bin\Uninstall.exe 2010-02-07 00:47 . 2007-04-18 23:14 119216 ----a-w- c:\documents and settings\Dalton\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-05 23:11 . 2009-03-17 21:22 119216 ----a-w- c:\documents and settings\Aurora\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-04 21:10 . 2010-02-03 21:10 389784 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2010-02-04 21:10 . 2010-02-03 21:09 3803208 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2010-02-04 21:10 . 2010-02-03 21:09 823928 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2010-02-04 21:10 . 2010-02-03 21:09 1181328 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2010-02-03 21:10 . 2010-02-03 21:10 862040 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2010-02-03 21:10 . 2010-02-03 21:10 206944 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2010-02-03 21:10 . 2010-02-03 21:10 15880 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2010-02-03 21:10 . 2010-02-03 21:10 390288 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2010-02-03 21:10 . 2010-02-03 21:10 537576 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll 2010-02-03 21:10 . 2010-02-03 21:10 8 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll 2010-02-03 21:10 . 2010-02-03 21:10 163728 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2010-02-03 21:09 . 2010-02-03 21:09 6296864 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2010-02-03 21:09 . 2010-02-03 21:09 327000 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2010-02-03 21:09 . 2010-02-03 21:09 87496 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2010-02-03 21:09 . 2010-02-03 21:09 933120 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2010-02-03 21:09 . 2010-02-03 21:09 816784 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2010-02-03 21:09 . 2010-02-03 21:09 1643272 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2010-02-03 21:09 . 2010-02-03 21:09 788880 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2010-02-03 21:06 . 2007-12-08 18:36 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-02-03 07:28 . 2007-01-02 01:08 -------- d-----w- c:\program files\Google 2010-01-29 05:51 . 2010-01-28 20:29 9632 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-01-29 05:51 . 2010-01-28 20:29 8336 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-01-28 20:29 . 2010-01-28 20:29 146432 -c--a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe 2010-01-28 18:47 . 2006-12-29 03:18 -------- d-----w- c:\program files\Java 2010-01-28 18:37 . 2007-01-04 04:52 -------- d-----w- c:\program files\Jasc Software Inc 2010-01-28 15:52 . 2006-12-29 02:30 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee 2010-01-27 23:24 . 2010-01-27 23:24 503808 ----a-w- c:\documents and settings\Aurora\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-44f6253a-n\msvcp71.dll 2010-01-27 23:24 . 2010-01-27 23:24 499712 ----a-w- c:\documents and settings\Aurora\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-44f6253a-n\jmc.dll 2010-01-27 23:24 . 2010-01-27 23:24 348160 ----a-w- c:\documents and settings\Aurora\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-44f6253a-n\msvcr71.dll 2010-01-27 23:24 . 2010-01-27 23:24 61440 ----a-w- c:\documents and settings\Aurora\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-12d54fcc-n\decora-sse.dll 2010-01-27 23:24 . 2010-01-27 23:24 12800 ----a-w- c:\documents and settings\Aurora\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-12d54fcc-n\decora-d3d.dll 2010-01-27 18:52 . 2010-01-27 18:52 503808 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7fc19ca6-n\msvcp71.dll 2010-01-27 18:52 . 2010-01-27 18:52 499712 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7fc19ca6-n\jmc.dll 2010-01-27 18:52 . 2010-01-27 18:52 348160 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7fc19ca6-n\msvcr71.dll 2010-01-27 18:52 . 2010-01-27 18:52 61440 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-41aa2478-n\decora-sse.dll 2010-01-27 18:52 . 2010-01-27 18:52 12800 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-41aa2478-n\decora-d3d.dll 2010-01-27 18:46 . 2010-02-09 19:09 57344 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll 2010-01-27 16:12 . 2008-05-17 14:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-27 14:49 . 2006-12-29 03:15 -------- d-----w- c:\program files\Common Files\Java 2010-01-27 14:44 . 2010-01-27 14:44 348160 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25ac1ce9-n\msvcr71.dll 2010-01-27 14:44 . 2010-01-27 14:44 503808 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25ac1ce9-n\msvcp71.dll 2010-01-27 14:44 . 2010-01-27 14:44 499712 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25ac1ce9-n\jmc.dll 2010-01-27 14:43 . 2010-01-27 14:43 61440 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7070c05f-n\decora-sse.dll 2010-01-27 14:43 . 2010-01-27 14:43 12800 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7070c05f-n\decora-d3d.dll 2010-01-26 20:30 . 2006-12-29 03:39 -------- d-----w- c:\documents and settings\Tiffany\Application Data\LimeWire 2010-01-25 04:27 . 2006-12-29 01:40 110592 ----a-w- c:\windows\Updreg.EXE 2010-01-19 04:25 . 2010-01-19 04:25 28696928 -c--a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe 2010-01-19 04:22 . 2010-01-19 04:22 3106632 -c--a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\MyPalsPlugin.exe 2010-01-15 18:49 . 2007-02-26 00:14 -------- d-----w- c:\program files\Windows Media Connect 2 2010-01-15 18:48 . 2009-10-27 15:10 -------- d-----w- c:\program files\iPod 2010-01-15 16:00 . 2007-12-17 02:27 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-08 04:10 . 2010-01-08 04:10 -------- d-----w- c:\documents and settings\Tyler\Application Data\Sony 2010-01-07 01:31 . 2006-12-29 02:55 -------- d-----w- c:\documents and settings\Jim\Application Data\Apple Computer 2010-01-06 23:01 . 2007-01-21 21:25 664 ----a-w- c:\documents and settings\Dalton\Local Settings\Application Data\d3d9caps.tmp 2009-12-26 21:05 . 2009-12-26 21:05 -------- dc----w- c:\documents and settings\All Users\Application Data\Leapfrog 2009-12-24 05:25 . 2009-12-24 05:25 -------- d-----w- c:\documents and settings\Tyler\Application Data\CyberLink 2009-12-22 05:21 . 2004-08-12 14:09 667136 ----a-w- c:\windows\system32\wininet.dll 2009-12-20 12:36 . 2007-01-11 01:23 -------- d-----w- c:\documents and settings\Tyler\Application Data\Apple Computer 2009-12-18 00:14 . 2008-12-20 06:35 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-16 21:42 . 2010-01-19 22:54 872960 ----a-w- c:\documents and settings\Aurora\Application Data\Mozilla\Firefox\Profiles\r3eku69m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-12-16 21:42 . 2009-12-20 12:32 872960 ----a-w- c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\mjlg72ns.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-12-16 21:42 . 2010-01-19 22:54 43008 ----a-w- c:\documents and settings\Aurora\Application Data\Mozilla\Firefox\Profiles\r3eku69m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-12-16 21:42 . 2009-12-20 12:32 43008 ----a-w- c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\mjlg72ns.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-12-16 21:42 . 2010-01-19 22:54 340480 ----a-w- c:\documents and settings\Aurora\Application Data\Mozilla\Firefox\Profiles\r3eku69m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-12-16 21:42 . 2009-12-20 12:32 340480 ----a-w- c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\mjlg72ns.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-12-16 21:41 . 2010-01-19 22:54 346624 ----a-w- c:\documents and settings\Aurora\Application Data\Mozilla\Firefox\Profiles\r3eku69m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-12-16 21:41 . 2009-12-20 12:32 346624 ----a-w- c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\mjlg72ns.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-12-07 14:10 . 2010-02-03 21:07 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe 2009-11-24 18:53 . 2009-12-29 17:10 57344 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}-trash\components\nsCatcher.dll 2009-11-21 15:51 . 2004-08-12 13:55 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-19 18:48 . 2009-12-02 02:11 872960 ----a-w- c:\documents and settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\d5cxuzn7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-11-19 18:48 . 2009-12-01 16:14 872960 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-11-19 18:48 . 2009-12-02 02:11 43008 ----a-w- c:\documents and settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\d5cxuzn7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-11-19 18:48 . 2009-12-01 16:14 43008 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-11-19 18:48 . 2009-12-02 02:11 340480 ----a-w- c:\documents and settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\d5cxuzn7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-11-19 18:48 . 2009-12-01 16:14 340480 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-11-19 18:48 . 2009-12-02 02:11 346624 ----a-w- c:\documents and settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\d5cxuzn7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-11-19 18:48 . 2009-12-01 16:14 346624 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2007-10-07 20:22 . 2007-10-07 20:22 0 ---ha-w- c:\program files\AppUpdate.log . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 77824] "P17Helper"="P17.dll" [2004-06-10 60928] "UpdReg"="c:\windows\UpdReg.EXE" [2010-01-25 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 143360] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 217088] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 315392] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 438272] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] c:\documents and settings\Tyler\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-7-31 160256] c:\documents and settings\Jim\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 59392] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 86016] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor.lnk backup=c:\windows\pss\Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\Jim\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellMCM] 2004-07-27 14:08 282624 ----a-w- c:\program files\Dell Photo AIO Printer 942\memcard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] 2004-10-12 23:54 77824 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-09-21 22:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QUICKCARE] 2006-11-08 03:07 212992 ----a-w- c:\program files\Qwest\QuickCare\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-05 07:54 438272 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] 2004-01-07 08:01 131072 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "KodakCCS"=3 (0x3) "Creative Service for CDROM Access"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "usnjsvc"=3 (0x3) "MpfService"=2 (0x2) "McSysmon"=3 (0x3) "McShield"=2 (0x2) "McProxy"=2 (0x2) "McODS"=3 (0x3) "McNASvc"=2 (0x2) "mcmscsvc"=2 (0x2) "iPod Service"=3 (0x3) "dlbu_device"=3 (0x3) "Apple Mobile Device"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\ABBYY FineReader 5.0 Sprint\\Sprint.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/3/2010 2:10 PM 64288] S2 gupdate1c9969f58790564;Google Update Service (gupdate1c9969f58790564);c:\program files\Google\Update\GoogleUpdate.exe [2/24/2009 9:45 AM 133104] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 6:19 AM 1181328] . Contents of the 'Scheduled Tasks' folder 2010-02-09 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:10] 2010-02-09 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:10] 2010-02-09 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:10] 2010-02-09 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:10] 2010-02-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:10] 2010-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2010-02-09 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-24 01:16] 2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 16:45] 2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 16:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://msn.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - component: c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKLM-Run-DellMCM - (no file) HKLM-Run-Monitor - c:\documents and settings\Tyler\Shared\My Documents\LeapFrog Connect\Monitor.exe HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe SharedTaskScheduler-{da3b49f6-8c54-4429-a275-21a86dcca413} - (no file) MSConfigStartUp-LogitechSoftwareUpdate - c:\program files\Logitech\Video\ManifestEngine.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe AddRemove-UPCShell - c:\documents and settings\Tyler\Shared\My Documents\LeapFrog Connect\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-02-09 16:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1060284298-796845957-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{66A02A72-AD5F-73FF-CFD5-1EFB10F8E5BA}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(380) c:\windows\system32\wmimgr32.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\Rundll32.exe c:\program files\Dell Photo AIO Printer 942\dlbubmon.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-02-09 16:51:57 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-09 23:51 Pre-Run: 34,665,443,328 bytes free Post-Run: 40,950,833,152 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 824C9623951AA7F8DBDDB5FFDF0978F3 [b]Combo.txt[/b] ComboFix 10-02-09.03 - Jim 02/09/2010 16:25:50.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.731 [GMT -7:00] Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Tyler\Application Data\Microsoft\winlog.exe C:\Thumbs.db c:\windows\EventSystem.log c:\windows\system32\COMCTL32.OCA c:\windows\system32\Data c:\windows\system32\wmimgr32.dll K:\Autorun.inf ----- BITS: Possible infected sites ----- hxxp://armmf.adobe.com . ((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 ))))))))))))))))))))))))))))))) . 2010-02-05 10:03 . 2010-02-05 10:03 -------- d-----w- c:\windows\system32\XPSViewer 2010-02-05 10:03 . 2010-02-05 10:03 -------- d-----w- c:\program files\MSBuild 2010-02-05 10:03 . 2010-02-05 10:03 -------- d-----w- c:\program files\Reference Assemblies 2010-02-05 10:03 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-02-05 10:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-02-05 10:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-02-05 10:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-02-05 10:03 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-02-05 10:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-02-05 10:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-02-05 10:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-02-05 10:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-02-04 14:59 . 2010-02-04 14:59 -------- d-----w- c:\program files\Trend Micro 2010-02-04 02:42 . 2010-02-04 02:42 -------- d-----w- c:\program files\ERUNT 2010-02-03 21:23 . 2010-02-03 21:10 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-02-03 21:10 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-02-03 21:07 . 2010-02-03 21:07 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2010-01-28 20:43 . 2010-01-28 20:57 -------- d-----w- c:\program files\RegCleaner 2010-01-28 20:29 . 2010-01-29 05:51 66592 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-01-28 20:29 . 2010-01-29 05:51 560928 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-01-28 20:10 . 2010-01-28 20:58 -------- dc----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2010-01-28 20:10 . 2010-01-28 20:10 -------- dc----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS 2010-01-28 19:18 . 2010-01-28 19:18 -------- d-----w- c:\documents and settings\Jim\Application Data\Malwarebytes 2010-01-28 19:18 . 2010-01-28 19:18 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-28 19:08 . 2010-01-28 20:58 -------- d-----w- c:\program files\Common Files\ParetoLogic 2010-01-28 19:08 . 2010-02-04 19:24 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\Downloaded Installations 2010-01-28 16:51 . 2010-01-28 16:51 -------- d-----w- c:\documents and settings\Jim\Application Data\Verizon Wireless 2010-01-27 20:34 . 2010-01-27 20:34 -------- d-----w- c:\documents and settings\Jim\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 2010-01-27 16:12 . 2010-01-27 19:31 -------- d-----w- c:\program files\Any DVD Cloner Platinum 2010-01-27 04:12 . 2010-01-27 04:12 -------- d-sh--w- c:\documents and settings\Dalton\IETldCache 2010-01-26 15:47 . 2010-01-26 15:47 -------- d-sh--w- c:\documents and settings\Tiffany\IETldCache 2010-01-25 01:54 . 2010-01-25 01:54 -------- d-sh--w- c:\documents and settings\Aurora\IETldCache 2010-01-24 23:41 . 2010-01-24 23:41 -------- d-sh--w- c:\documents and settings\Tyler\IECompatCache 2010-01-24 23:17 . 2010-01-24 23:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-01-24 22:46 . 2010-01-24 22:46 -------- d-sh--w- c:\documents and settings\Tyler\PrivacIE 2010-01-24 22:44 . 2010-01-24 22:44 -------- d-sh--w- c:\documents and settings\Tyler\IETldCache 2010-01-24 22:39 . 2010-01-24 22:39 -------- d-sh--w- c:\documents and settings\Jim\PrivacIE 2010-01-24 22:31 . 2010-01-24 22:31 -------- d-sh--w- c:\documents and settings\Jim\IETldCache 2010-01-24 22:28 . 2010-01-28 16:50 -------- d-----w- c:\windows\ie8updates 2010-01-24 22:26 . 2009-12-22 05:20 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-01-24 22:26 . 2009-12-22 05:20 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll 2010-01-24 22:21 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-01-24 22:21 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-01-24 22:21 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-01-24 22:21 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-01-24 22:21 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-01-24 22:21 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-01-24 22:20 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-01-19 04:26 . 2010-01-19 04:26 -------- d-----w- c:\windows\CC33E708A7954AB3908A8F45919BC097.TMP 2010-01-19 04:25 . 2010-01-19 04:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-19 04:21 . 2010-01-19 04:21 -------- d-----w- c:\program files\LeapFrog 2010-01-15 18:31 . 2010-01-17 16:31 -------- d--h--w- c:\windows\mw2mmgr32 2010-01-13 11:18 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-09 22:14 . 2009-02-24 16:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-02-09 20:33 . 2006-12-29 18:48 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-02-09 20:11 . 2007-01-11 22:52 -------- d-----w- c:\documents and settings\Tyler\Application Data\LimeWire 2010-02-09 15:28 . 2007-01-11 03:50 664 ----a-w- c:\documents and settings\Tyler\Local Settings\Application Data\d3d9caps.tmp 2010-02-09 04:48 . 2009-09-09 14:20 2175232 ----a-w- c:\documents and settings\Tyler\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.56.0.exe 2010-02-08 22:07 . 2007-12-08 16:17 -------- d-----w- c:\program files\Microsoft Money Plus 2010-02-08 04:22 . 2007-04-25 01:17 119216 ----a-w- c:\documents and settings\Jim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-07 23:15 . 2006-12-30 21:12 664 ----a-w- c:\documents and settings\Aurora\Local Settings\Application Data\d3d9caps.tmp 2010-02-07 19:24 . 2006-12-29 03:33 -------- d-----w- c:\documents and settings\Aurora\Application Data\LimeWire 2010-02-07 05:34 . 2009-08-31 00:29 93018 ----a-w- c:\documents and settings\Tyler\Application Data\MySpace\Toolbar\bin\Uninstall.exe 2010-02-07 00:47 . 2007-04-18 23:14 119216 ----a-w- c:\documents and settings\Dalton\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-05 23:11 . 2009-03-17 21:22 119216 ----a-w- c:\documents and settings\Aurora\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-04 21:10 . 2010-02-03 21:10 389784 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2010-02-04 21:10 . 2010-02-03 21:09 3803208 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2010-02-04 21:10 . 2010-02-03 21:09 823928 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2010-02-04 21:10 . 2010-02-03 21:09 1181328 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2010-02-03 21:10 . 2010-02-03 21:10 862040 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2010-02-03 21:10 . 2010-02-03 21:10 206944 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2010-02-03 21:10 . 2010-02-03 21:10 15880 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2010-02-03 21:10 . 2010-02-03 21:10 390288 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2010-02-03 21:10 . 2010-02-03 21:10 537576 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll 2010-02-03 21:10 . 2010-02-03 21:10 8 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll 2010-02-03 21:10 . 2010-02-03 21:10 163728 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2010-02-03 21:09 . 2010-02-03 21:09 6296864 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2010-02-03 21:09 . 2010-02-03 21:09 327000 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2010-02-03 21:09 . 2010-02-03 21:09 87496 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2010-02-03 21:09 . 2010-02-03 21:09 933120 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2010-02-03 21:09 . 2010-02-03 21:09 816784 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2010-02-03 21:09 . 2010-02-03 21:09 1643272 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2010-02-03 21:09 . 2010-02-03 21:09 788880 -c--a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2010-02-03 21:06 . 2007-12-08 18:36 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-02-03 07:28 . 2007-01-02 01:08 -------- d-----w- c:\program files\Google 2010-01-29 05:51 . 2010-01-28 20:29 9632 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-01-29 05:51 . 2010-01-28 20:29 8336 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-01-28 20:29 . 2010-01-28 20:29 146432 -c--a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe 2010-01-28 18:47 . 2006-12-29 03:18 -------- d-----w- c:\program files\Java 2010-01-28 18:37 . 2007-01-04 04:52 -------- d-----w- c:\program files\Jasc Software Inc 2010-01-28 15:52 . 2006-12-29 02:30 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee 2010-01-27 23:24 . 2010-01-27 23:24 503808 ----a-w- c:\documents and settings\Aurora\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-44f6253a-n\msvcp71.dll 2010-01-27 23:24 . 2010-01-27 23:24 499712 ----a-w- c:\documents and settings\Aurora\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-44f6253a-n\jmc.dll 2010-01-27 23:24 . 2010-01-27 23:24 348160 ----a-w- c:\documents and settings\Aurora\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-44f6253a-n\msvcr71.dll 2010-01-27 23:24 . 2010-01-27 23:24 61440 ----a-w- c:\documents and settings\Aurora\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-12d54fcc-n\decora-sse.dll 2010-01-27 23:24 . 2010-01-27 23:24 12800 ----a-w- c:\documents and settings\Aurora\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-12d54fcc-n\decora-d3d.dll 2010-01-27 18:52 . 2010-01-27 18:52 503808 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7fc19ca6-n\msvcp71.dll 2010-01-27 18:52 . 2010-01-27 18:52 499712 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7fc19ca6-n\jmc.dll 2010-01-27 18:52 . 2010-01-27 18:52 348160 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7fc19ca6-n\msvcr71.dll 2010-01-27 18:52 . 2010-01-27 18:52 61440 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-41aa2478-n\decora-sse.dll 2010-01-27 18:52 . 2010-01-27 18:52 12800 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-41aa2478-n\decora-d3d.dll 2010-01-27 18:46 . 2010-02-09 19:09 57344 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll 2010-01-27 16:12 . 2008-05-17 14:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-27 14:49 . 2006-12-29 03:15 -------- d-----w- c:\program files\Common Files\Java 2010-01-27 14:44 . 2010-01-27 14:44 348160 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25ac1ce9-n\msvcr71.dll 2010-01-27 14:44 . 2010-01-27 14:44 503808 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25ac1ce9-n\msvcp71.dll 2010-01-27 14:44 . 2010-01-27 14:44 499712 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25ac1ce9-n\jmc.dll 2010-01-27 14:43 . 2010-01-27 14:43 61440 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7070c05f-n\decora-sse.dll 2010-01-27 14:43 . 2010-01-27 14:43 12800 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7070c05f-n\decora-d3d.dll 2010-01-26 20:30 . 2006-12-29 03:39 -------- d-----w- c:\documents and settings\Tiffany\Application Data\LimeWire 2010-01-25 04:27 . 2006-12-29 01:40 110592 ----a-w- c:\windows\Updreg.EXE 2010-01-19 04:25 . 2010-01-19 04:25 28696928 -c--a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe 2010-01-19 04:22 . 2010-01-19 04:22 3106632 -c--a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\MyPalsPlugin.exe 2010-01-15 18:49 . 2007-02-26 00:14 -------- d-----w- c:\program files\Windows Media Connect 2 2010-01-15 18:48 . 2009-10-27 15:10 -------- d-----w- c:\program files\iPod 2010-01-15 16:00 . 2007-12-17 02:27 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-08 04:10 . 2010-01-08 04:10 -------- d-----w- c:\documents and settings\Tyler\Application Data\Sony 2010-01-07 01:31 . 2006-12-29 02:55 -------- d-----w- c:\documents and settings\Jim\Application Data\Apple Computer 2010-01-06 23:01 . 2007-01-21 21:25 664 ----a-w- c:\documents and settings\Dalton\Local Settings\Application Data\d3d9caps.tmp 2009-12-26 21:05 . 2009-12-26 21:05 -------- dc----w- c:\documents and settings\All Users\Application Data\Leapfrog 2009-12-24 05:25 . 2009-12-24 05:25 -------- d-----w- c:\documents and settings\Tyler\Application Data\CyberLink 2009-12-22 05:21 . 2004-08-12 14:09 667136 ----a-w- c:\windows\system32\wininet.dll 2009-12-20 12:36 . 2007-01-11 01:23 -------- d-----w- c:\documents and settings\Tyler\Application Data\Apple Computer 2009-12-18 00:14 . 2008-12-20 06:35 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-16 21:42 . 2010-01-19 22:54 872960 ----a-w- c:\documents and settings\Aurora\Application Data\Mozilla\Firefox\Profiles\r3eku69m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-12-16 21:42 . 2009-12-20 12:32 872960 ----a-w- c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\mjlg72ns.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-12-16 21:42 . 2010-01-19 22:54 43008 ----a-w- c:\documents and settings\Aurora\Application Data\Mozilla\Firefox\Profiles\r3eku69m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-12-16 21:42 . 2009-12-20 12:32 43008 ----a-w- c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\mjlg72ns.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-12-16 21:42 . 2010-01-19 22:54 340480 ----a-w- c:\documents and settings\Aurora\Application Data\Mozilla\Firefox\Profiles\r3eku69m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-12-16 21:42 . 2009-12-20 12:32 340480 ----a-w- c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\mjlg72ns.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-12-16 21:41 . 2010-01-19 22:54 346624 ----a-w- c:\documents and settings\Aurora\Application Data\Mozilla\Firefox\Profiles\r3eku69m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-12-16 21:41 . 2009-12-20 12:32 346624 ----a-w- c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\mjlg72ns.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-12-07 14:10 . 2010-02-03 21:07 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe 2009-11-24 18:53 . 2009-12-29 17:10 57344 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}-trash\components\nsCatcher.dll 2009-11-21 15:51 . 2004-08-12 13:55 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-19 18:48 . 2009-12-02 02:11 872960 ----a-w- c:\documents and settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\d5cxuzn7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-11-19 18:48 . 2009-12-01 16:14 872960 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-11-19 18:48 . 2009-12-02 02:11 43008 ----a-w- c:\documents and settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\d5cxuzn7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-11-19 18:48 . 2009-12-01 16:14 43008 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-11-19 18:48 . 2009-12-02 02:11 340480 ----a-w- c:\documents and settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\d5cxuzn7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-11-19 18:48 . 2009-12-01 16:14 340480 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-11-19 18:48 . 2009-12-02 02:11 346624 ----a-w- c:\documents and settings\Tiffany\Application Data\Mozilla\Firefox\Profiles\d5cxuzn7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-11-19 18:48 . 2009-12-01 16:14 346624 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2007-10-07 20:22 . 2007-10-07 20:22 0 ---ha-w- c:\program files\AppUpdate.log . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 77824] "P17Helper"="P17.dll" [2004-06-10 60928] "UpdReg"="c:\windows\UpdReg.EXE" [2010-01-25 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 143360] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 217088] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 315392] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 438272] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] c:\documents and settings\Tyler\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-7-31 160256] c:\documents and settings\Jim\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 59392] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 86016] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor.lnk backup=c:\windows\pss\Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\Jim\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellMCM] 2004-07-27 14:08 282624 ----a-w- c:\program files\Dell Photo AIO Printer 942\memcard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] 2004-10-12 23:54 77824 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-09-21 22:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QUICKCARE] 2006-11-08 03:07 212992 ----a-w- c:\program files\Qwest\QuickCare\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-05 07:54 438272 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] 2004-01-07 08:01 131072 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "KodakCCS"=3 (0x3) "Creative Service for CDROM Access"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "usnjsvc"=3 (0x3) "MpfService"=2 (0x2) "McSysmon"=3 (0x3) "McShield"=2 (0x2) "McProxy"=2 (0x2) "McODS"=3 (0x3) "McNASvc"=2 (0x2) "mcmscsvc"=2 (0x2) "iPod Service"=3 (0x3) "dlbu_device"=3 (0x3) "Apple Mobile Device"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\ABBYY FineReader 5.0 Sprint\\Sprint.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/3/2010 2:10 PM 64288] S2 gupdate1c9969f58790564;Google Update Service (gupdate1c9969f58790564);c:\program files\Google\Update\GoogleUpdate.exe [2/24/2009 9:45 AM 133104] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 6:19 AM 1181328] . Contents of the 'Scheduled Tasks' folder 2010-02-09 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:10] 2010-02-09 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:10] 2010-02-09 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:10] 2010-02-09 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:10] 2010-02-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:10] 2010-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2010-02-09 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-24 01:16] 2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 16:45] 2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 16:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://msn.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - component: c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\2maaxve9.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKLM-Run-DellMCM - (no file) HKLM-Run-Monitor - c:\documents and settings\Tyler\Shared\My Documents\LeapFrog Connect\Monitor.exe HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe SharedTaskScheduler-{da3b49f6-8c54-4429-a275-21a86dcca413} - (no file) MSConfigStartUp-LogitechSoftwareUpdate - c:\program files\Logitech\Video\ManifestEngine.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe AddRemove-UPCShell - c:\documents and settings\Tyler\Shared\My Documents\LeapFrog Connect\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-02-09 16:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1060284298-796845957-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{66A02A72-AD5F-73FF-CFD5-1EFB10F8E5BA}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(380) c:\windows\system32\wmimgr32.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\Rundll32.exe c:\program files\Dell Photo AIO Printer 942\dlbubmon.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-02-09 16:51:57 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-09 23:51 Pre-Run: 34,665,443,328 bytes free Post-Run: 40,950,833,152 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 824C9623951AA7F8DBDDB5FFDF0978F3
  11. [b]Attach:[/b] UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-09-29.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 12/28/2006 5:48:05 PM System Uptime: 2/9/2010 8:24:34 AM (4 hours ago) Motherboard: Dell Inc. | | 0U7077 Processor: Intel® Pentium® 4 CPU 3.40GHz | Microprocessor | 3391/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 71 GiB total, 31.614 GiB free. D: is Removable E: is CDROM () F: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable K: is FIXED (NTFS) - 466 GiB total, 416.198 GiB free. L: is Removable ==== Disabled Device Manager Items ============= Class GUID: Description: Video Controller (VGA Compatible) Device ID: PCI\VEN_1002&DEV_5B60&SUBSYS_03021002&REV_00\4&16EC1A1&0&0008 Manufacturer: Name: Video Controller (VGA Compatible) PNP Device ID: PCI\VEN_1002&DEV_5B60&SUBSYS_03021002&REV_00\4&16EC1A1&0&0008 Service: Class GUID: Description: Video Controller Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&16EC1A1&0&0108 Manufacturer: Name: Video Controller PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&16EC1A1&0&0108 Service: Class GUID: Description: Multimedia Audio Controller Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2 Manufacturer: Name: Multimedia Audio Controller PNP Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2 Service: ==== System Restore Points =================== RP1163: 2/3/2010 7:41:25 PM - Automatic Restore Point RP1164: 2/4/2010 8:54:41 PM - System Checkpoint RP1165: 2/5/2010 3:00:15 AM - Software Distribution Service 3.0 RP1166: 2/5/2010 3:23:37 AM - Printer Driver Microsoft XPS Document Writer Installed RP1167: 2/6/2010 3:00:16 AM - Software Distribution Service 3.0 RP1168: 2/7/2010 3:15:07 AM - System Checkpoint RP1169: 2/8/2010 3:28:42 AM - System Checkpoint RP1170: 2/9/2010 9:32:38 AM - System Checkpoint ==== Installed Programs ====================== ABBYY FineReader 5.0 Sprint Plus Actiontec Gateway Ad-Aware Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Photoshop Album 2.0 Starter Edition Adobe Reader 8.2.0 Amazon3 Any DVD Cloner Platinum 1.0.4 Apple Application Support Apple Mobile Device Support Apple Software Update Bible Quiz For Kids BL2003 Registration Bonjour Broadcom Gigabit Integrated Controller Broderbund Business Lawyer 2003 CCScore Conexant D850 56K V.9x DFVc Modem Creative MediaSource Critical Update for Windows Media Player 11 (KB959772) DeductionPro 2006 DeductionPro 2007 DeductionPro 2008 Dell Photo AIO Printer 942 Dell ResourceCD ERUNT 1.1j ESSBrwr ESSCDBK ESScore ESSCT ESSgui ESShelp ESSini ESSPCD ESSSONIC ESSTOOLS ESSTUTOR ESSvpaht ESSvpot Google Chrome Google Earth Google Update Helper Google Updater HijackThis 2.0.2 HLPIndex HLPRFO Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB895961-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) hp deskjet 960c series (Remove only) Intel® Matrix Storage Manager iTunes J2SE Runtime Environment 5.0 Update 11 Java Auto Updater Java(tm) 6 Update 18 Kodak EasyShare software LeapFrog Connect LeapFrog My Pals Plugin LG USB Modem driver LimeWire 5.2.13 Logitech® Camera Driver Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Money Plus Microsoft Money Shared Libraries Microsoft Office 2000 SR-1 Disc 2 Microsoft Office 2000 SR-1 Small Business Microsoft Office PowerPoint Viewer 2007 (English) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.17) MSN MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK NBX Audio Converter v2 Notifier OTtBP OTtBPSDK Pdf995 (installed by TaxCut) PdfEdit995 (installed by TaxCut) Picasa 3 PowerDVD 5.3 QuickConnect QuickTime Qwest eChat Support Tools Qwest QuickCare 2.0 Samsung CamCorder Driver Samsung SMP4 Video Codec Uninstall SanDisk TransferMate Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB976325) SFR SHASTA SierraHome Print Artist 8.0 SKIN0001 SKINXSDK Smart FLV Converter 3.3.2.56 Sonic DLA Sonic MyDVD Sonic RecordNow! Sonic Update Manager Sothink FLV Player Sothink SWF Converter Sound Blaster Live! 24-bit TaxCut Basic + Efile 2008 TaxCut Deluxe Trial 2005 TaxCut Premium 2006 TaxCut Premium 2007 The Print Shop Brochures, Newsletters and More! The Print Shop Business Card Creator Ulead Photo Express 4.0 SE Ulead VideoStudio 7 SE DVD Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB976749) Update for Windows XP (KB978207) Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VPRINTOL WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver WIRELESS Yahoo! Messenger ==== Event Viewer Messages From Past Week ======== 2/3/2010 2:05:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd 2/3/2010 2:01:58 PM, error: Print [19] - Sharing printer failed + 1722, Printer hp deskjet 960c series share name Printer. ==== End Of File ===========================
  12. [b]DDS[/b] DDS (Ver_09-09-29.01) - NTFSx86 Run by Jim at 12:12:34.04 on Tue 02/09/2010 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.333 [GMT -7:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Jim\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://msn.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r mRun: [P17Helper] Rundll32 P17.dll,P17Helper mRun: [UpdReg] c:\windows\UpdReg.EXE mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [Dell Photo AIO Printer 942] "c:\program files\dell photo aio printer 942\dlbubmgr.exe" mRun: [DellMCM] mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Monitor] "c:\documents and settings\tyler\shared\my documents\leapfrog connect\Monitor.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\jim\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_18.dll DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://ra.qwest.com/sdccommon/download/tgctlcm.cab DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll STS: {da3b49f6-8c54-4429-a275-21a86dcca413} - No File ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jim\applic~1\mozilla\firefox\profiles\2maaxve9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - component: c:\documents and settings\jim\application data\mozilla\firefox\profiles\2maaxve9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\jim\application data\mozilla\firefox\profiles\2maaxve9.default\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\components\nsCatcher.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-3 64288] S2 gupdate1c9969f58790564;Google Update Service (gupdate1c9969f58790564);c:\program files\google\update\GoogleUpdate.exe [2009-2-24 133104] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328] S2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;"c:\documents and settings\tyler\shared\my documents\leapfrog connect\commandservice.exe" --> c:\documents and settings\tyler\shared\my documents\leapfrog connect\CommandService.exe [?] =============== Created Last 30 ================ 2010-02-09 12:08 23,552 a------- c:\windows\system32\wmimgr32.dll 2010-02-08 15:20 17,474,087 ac---r-- C:\mymoney Backup_2010-02-08_152019.mbf 2010-02-08 14:52 17,080,775 ac---r-- C:\mymoney Backup_2010-02-08_145255.mbf 2010-02-05 04:32 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat 2010-02-05 03:03 <DIR> --d----- c:\windows\system32\XPSViewer 2010-02-05 03:03 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-02-05 03:03 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-02-05 03:03 117,760 -------- c:\windows\system32\prntvpt.dll 2010-02-05 03:03 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll 2010-02-05 03:03 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll 2010-02-05 03:03 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2010-02-05 03:03 575,488 -------- c:\windows\system32\xpsshhdr.dll 2010-02-04 07:59 <DIR> --d----- c:\program files\Trend Micro 2010-02-03 14:23 15,880 a------- c:\windows\system32\lsdelete.exe 2010-02-03 14:10 64,288 a------- c:\windows\system32\drivers\Lbd.sys 2010-02-03 14:07 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2010-01-28 13:43 <DIR> --d----- c:\program files\RegCleaner 2010-01-28 13:29 560,928 a--sh--- c:\windows\system32\drivers\fidbox.dat 2010-01-28 13:29 66,592 a--sh--- c:\windows\system32\drivers\fidbox2.dat 2010-01-28 13:29 9,632 a--sh--- c:\windows\system32\drivers\fidbox.idx 2010-01-28 13:29 8,336 a--sh--- c:\windows\system32\drivers\fidbox2.idx 2010-01-28 13:29 2,728 ac------ C:\rollback.ini 2010-01-28 13:10 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\ParetoLogic Anti-Virus PLUS 2010-01-28 13:10 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\ParetoLogic 2010-01-28 12:18 <DIR> --d----- c:\docume~1\jim\applic~1\Malwarebytes 2010-01-28 12:18 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-01-28 12:08 <DIR> --d----- c:\program files\common files\ParetoLogic 2010-01-28 09:51 <DIR> --d----- c:\docume~1\jim\applic~1\Verizon Wireless 2010-01-27 13:34 <DIR> --d----- c:\docume~1\jim\applic~1\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 2010-01-27 09:12 <DIR> --d----- c:\program files\Any DVD Cloner Platinum 2010-01-24 15:39 <DIR> --dsh--- c:\documents and settings\jim\PrivacIE 2010-01-24 15:31 <DIR> --dsh--- c:\documents and settings\jim\IETldCache 2010-01-24 15:28 <DIR> --d----- c:\windows\ie8updates 2010-01-24 15:26 81,920 a------- c:\windows\system32\ieencode.dll 2010-01-24 15:26 81,920 a------- c:\windows\system32\dllcache\ieencode.dll 2010-01-24 15:21 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll 2010-01-24 15:21 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2010-01-24 15:21 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2010-01-24 15:21 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2010-01-24 15:21 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll 2010-01-24 15:21 11,070,464 -c------ c:\windows\system32\dllcache\ieframe.dll 2010-01-24 15:20 92,160 -c------ c:\windows\system32\dllcache\iecompat.dll 2010-01-18 21:26 <DIR> --d----- c:\windows\CC33E708A7954AB3908A8F45919BC097.TMP 2010-01-18 21:26 110 a------- c:\windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini 2010-01-18 21:25 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2010-01-18 21:21 <DIR> --d----- c:\program files\LeapFrog 2010-01-15 11:41 35 ac------ C:\FILE_ID.DIZ 2010-01-15 11:31 <DIR> --d-h--- c:\windows\mw2mmgr32 2010-01-13 04:18 471,552 -c------ c:\windows\system32\dllcache\aclayers.dll ==================== Find3M ==================== 2010-01-24 21:27 110,592 a------- c:\windows\Updreg.EXE 2009-12-21 22:21 667,136 a------- c:\windows\system32\wininet.dll 2009-12-17 17:14 411,368 a------- c:\windows\system32\deploytk.dll 2009-11-21 08:51 471,552 a------- c:\windows\apppatch\aclayers.dll 2009-07-17 10:55 300,848 ac------ c:\documents and settings\all users\dcmsvcsetup.exe 2009-07-17 10:55 27,136 ac------ c:\documents and settings\all users\invokesi.exe 2007-11-28 11:26 8 a------- c:\docume~1\jim\applic~1\usb.dat.bin 2007-10-07 13:22 0 a---h--- c:\program files\AppUpdate.log ============= FINISH: 12:13:20.32 ===============
  13. GMER Log: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-02-04 07:59:00 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\Jim\LOCALS~1\Temp\kgliypod.sys ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF75BE87E] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF75BEBFE] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + F0 804E274C 4 Bytes CALL 169F1EAC ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) Device \FileSystem\Fastfat \Fat B1F51D20 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\[email protected] xfdl_auto_file Reg HKLM\SOFTWARE\Classes\CHROME\DefaultIcon Reg HKLM\SOFTWARE\Classes\CHROME\[email protected] C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE,1 Reg HKLM\SOFTWARE\Classes\CHROME\shell Reg HKLM\SOFTWARE\Classes\CHROME\shell\open Reg HKLM\SOFTWARE\Classes\CHROME\shell\open\command Reg HKLM\SOFTWARE\Classes\CHROME\shell\open\[email protected] C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE -url "%1" Reg HKLM\SOFTWARE\Classes\[email protected] MVSVer.McVSVer.1 Reg HKLM\SOFTWARE\Classes\[email protected] Reg HKLM\SOFTWARE\Classes\downloadhost_auto_file\shell Reg HKLM\SOFTWARE\Classes\downloadhost_auto_file\shell\open Reg HKLM\SOFTWARE\Classes\downloadhost_auto_file\shell\open\command Reg HKLM\SOFTWARE\Classes\downloadhost_auto_file\shell\open\[email protected] "C:\Program Files\Netscape\Netscape Browser\netscape.exe" "%1" Reg HKLM\SOFTWARE\Classes\GPI\Settings Reg HKLM\SOFTWARE\Classes\GPI\[email protected] 8H2BKG0 Reg HKLM\SOFTWARE\Classes\GPI\[email protected] 8H1RKH0 Reg HKLM\SOFTWARE\Classes\[email protected] Reg HKLM\SOFTWARE\Classes\itdb_auto_file\shell Reg HKLM\SOFTWARE\Classes\itdb_auto_file\[email protected] play Reg HKLM\SOFTWARE\Classes\itdb_auto_file\shell\open Reg HKLM\SOFTWARE\Classes\itdb_auto_file\shell\[email protected] &Open Reg HKLM\SOFTWARE\Classes\itdb_auto_file\shell\open\command Reg HKLM\SOFTWARE\Classes\itdb_auto_file\shell\open\[email protected] "C:\Program Files\iTunes\iTunes.exe" /open "%L" Reg HKLM\SOFTWARE\Classes\itdb_auto_file\shell\play Reg HKLM\SOFTWARE\Classes\itdb_auto_file\shell\[email protected] &Play Reg HKLM\SOFTWARE\Classes\itdb_auto_file\shell\play\command Reg HKLM\SOFTWARE\Classes\itdb_auto_file\shell\play\[email protected] "C:\Program Files\iTunes\iTunes.exe" /play "%L" Reg HKLM\SOFTWARE\Classes\[email protected] Reg HKLM\SOFTWARE\Classes\itl_auto_file\shell Reg HKLM\SOFTWARE\Classes\itl_auto_file\[email protected] play Reg HKLM\SOFTWARE\Classes\itl_auto_file\shell\open Reg HKLM\SOFTWARE\Classes\itl_auto_file\shell\[email protected] &Open Reg HKLM\SOFTWARE\Classes\itl_auto_file\shell\open\command Reg HKLM\SOFTWARE\Classes\itl_auto_file\shell\open\[email protected] "C:\Program Files\iTunes\iTunes.exe" /open "%L" Reg HKLM\SOFTWARE\Classes\itl_auto_file\shell\play Reg HKLM\SOFTWARE\Classes\itl_auto_file\shell\[email protected] &Play Reg HKLM\SOFTWARE\Classes\itl_auto_file\shell\play\command Reg HKLM\SOFTWARE\Classes\itl_auto_file\shell\play\[email protected] "C:\Program Files\iTunes\iTunes.exe" /play "%L" Reg HKLM\SOFTWARE\Classes\[email protected] Reg HKLM\SOFTWARE\Classes\mailhost_auto_file\shell Reg HKLM\SOFTWARE\Classes\mailhost_auto_file\shell\open Reg HKLM\SOFTWARE\Classes\mailhost_auto_file\shell\open\command Reg HKLM\SOFTWARE\Classes\mailhost_auto_file\shell\open\[email protected] "C:\Program Files\Netscape\Netscape Browser\netscape.exe" "%1" Reg HKLM\SOFTWARE\Classes\[email protected] McAfee MCODS Reg HKLM\SOFTWARE\Classes\McAfee.MCVSODS.1\CLSID Reg HKLM\SOFTWARE\Classes\McAfee.MCVSODS.1\[email protected] {C98F04D7-CD30-4bb0-B7D7-8DD7448520F2} Reg HKLM\SOFTWARE\Classes\[email protected] Reg HKLM\SOFTWARE\Classes\mny_auto_file\shell Reg HKLM\SOFTWARE\Classes\mny_auto_file\shell\open Reg HKLM\SOFTWARE\Classes\mny_auto_file\shell\open\command Reg HKLM\SOFTWARE\Classes\mny_auto_file\shell\open\[email protected] "C:\Program Files\Microsoft Money Plus\Money Plus.lnk" %1 Reg HKLM\SOFTWARE\Classes\[email protected] Reg HKLM\SOFTWARE\Classes\pdf_auto_file\shell Reg HKLM\SOFTWARE\Classes\pdf_auto_file\shell\Read Reg HKLM\SOFTWARE\Classes\pdf_auto_file\shell\Read\command Reg HKLM\SOFTWARE\Classes\pdf_auto_file\shell\Read\[email protected] "C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe" "%1" Reg HKLM\SOFTWARE\Classes\[email protected] SupportSoft Browser Container Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer\CLSID Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer\[email protected] {01011200-5e80-11d8-9e86-0007e96c65ae} Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer\CurVer Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer\[email protected] SPRT.BrowserContainer.1 Reg HKLM\SOFTWARE\Classes\[email protected] SupportSoft Browser Container Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer.1\CLSID Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer.1\[email protected] {01011200-5e80-11d8-9e86-0007e96c65ae} Reg HKLM\SOFTWARE\Classes\[email protected] SSCheck Control Reg HKLM\SOFTWARE\Classes\Threed.SSCheck.2\CLSID Reg HKLM\SOFTWARE\Classes\Threed.SSCheck.2\[email protected] {4113FBA2-F14B-11CF-9C79-0000C09300C4} Reg HKLM\SOFTWARE\Classes\[email protected] SSCommand Control Reg HKLM\SOFTWARE\Classes\Threed.SSCommand.2\CLSID Reg HKLM\SOFTWARE\Classes\Threed.SSCommand.2\[email protected] {AAD093B2-F9CA-11CF-9C85-0000C09300C4} Reg HKLM\SOFTWARE\Classes\[email protected] SSFrame Control Reg HKLM\SOFTWARE\Classes\Threed.SSFrame.2\CLSID Reg HKLM\SOFTWARE\Classes\Threed.SSFrame.2\[email protected] {1E8B9953-DB45-11CF-9B47-0000C0F04C96} Reg HKLM\SOFTWARE\Classes\[email protected] SSOption Control Reg HKLM\SOFTWARE\Classes\Threed.SSOption.2\CLSID Reg HKLM\SOFTWARE\Classes\Threed.SSOption.2\[email protected] {EFF47B00-EEB2-11CF-8602-0000C09300C4} Reg HKLM\SOFTWARE\Classes\[email protected] SSPanel Control Reg HKLM\SOFTWARE\Classes\Threed.SSPanel.2\CLSID Reg HKLM\SOFTWARE\Classes\Threed.SSPanel.2\[email protected] {240210C2-E3B3-11CF-BE3F-0000C0F04C96} Reg HKLM\SOFTWARE\Classes\[email protected] SSRibbon Control Reg HKLM\SOFTWARE\Classes\Threed.SSRibbon.2\CLSID Reg HKLM\SOFTWARE\Classes\Threed.SSRibbon.2\[email protected] {B28088C2-F453-11CF-9C7D-0000C09300C4} Reg HKLM\SOFTWARE\Classes\[email protected] Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\she[email protected] Open Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\New Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\[email protected] &New Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\New\command Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\New\[email protected] "C:\Program Files\Microsoft Office\Office\EXCEL.EXE" /e Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\New\[email protected] 4FC!!gxsf(Ng]qF`H{LsEXCELFiles>xlT]jI{jf(=1&L[-81-] /e? Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\New\ddeexec Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\New\[email protected] [new("%1")] Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\New\ddeexec\application Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\New\ddeexec\[email protected] Excel Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\New\ddeexec\topic Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\New\ddeexec\[email protected] system Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Open Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Open\command Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Open\[email protected] "C:\Program Files\Microsoft Office\Office\EXCEL.EXE" /e Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Open\[email protected] 4FC!!gxsf(Ng]qF`H{LsEXCELFiles>xlT]jI{jf(=1&L[-81-] /e? Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Open\ddeexec Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Open\[email protected] [open("%1")] Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Open\ddeexec\application Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Open\ddeexec\[email protected] Excel Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Open\ddeexec\topic Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Open\ddeexec\[email protected] system Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Print Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Print\command Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Print\[email protected] "C:\Program Files\Microsoft Office\Office\EXCEL.EXE" /e Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Print\[email protected] 4FC!!gxsf(Ng]qF`H{LsEXCELFiles>xlT]jI{jf(=1&L[-81-] /e? Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Print\ddeexec Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Print\[email protected] [open("%1")][print()][close()] Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Print\ddeexec\application Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Print\ddeexec\[email protected] Excel Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Print\ddeexec\ifexec Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Print\ddeexec\[email protected] [open("%1")][print()][quit()] Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Print\ddeexec\topic Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Print\ddeexec\[email protected] system Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Printto Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Printto\command Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Printto\[email protected] "C:\Program Files\Microsoft Office\Office\EXCEL.EXE" /e Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Printto\[email protected] 4FC!!gxsf(Ng]qF`H{LsEXCELFiles>xlT]jI{jf(=1&L[-81-] /e? Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Printto\ddeexec Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Printto\[email protected] [open("%1")][print(1,,,,,,,,,,,2,"%2")][close()] Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Printto\ddeexec\application Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Printto\ddeexec\[email protected] Excel Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Printto\ddeexec\ifexec Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Printto\ddeexec\[email protected] [open("%1")][print(1,,,,,,,,,,,2,"%2")][quit()] Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Printto\ddeexec\topic Reg HKLM\SOFTWARE\Classes\xfdl_auto_file\shell\Printto\ddeexec\[email protected] system Reg HKLM\SOFTWARE\Classes\[email protected] Reg HKLM\SOFTWARE\Classes\xml_auto_file\shell Reg HKLM\SOFTWARE\Classes\xml_auto_file\[email protected] play Reg HKLM\SOFTWARE\Classes\xml_auto_file\shell\open Reg HKLM\SOFTWARE\Classes\xml_auto_file\shell\[email protected] &Open Reg HKLM\SOFTWARE\Classes\xml_auto_file\shell\open\command Reg HKLM\SOFTWARE\Classes\xml_auto_file\shell\open\[email protected] "C:\Program Files\iTunes\iTunes.exe" /open "%L" Reg HKLM\SOFTWARE\Classes\xml_auto_file\shell\play Reg HKLM\SOFTWARE\Classes\xml_auto_file\shell\[email protected] &Play Reg HKLM\SOFTWARE\Classes\xml_auto_file\shell\play\command Reg HKLM\SOFTWARE\Classes\xml_auto_file\shell\play\[email protected] "C:\Program Files\iTunes\iTunes.exe" /play "%L" Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{66A02A72-AD5F-73FF-CFD5-1EFB10F8E5BA} ---- EOF - GMER 1.0.15 ---- HiJack This Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:00:16 AM, on 2/4/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\QuickTime\QuickTimePlayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Monitor] "C:\Documents and Settings\Tyler\Shared\My Documents\LeapFrog Connect\Monitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKUS\S-1-5-21-1060284298-796845957-839522115-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Aurora') O4 - HKUS\S-1-5-21-1060284298-796845957-839522115-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Aurora') O4 - HKUS\S-1-5-21-1060284298-796845957-839522115-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Aurora') O4 - HKUS\S-1-5-21-1060284298-796845957-839522115-1007\..\Run: [winlog.exe] C:\Documents and Settings\Aurora\Application Data\Microsoft\winlog.exe (User 'Aurora') O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - https://ra.qwest.com/sdccommon/download/tgctlins.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://ra.qwest.com/sdccommon/download/tgctlcm.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O22 - SharedTaskScheduler: admissibility - {da3b49f6-8c54-4429-a275-21a86dcca413} - (no file) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe O23 - Service: Google Update Service (gupdate1c9969f58790564) (gupdate1c9969f58790564) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Documents and Settings\Tyler\Shared\My Documents\LeapFrog Connect\CommandService.exe (file missing) -- End of file - 6492 bytes AdAware Log: MSG [1544] 2010/02/03 19:44:14: Configure new scan with profile: smart MSG [1544] 2010/02/03 19:44:14: -> scanning critical objects MSG [1544] 2010/02/03 19:44:14: -> scanning running processes MSG [1544] 2010/02/03 19:44:14: -> scanning registry MSG [1544] 2010/02/03 19:44:14: -> scanning lsp MSG [1544] 2010/02/03 19:44:14: -> scanning browser hijacks MSG [1544] 2010/02/03 19:44:14: -> scanning cookies MSG [1544] 2010/02/03 19:44:14: -> neutralizing rootkits MSG [1544] 2010/02/03 19:44:14: -> use mild rootkit detection MSG [1544] 2010/02/03 19:44:14: -> use spyware heuristics MSG [1544] 2010/02/03 19:44:14: -> use medium heuristics MSG [1544] 2010/02/03 19:44:14: -> scan only executables MSG [1544] 2010/02/03 19:44:14: -> file size limit = 20480 kB (0 = unlimited) ERR [1544] 2010/02/03 19:44:14: SDKController::GetInfectionList -> Not in found infections state ERR [1544] 2010/02/03 19:47:18: SDKController::StartScan -> Scan already in progress MSG [2456] 2010/02/03 20:01:48: Scan was completed in 1054 seconds MSG [2456] 2010/02/03 20:01:48: Objects processed: 63067, infections detected: 16 MSG [3588] 2010/02/03 20:01:49: Remediating 16 infections MSG [3588] 2010/02/03 20:01:53: Reboot required to clean: c:\windows\system32\wmimgr32.dll MSG [3588] 2010/02/03 20:01:53: Infections quarantined: 1, removed: 15, repaired: 0 MSG [3588] 2010/02/03 20:01:53: Infections ignored by remediation: 0 (0 whitelisted, 0 skipped). MSG [1544] 2010/02/03 20:01:54: Dumping scan report: >>> Logfile created: 2/3/2010 19:44:14 >>> Lavasoft Ad-Aware version: 8.1.4 >>> User performing scan: Jim >>> >>> *********************** Definitions database information *********************** >>> Lavasoft definition file: 149.146 >>> Genotype definition file version: 2010/02/02 15:16:55 >>> >>> ******************************** Scan results: ********************************* >>> Scan profile name: Smart Scan (ID: smart) >>> Objects scanned: 63067 >>> Objects detected: 16 >>> >>> >>> Type Detected >>> ========================== >>> Processes.......: 1 >>> Registry entries: 0 >>> Hostfile entries: 0 >>> Files...........: 0 >>> Folders.........: 0 >>> LSPs............: 0 >>> Cookies.........: 15 >>> Browser hijacks.: 0 >>> MRU objects.....: 0 >>> >>> >>> >>> Removed items: >>> Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0 >>> Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0 >>> Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0 >>> Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0 >>> Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0 >>> Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 >>> Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 >>> Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 >>> Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 >>> Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 >>> Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 >>> Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 >>> Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0 >>> Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0 >>> Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0 >>> >>> Quarantined items: >>> Description: c:\windows\system32\wmimgr32.dll Family Name: Win32.Worm.Mydoom Engine: 1 Clean status: Reboot required Item ID: 171382 Family ID: 4399 >>> >>> Scan and cleaning complete: Finished correctly after 1054 seconds >>> >>> *********************************** Settings *********************************** >>> >>> Scan profile: >>> ID: smart, enabled:1, value: Smart Scan >>> ID: folderstoscan, enabled:1, value: >>> ID: useantivirus, enabled:1, value: true >>> ID: sections, enabled:1 >>> ID: scancriticalareas, enabled:1, value: true >>> ID: scanrunningapps, enabled:1, value: true >>> ID: scanregistry, enabled:1, value: true >>> ID: scanlsp, enabled:1, value: true >>> ID: scanads, enabled:1, value: false >>> ID: scanhostsfile, enabled:1, value: false >>> ID: scanmru, enabled:1, value: false >>> ID: scanbrowserhijacks, enabled:1, value: true >>> ID: scantrackingcookies, enabled:1, value: true >>> ID: closebrowsers, enabled:1, value: false >>> ID: filescanningoptions, enabled:1 >>> ID: archives, enabled:1, value: false >>> ID: onlyexecutables, enabled:1, value: true >>> ID: skiplargerthan, enabled:1, value: 20480 >>> ID: scanrootkits, enabled:1, value: true >>> ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict >>> ID: usespywareheuristics, enabled:1, value: true >>> >>> Scan global: >>> ID: global, enabled:1 >>> ID: addtocontextmenu, enabled:1, value: true >>> ID: playsoundoninfection, enabled:1, value: false >>> ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav >>> >>> Scheduled scan settings: >>> <Empty> >>> >>> Update settings: >>> ID: updates, enabled:1 >>> ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently >>> ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall >>> ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall >>> ID: schedules, enabled:1, value: true >>> ID: updatedaily1, enabled:1, value: Daily 1 >>> ID: time, enabled:1, value: Wed Feb 03 14:10:00 2010 >>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: false >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: false >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> ID: updatedaily2, enabled:1, value: Daily 2 >>> ID: time, enabled:1, value: Wed Feb 03 20:10:00 2010 >>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: false >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: false >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> ID: updatedaily3, enabled:1, value: Daily 3 >>> ID: time, enabled:1, value: Wed Feb 03 02:10:00 2010 >>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: false >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: false >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> ID: updatedaily4, enabled:1, value: Daily 4 >>> ID: time, enabled:1, value: Wed Feb 03 08:10:00 2010 >>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: false >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: false >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> ID: updateweekly1, enabled:1, value: Weekly >>> ID: time, enabled:1, value: Wed Feb 03 14:10:00 2010 >>> ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: true >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: true >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> >>> Appearance settings: >>> ID: appearance, enabled:1 >>> ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource >>> ID: showtrayicon, enabled:1, value: true >>> ID: autoentertainmentmode, enabled:1, value: true >>> ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple >>> ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language >>> >>> Realtime protection settings: >>> ID: realtime, enabled:1 >>> ID: modules, enabled:1 >>> ID: processprotection, enabled:1, value: true >>> ID: registryprotection, enabled:1, value: true >>> ID: networkprotection, enabled:1, value: true >>> ID: layers, enabled:1 >>> ID: useantivirus, enabled:1, value: true >>> ID: usespywareheuristics, enabled:1, value: true >>> ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant >>> >>> >>> ****************************** System information ****************************** >>> Computer name: DELL8400JIM >>> Processor name: Intel® Pentium® 4 CPU 3.40GHz >>> Processor identifier: x86 Family 15 Model 3 Stepping 4 >>> Processor speed: ~3391MHZ >>> Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 772, number of processors 1, processor features: [MMX,SSE,SSE2] >>> Physical memory available: 607604736 bytes >>> Physical memory total: 1071742976 bytes >>> Virtual memory available: 1986260992 bytes >>> Virtual memory total: 2147352576 bytes >>> Memory load: 43% >>> Microsoft Windows XP Home Edition Service Pack 3 (build 2600) >>> Windows startup mode: >>> >>> Running processes: >>> PID: 572 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 796 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 820 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 864 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 876 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1068 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1132 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY >>> PID: 1376 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1412 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1552 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY >>> PID: 1664 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY >>> PID: 1948 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1320 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY >>> PID: 1348 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1364 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1672 name: C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1736 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 2036 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 464 name: C:\WINDOWS\system32\MsPMSPSv.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 3112 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY >>> PID: 868 name: C:\WINDOWS\explorer.exe owner: Jim domain: DELL8400JIM >>> PID: 504 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 3984 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 240 name: C:\WINDOWS\Explorer.EXE owner: Aurora domain: DELL8400JIM >>> PID: 1112 name: C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe owner: Aurora domain: DELL8400JIM >>> PID: 3376 name: C:\WINDOWS\system32\Rundll32.exe owner: Aurora domain: DELL8400JIM >>> PID: 3816 name: C:\WINDOWS\system32\dla\tfswctrl.exe owner: Aurora domain: DELL8400JIM >>> PID: 4008 name: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe owner: Aurora domain: DELL8400JIM >>> PID: 708 name: C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe owner: Aurora domain: DELL8400JIM >>> PID: 1268 name: C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe owner: Aurora domain: DELL8400JIM >>> PID: 740 name: C:\Program Files\QuickTime\QTTask.exe owner: Aurora domain: DELL8400JIM >>> PID: 3292 name: C:\Program Files\Messenger\msmsgs.exe owner: Aurora domain: DELL8400JIM >>> PID: 3932 name: C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe owner: Aurora domain: DELL8400JIM >>> PID: 144 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 748 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Aurora domain: DELL8400JIM >>> PID: 3740 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 2608 name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 736 name: \\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE owner: SYSTEM domain: NT AUTHORITY >>> PID: 1720 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Jim domain: DELL8400JIM >>> PID: 2796 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 368 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 3944 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Jim domain: DELL8400JIM >>> >>> Startup items: >>> Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} >>> imagepath: Browseui preloader >>> Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} >>> imagepath: Component Categories cache daemon >>> Name: {da3b49f6-8c54-4429-a275-21a86dcca413} >>> imagepath: admissibility >>> Name: PostBootReminder >>> imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} >>> Name: CDBurn >>> imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} >>> Name: WebCheck >>> imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} >>> Name: SysTray >>> imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} >>> Name: WPDShServiceObj >>> imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} >>> Name: CTSysVol >>> imagepath: C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r >>> Name: P17Helper >>> imagepath: Rundll32 P17.dll,P17Helper >>> Name: UpdReg >>> imagepath: C:\WINDOWS\UpdReg.EXE >>> Name: dla >>> imagepath: C:\WINDOWS\system32\dla\tfswctrl.exe >>> Name: HPDJ Taskbar Utility >>> imagepath: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe >>> Name: IAAnotif >>> imagepath: "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" >>> Name: Dell Photo AIO Printer 942 >>> imagepath: "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" >>> Name: DellMCM >>> Name: QuickTime Task >>> imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime >>> Name: iTunesHelper >>> imagepath: "C:\Program Files\iTunes\iTunesHelper.exe" >>> Name: Monitor >>> imagepath: "C:\Documents and Settings\Tyler\Shared\My Documents\LeapFrog Connect\Monitor.exe" >>> Name: SunJavaUpdateSched >>> imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe" >>> Name: >>> imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini >>> Name: >>> location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk >>> imagepath: C:\Program Files\Microsoft Office\Office\OSA9.EXE >>> >>> Bootexecute items: >>> Name: >>> imagepath: autocheck autochk * >>> Name: >>> imagepath: lsdelete >>> >>> Running services: >>> Name: ALG >>> displayname: Application Layer Gateway Service >>> Name: Apple Mobile Device >>> displayname: Apple Mobile Device >>> Name: AudioSrv >>> displayname: Windows Audio >>> Name: BITS >>> displayname: Background Intelligent Transfer Service >>> Name: Bonjour Service >>> displayname: Bonjour Service >>> Name: Browser >>> displayname: Computer Browser >>> Name: CryptSvc >>> displayname: Cryptographic Services >>> Name: DcomLaunch >>> displayname: DCOM Server Process Launcher >>> Name: Dhcp >>> displayname: DHCP Client >>> Name: Dnscache >>> displayname: DNS Client >>> Name: ERSvc >>> displayname: Error Reporting Service >>> Name: Eventlog >>> displayname: Event Log >>> Name: EventSystem >>> displayname: COM+ Event System >>> Name: FastUserSwitchingCompatibility >>> displayname: Fast User Switching Compatibility >>> Name: helpsvc >>> displayname: Help and Support >>> Name: HidServ >>> displayname: HID Input Service >>> Name: IAANTMON >>> displayname: Intel® Matrix Storage Event Monitor >>> Name: iPod Service >>> displayname: iPod Service >>> Name: JavaQuickStarterService >>> displayname: Java Quick Starter >>> Name: lanmanserver >>> displayname: Server >>> Name: lanmanworkstation >>> displayname: Workstation >>> Name: Lavasoft Ad-Aware Service >>> displayname: Lavasoft Ad-Aware Service >>> Name: LmHosts >>> displayname: TCP/IP NetBIOS Helper >>> Name: Netman >>> displayname: Network Connections >>> Name: Nla >>> displayname: Network Location Awareness (NLA) >>> Name: PlugPlay >>> displayname: Plug and Play >>> Name: PolicyAgent >>> displayname: IPSEC Services >>> Name: ProtectedStorage >>> displayname: Protected Storage >>> Name: RasMan >>> displayname: Remote Access Connection Manager >>> Name: RpcSs >>> displayname: Remote Procedure Call (RPC) >>> Name: SamSs >>> displayname: Security Accounts Manager >>> Name: Schedule >>> displayname: Task Scheduler >>> Name: seclogon >>> displayname: Secondary Logon >>> Name: SENS >>> displayname: System Event Notification >>> Name: SharedAccess >>> displayname: Windows Firewall/Internet Connection Sharing (ICS) >>> Name: ShellHWDetection >>> displayname: Shell Hardware Detection >>> Name: Spooler >>> displayname: Print Spooler >>> Name: srservice >>> displayname: System Restore Service >>> Name: SSDPSRV >>> displayname: SSDP Discovery Service >>> Name: stisvc >>> displayname: Windows Image Acquisition (WIA) >>> Name: TapiSrv >>> displayname: Telephony >>> Name: TermService >>> displayname: Terminal Services >>> Name: Themes >>> displayname: Themes >>> Name: TrkWks >>> displayname: Distributed Link Tracking Client >>> Name: W32Time >>> displayname: Windows Time >>> Name: WebClient >>> displayname: WebClient >>> Name: winmgmt >>> displayname: Windows Management Instrumentation >>> Name: WMDM PMSP Service >>> displayname: WMDM PMSP Service >>> Name: wscsvc >>> displayname: Security Center >>> Name: wuauserv >>> displayname: Automatic Updates >>> Name: WudfSvc >>> displayname: Windows Driver Foundation - User-mode Driver Framework >>> Name: WZCSVC >>> displayname: Wireless Zero Configuration >>> Name: clr_optimization_v2.0.50727_32 >>> displayname: .NET Runtime Optimization Service v2.0.50727_X86 >>> >>> MSG [1544] 2010/02/03 20:02:10: Configure new scan with profile: smart MSG [1544] 2010/02/03 20:02:10: -> scanning critical objects MSG [1544] 2010/02/03 20:02:10: -> scanning running processes MSG [1544] 2010/02/03 20:02:10: -> scanning registry MSG [1544] 2010/02/03 20:02:10: -> scanning lsp MSG [1544] 2010/02/03 20:02:10: -> scanning browser hijacks MSG [1544] 2010/02/03 20:02:10: -> scanning cookies MSG [1544] 2010/02/03 20:02:10: -> neutralizing rootkits MSG [1544] 2010/02/03 20:02:10: -> use mild rootkit detection MSG [1544] 2010/02/03 20:02:10: -> use spyware heuristics MSG [1544] 2010/02/03 20:02:10: -> use medium heuristics MSG [1544] 2010/02/03 20:02:10: -> scan only executables MSG [1544] 2010/02/03 20:02:10: -> file size limit = 20480 kB (0 = unlimited) ERR [1544] 2010/02/03 20:02:10: SDKController::GetInfectionList -> Not in found infections state ERR [1544] 2010/02/03 20:06:31: SDKController::StartScan -> Scan already in progress MSG [0620] 2010/02/03 20:08:50: Scan was completed in 400 seconds MSG [0620] 2010/02/03 20:08:50: Objects processed: 62989, infections detected: 1 MSG [2656] 2010/02/03 20:08:50: Remediating 1 infections MSG [2656] 2010/02/03 20:08:55: Reboot required to clean: c:\windows\system32\wmimgr32.dll MSG [2656] 2010/02/03 20:08:55: Infections quarantined: 1, removed: 0, repaired: 0 MSG [2656] 2010/02/03 20:08:55: Infections ignored by remediation: 0 (0 whitelisted, 0 skipped). MSG [1544] 2010/02/03 20:08:56: Dumping scan report: >>> Logfile created: 2/3/2010 20:02:10 >>> Lavasoft Ad-Aware version: 8.1.4 >>> Extended engine: 51618896 >>> Extended engine version: >>> User performing scan: Jim >>> >>> *********************** Definitions database information *********************** >>> Lavasoft definition file: 149.146 >>> Genotype definition file version: 2010/02/02 15:16:55 >>> >>> ******************************** Scan results: ********************************* >>> Scan profile name: Smart Scan (ID: smart) >>> Objects scanned: 62989 >>> Objects detected: 1 >>> >>> >>> Type Detected >>> ========================== >>> Processes.......: 1 >>> Registry entries: 0 >>> Hostfile entries: 0 >>> Files...........: 0 >>> Folders.........: 0 >>> LSPs............: 0 >>> Cookies.........: 0 >>> Browser hijacks.: 0 >>> MRU objects.....: 0 >>> >>> >>> >>> Quarantined items: >>> Description: c:\windows\system32\wmimgr32.dll Family Name: Win32.Worm.Mydoom Engine: 1 Clean status: Reboot required Item ID: 171382 Family ID: 4399 >>> >>> Scan and cleaning complete: Finished correctly after 400 seconds >>> >>> *********************************** Settings *********************************** >>> >>> Scan profile: >>> ID: smart, enabled:1, value: Smart Scan >>> ID: folderstoscan, enabled:1, value: >>> ID: useantivirus, enabled:1, value: true >>> ID: sections, enabled:1 >>> ID: scancriticalareas, enabled:1, value: true >>> ID: scanrunningapps, enabled:1, value: true >>> ID: scanregistry, enabled:1, value: true >>> ID: scanlsp, enabled:1, value: true >>> ID: scanads, enabled:1, value: false >>> ID: scanhostsfile, enabled:1, value: false >>> ID: scanmru, enabled:1, value: false >>> ID: scanbrowserhijacks, enabled:1, value: true >>> ID: scantrackingcookies, enabled:1, value: true >>> ID: closebrowsers, enabled:1, value: false >>> ID: filescanningoptions, enabled:1 >>> ID: archives, enabled:1, value: false >>> ID: onlyexecutables, enabled:1, value: true >>> ID: skiplargerthan, enabled:1, value: 20480 >>> ID: scanrootkits, enabled:1, value: true >>> ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict >>> ID: usespywareheuristics, enabled:1, value: true >>> >>> Scan global: >>> ID: global, enabled:1 >>> ID: addtocontextmenu, enabled:1, value: true >>> ID: playsoundoninfection, enabled:1, value: false >>> ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav >>> >>> Scheduled scan settings: >>> <Empty> >>> >>> Update settings: >>> ID: updates, enabled:1 >>> ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently >>> ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall >>> ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall >>> ID: schedules, enabled:1, value: true >>> ID: updatedaily1, enabled:1, value: Daily 1 >>> ID: time, enabled:1, value: Wed Feb 03 14:10:00 2010 >>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: false >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: false >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> ID: updatedaily2, enabled:1, value: Daily 2 >>> ID: time, enabled:1, value: Wed Feb 03 20:10:00 2010 >>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: false >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: false >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> ID: updatedaily3, enabled:1, value: Daily 3 >>> ID: time, enabled:1, value: Wed Feb 03 02:10:00 2010 >>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: false >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: false >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> ID: updatedaily4, enabled:1, value: Daily 4 >>> ID: time, enabled:1, value: Wed Feb 03 08:10:00 2010 >>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: false >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: false >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> ID: updateweekly1, enabled:1, value: Weekly >>> ID: time, enabled:1, value: Wed Feb 03 14:10:00 2010 >>> ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: true >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: true >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> >>> Appearance settings: >>> ID: appearance, enabled:1 >>> ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource >>> ID: showtrayicon, enabled:1, value: true >>> ID: autoentertainmentmode, enabled:1, value: true >>> ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple >>> ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language >>> >>> Realtime protection settings: >>> ID: realtime, enabled:1 >>> ID: modules, enabled:1 >>> ID: processprotection, enabled:1, value: true >>> ID: registryprotection, enabled:1, value: true >>> ID: networkprotection, enabled:1, value: true >>> ID: layers, enabled:1 >>> ID: useantivirus, enabled:1, value: true >>> ID: usespywareheuristics, enabled:1, value: true >>> ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant >>> >>> >>> ****************************** System information ****************************** >>> Computer name: DELL8400JIM >>> Processor name: Intel® Pentium® 4 CPU 3.40GHz >>> Processor identifier: x86 Family 15 Model 3 Stepping 4 >>> Processor speed: ~3391MHZ >>> Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 772, number of processors 1, processor features: [MMX,SSE,SSE2] >>> Physical memory available: 499863552 bytes >>> Physical memory total: 1071742976 bytes >>> Virtual memory available: 1963880448 bytes >>> Virtual memory total: 2147352576 bytes >>> Memory load: 53% >>> Microsoft Windows XP Home Edition Service Pack 3 (build 2600) >>> Windows startup mode: >>> >>> Running processes: >>> PID: 572 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 796 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 820 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 864 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 876 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1068 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1132 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY >>> PID: 1376 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1412 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1552 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY >>> PID: 1664 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY >>> PID: 1948 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1320 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY >>> PID: 1348 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1364 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1672 name: C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1736 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 2036 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 464 name: C:\WINDOWS\system32\MsPMSPSv.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 3112 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY >>> PID: 504 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 3984 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 240 name: C:\WINDOWS\Explorer.EXE owner: Aurora domain: DELL8400JIM >>> PID: 1112 name: C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe owner: Aurora domain: DELL8400JIM >>> PID: 3376 name: C:\WINDOWS\system32\Rundll32.exe owner: Aurora domain: DELL8400JIM >>> PID: 3816 name: C:\WINDOWS\system32\dla\tfswctrl.exe owner: Aurora domain: DELL8400JIM >>> PID: 4008 name: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe owner: Aurora domain: DELL8400JIM >>> PID: 708 name: C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe owner: Aurora domain: DELL8400JIM >>> PID: 1268 name: C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe owner: Aurora domain: DELL8400JIM >>> PID: 740 name: C:\Program Files\QuickTime\QTTask.exe owner: Aurora domain: DELL8400JIM >>> PID: 3292 name: C:\Program Files\Messenger\msmsgs.exe owner: Aurora domain: DELL8400JIM >>> PID: 3932 name: C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe owner: Aurora domain: DELL8400JIM >>> PID: 144 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 748 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Aurora domain: DELL8400JIM >>> PID: 3740 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 2608 name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1720 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Jim domain: DELL8400JIM >>> PID: 2796 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 368 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 3944 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Jim domain: DELL8400JIM >>> PID: 3792 name: C:\WINDOWS\explorer.exe owner: Jim domain: DELL8400JIM >>> PID: 2164 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe owner: Jim domain: DELL8400JIM >>> >>> Startup items: >>> Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} >>> imagepath: Browseui preloader >>> Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} >>> imagepath: Component Categories cache daemon >>> Name: {da3b49f6-8c54-4429-a275-21a86dcca413} >>> imagepath: admissibility >>> Name: PostBootReminder >>> imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} >>> Name: CDBurn >>> imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} >>> Name: WebCheck >>> imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} >>> Name: SysTray >>> imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} >>> Name: WPDShServiceObj >>> imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} >>> Name: CTSysVol >>> imagepath: C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r >>> Name: P17Helper >>> imagepath: Rundll32 P17.dll,P17Helper >>> Name: UpdReg >>> imagepath: C:\WINDOWS\UpdReg.EXE >>> Name: dla >>> imagepath: C:\WINDOWS\system32\dla\tfswctrl.exe >>> Name: HPDJ Taskbar Utility >>> imagepath: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe >>> Name: IAAnotif >>> imagepath: "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" >>> Name: Dell Photo AIO Printer 942 >>> imagepath: "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" >>> Name: DellMCM >>> Name: QuickTime Task >>> imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime >>> Name: iTunesHelper >>> imagepath: "C:\Program Files\iTunes\iTunesHelper.exe" >>> Name: Monitor >>> imagepath: "C:\Documents and Settings\Tyler\Shared\My Documents\LeapFrog Connect\Monitor.exe" >>> Name: SunJavaUpdateSched >>> imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe" >>> Name: >>> imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini >>> Name: >>> location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk >>> imagepath: C:\Program Files\Microsoft Office\Office\OSA9.EXE >>> >>> Bootexecute items: >>> Name: >>> imagepath: autocheck autochk * >>> Name: >>> imagepath: lsdelete >>> >>> Running services: >>> Name: ALG >>> displayname: Application Layer Gateway Service >>> Name: Apple Mobile Device >>> displayname: Apple Mobile Device >>> Name: AudioSrv >>> displayname: Windows Audio >>> Name: BITS >>> displayname: Background Intelligent Transfer Service >>> Name: Bonjour Service >>> displayname: Bonjour Service >>> Name: Browser >>> displayname: Computer Browser >>> Name: CryptSvc >>> displayname: Cryptographic Services >>> Name: DcomLaunch >>> displayname: DCOM Server Process Launcher >>> Name: Dhcp >>> displayname: DHCP Client >>> Name: Dnscache >>> displayname: DNS Client >>> Name: ERSvc >>> displayname: Error Reporting Service >>> Name: Eventlog >>> displayname: Event Log >>> Name: EventSystem >>> displayname: COM+ Event System >>> Name: FastUserSwitchingCompatibility >>> displayname: Fast User Switching Compatibility >>> Name: helpsvc >>> displayname: Help and Support >>> Name: HidServ >>> displayname: HID Input Service >>> Name: IAANTMON >>> displayname: Intel® Matrix Storage Event Monitor >>> Name: iPod Service >>> displayname: iPod Service >>> Name: JavaQuickStarterService >>> displayname: Java Quick Starter >>> Name: lanmanserver >>> displayname: Server >>> Name: lanmanworkstation >>> displayname: Workstation >>> Name: Lavasoft Ad-Aware Service >>> displayname: Lavasoft Ad-Aware Service >>> Name: LmHosts >>> displayname: TCP/IP NetBIOS Helper >>> Name: Netman >>> displayname: Network Connections >>> Name: Nla >>> displayname: Network Location Awareness (NLA) >>> Name: PlugPlay >>> displayname: Plug and Play >>> Name: PolicyAgent >>> displayname: IPSEC Services >>> Name: ProtectedStorage >>> displayname: Protected Storage >>> Name: RasMan >>> displayname: Remote Access Connection Manager >>> Name: RpcSs >>> displayname: Remote Procedure Call (RPC) >>> Name: SamSs >>> displayname: Security Accounts Manager >>> Name: Schedule >>> displayname: Task Scheduler >>> Name: seclogon >>> displayname: Secondary Logon >>> Name: SENS >>> displayname: System Event Notification >>> Name: SharedAccess >>> displayname: Windows Firewall/Internet Connection Sharing (ICS) >>> Name: ShellHWDetection >>> displayname: Shell Hardware Detection >>> Name: Spooler >>> displayname: Print Spooler >>> Name: srservice >>> displayname: System Restore Service >>> Name: SSDPSRV >>> displayname: SSDP Discovery Service >>> Name: stisvc >>> displayname: Windows Image Acquisition (WIA) >>> Name: TapiSrv >>> displayname: Telephony >>> Name: TermService >>> displayname: Terminal Services >>> Name: Themes >>> displayname: Themes >>> Name: TrkWks >>> displayname: Distributed Link Tracking Client >>> Name: W32Time >>> displayname: Windows Time >>> Name: WebClient >>> displayname: WebClient >>> Name: winmgmt >>> displayname: Windows Management Instrumentation >>> Name: WMDM PMSP Service >>> displayname: WMDM PMSP Service >>> Name: wscsvc >>> displayname: Security Center >>> Name: wuauserv >>> displayname: Automatic Updates >>> Name: WudfSvc >>> displayname: Windows Driver Foundation - User-mode Driver Framework >>> Name: WZCSVC >>> displayname: Wireless Zero Configuration >>> Name: clr_optimization_v2.0.50727_32 >>> displayname: .NET Runtime Optimization Service v2.0.50727_X86 >>> >>> MSG [1544] 2010/02/03 20:09:12: Configure new scan with profile: smart MSG [1544] 2010/02/03 20:09:12: -> scanning critical objects MSG [1544] 2010/02/03 20:09:12: -> scanning running processes MSG [1544] 2010/02/03 20:09:12: -> scanning registry MSG [1544] 2010/02/03 20:09:12: -> scanning lsp MSG [1544] 2010/02/03 20:09:12: -> scanning browser hijacks MSG [1544] 2010/02/03 20:09:12: -> scanning cookies MSG [1544] 2010/02/03 20:09:12: -> neutralizing rootkits MSG [1544] 2010/02/03 20:09:12: -> use mild rootkit detection MSG [1544] 2010/02/03 20:09:12: -> use spyware heuristics MSG [1544] 2010/02/03 20:09:12: -> use medium heuristics MSG [1544] 2010/02/03 20:09:12: -> scan only executables MSG [1544] 2010/02/03 20:09:12: -> file size limit = 20480 kB (0 = unlimited) ERR [1544] 2010/02/03 20:09:12: SDKController::GetInfectionList -> Not in found infections state MSG [2724] 2010/02/03 20:15:16: Scan was completed in 364 seconds MSG [2724] 2010/02/03 20:15:16: Objects processed: 61899, infections detected: 1 MSG [4024] 2010/02/03 20:15:16: Remediating 1 infections MSG [4024] 2010/02/03 20:15:19: Reboot required to clean: c:\windows\system32\wmimgr32.dll MSG [4024] 2010/02/03 20:15:19: Infections quarantined: 1, removed: 0, repaired: 0 MSG [4024] 2010/02/03 20:15:19: Infections ignored by remediation: 0 (0 whitelisted, 0 skipped). MSG [1544] 2010/02/03 20:15:20: Dumping scan report: >>> Logfile created: 2/3/2010 20:09:12 >>> Lavasoft Ad-Aware version: 8.1.4 >>> Extended engine: 51618896 >>> Extended engine version: >>> User performing scan: Jim >>> >>> *********************** Definitions database information *********************** >>> Lavasoft definition file: 149.146 >>> Genotype definition file version: 2010/02/02 15:16:55 >>> >>> ******************************** Scan results: ********************************* >>> Scan profile name: Smart Scan (ID: smart) >>> Objects scanned: 61899 >>> Objects detected: 1 >>> >>> >>> Type Detected >>> ========================== >>> Processes.......: 1 >>> Registry entries: 0 >>> Hostfile entries: 0 >>> Files...........: 0 >>> Folders.........: 0 >>> LSPs............: 0 >>> Cookies.........: 0 >>> Browser hijacks.: 0 >>> MRU objects.....: 0 >>> >>> >>> >>> Quarantined items: >>> Description: c:\windows\system32\wmimgr32.dll Family Name: Win32.Worm.Mydoom Engine: 1 Clean status: Reboot required Item ID: 171382 Family ID: 4399 >>> >>> Scan and cleaning complete: Finished correctly after 364 seconds >>> >>> *********************************** Settings *********************************** >>> >>> Scan profile: >>> ID: smart, enabled:1, value: Smart Scan >>> ID: folderstoscan, enabled:1, value: >>> ID: useantivirus, enabled:1, value: true >>> ID: sections, enabled:1 >>> ID: scancriticalareas, enabled:1, value: true >>> ID: scanrunningapps, enabled:1, value: true >>> ID: scanregistry, enabled:1, value: true >>> ID: scanlsp, enabled:1, value: true >>> ID: scanads, enabled:1, value: false >>> ID: scanhostsfile, enabled:1, value: false >>> ID: scanmru, enabled:1, value: false >>> ID: scanbrowserhijacks, enabled:1, value: true >>> ID: scantrackingcookies, enabled:1, value: true >>> ID: closebrowsers, enabled:1, value: false >>> ID: filescanningoptions, enabled:1 >>> ID: archives, enabled:1, value: false >>> ID: onlyexecutables, enabled:1, value: true >>> ID: skiplargerthan, enabled:1, value: 20480 >>> ID: scanrootkits, enabled:1, value: true >>> ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict >>> ID: usespywareheuristics, enabled:1, value: true >>> >>> Scan global: >>> ID: global, enabled:1 >>> ID: addtocontextmenu, enabled:1, value: true >>> ID: playsoundoninfection, enabled:1, value: false >>> ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav >>> >>> Scheduled scan settings: >>> <Empty> >>> >>> Update settings: >>> ID: updates, enabled:1 >>> ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently >>> ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall >>> ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall >>> ID: schedules, enabled:1, value: true >>> ID: updatedaily1, enabled:1, value: Daily 1 >>> ID: time, enabled:1, value: Wed Feb 03 14:10:00 2010 >>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: false >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: false >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> ID: updatedaily2, enabled:1, value: Daily 2 >>> ID: time, enabled:1, value: Wed Feb 03 20:10:00 2010 >>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: false >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: false >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> ID: updatedaily3, enabled:1, value: Daily 3 >>> ID: time, enabled:1, value: Wed Feb 03 02:10:00 2010 >>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: false >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: false >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> ID: updatedaily4, enabled:1, value: Daily 4 >>> ID: time, enabled:1, value: Wed Feb 03 08:10:00 2010 >>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: false >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: false >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> ID: updateweekly1, enabled:1, value: Weekly >>> ID: time, enabled:1, value: Wed Feb 03 14:10:00 2010 >>> ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly >>> ID: weekdays, enabled:1 >>> ID: monday, enabled:1, value: false >>> ID: tuesday, enabled:1, value: false >>> ID: wednesday, enabled:1, value: true >>> ID: thursday, enabled:1, value: false >>> ID: friday, enabled:1, value: false >>> ID: saturday, enabled:1, value: true >>> ID: sunday, enabled:1, value: false >>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 >>> ID: scanprofile, enabled:1, value: >>> ID: auto_deal_with_infections, enabled:1, value: false >>> >>> Appearance settings: >>> ID: appearance, enabled:1 >>> ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource >>> ID: showtrayicon, enabled:1, value: true >>> ID: autoentertainmentmode, enabled:1, value: true >>> ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple >>> ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language >>> >>> Realtime protection settings: >>> ID: realtime, enabled:1 >>> ID: modules, enabled:1 >>> ID: processprotection, enabled:1, value: true >>> ID: registryprotection, enabled:1, value: true >>> ID: networkprotection, enabled:1, value: true >>> ID: layers, enabled:1 >>> ID: useantivirus, enabled:1, value: true >>> ID: usespywareheuristics, enabled:1, value: true >>> ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant >>> >>> >>> ****************************** System information ****************************** >>> Computer name: DELL8400JIM >>> Processor name: Intel® Pentium® 4 CPU 3.40GHz >>> Processor identifier: x86 Family 15 Model 3 Stepping 4 >>> Processor speed: ~3391MHZ >>> Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 772, number of processors 1, processor features: [MMX,SSE,SSE2] >>> Physical memory available: 491114496 bytes >>> Physical memory total: 1071742976 bytes >>> Virtual memory available: 1959673856 bytes >>> Virtual memory total: 2147352576 bytes >>> Memory load: 54% >>> Microsoft Windows XP Home Edition Service Pack 3 (build 2600) >>> Windows startup mode: >>> >>> Running processes: >>> PID: 572 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 796 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 820 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 864 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 876 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1068 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1132 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY >>> PID: 1376 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1412 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1552 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY >>> PID: 1664 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY >>> PID: 1948 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1320 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY >>> PID: 1348 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1364 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1672 name: C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1736 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 2036 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 464 name: C:\WINDOWS\system32\MsPMSPSv.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 3112 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY >>> PID: 504 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 3984 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 240 name: C:\WINDOWS\Explorer.EXE owner: Aurora domain: DELL8400JIM >>> PID: 1112 name: C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe owner: Aurora domain: DELL8400JIM >>> PID: 3376 name: C:\WINDOWS\system32\Rundll32.exe owner: Aurora domain: DELL8400JIM >>> PID: 3816 name: C:\WINDOWS\system32\dla\tfswctrl.exe owner: Aurora domain: DELL8400JIM >>> PID: 4008 name: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe owner: Aurora domain: DELL8400JIM >>> PID: 708 name: C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe owner: Aurora domain: DELL8400JIM >>> PID: 1268 name: C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe owner: Aurora domain: DELL8400JIM >>> PID: 740 name: C:\Program Files\QuickTime\QTTask.exe owner: Aurora domain: DELL8400JIM >>> PID: 3292 name: C:\Program Files\Messenger\msmsgs.exe owner: Aurora domain: DELL8400JIM >>> PID: 3932 name: C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe owner: Aurora domain: DELL8400JIM >>> PID: 144 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 748 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Aurora domain: DELL8400JIM >>> PID: 3740 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 2608 name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 1720 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Jim domain: DELL8400JIM >>> PID: 2796 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 368 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY >>> PID: 3944 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Jim domain: DELL8400JIM >>> PID: 4032 name: C:\WINDOWS\explorer.exe owner: Jim domain: DELL8400JIM >>> PID: 2092 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe owner: Jim domain: DELL8400JIM >>> >>> Startup items: >>> Name: PostBootReminder >>> imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} >>> Name: CDBurn >>> imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} >>> Name: WebCheck >>> imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} >>> Name: SysTray >>> imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} >>> Name: WPDShServiceObj >>> imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} >>> Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} >>> imagepath: Browseui preloader >>> Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} >>> imagepath: Component Categories cache daemon >>> Name: {da3b49f6-8c54-4429-a275-21a86dcca413} >>> imagepath: admissibility >>> Name: CTSysVol >>> imagepath: C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r >>> Name: P17Helper >>> imagepath: Rundll32 P17.dll,P17Helper >>> Name: UpdReg >>> imagepath: C:\WINDOWS\UpdReg.EXE >>> Name: dla >>> imagepath: C:\WINDOWS\system32\dla\tfswctrl.exe >>> Name: HPDJ Taskbar Utility >>> imagepath: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe >>> Name: IAAnotif >>> imagepath: "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" >>> Name: Dell Photo AIO Printer 942 >>> imagepath: "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" >>> Name: DellMCM >>> Name: QuickTime Task >>> imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime >>> Name: iTunesHelper >>> imagepath: "C:\Program Files\iTunes\iTunesHelper.exe" >>> Name: Monitor >>> imagepath: "C:\Documents and Settings\Tyler\Shared\My Documents\LeapFrog Connect\Monitor.exe" >>> Name: SunJavaUpdateSched >>> imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe" >>> Name: >>> imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini >>> Name: >>> location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk >>> imagepath: C:\Program Files\Microsoft Office\Office\OSA9.EXE >>> >>> Bootexecute items: >>> Name: >>> imagepath: autocheck autochk * >>> Name: >>> imagepath: lsdelete >>> >>> Running services: >>> Name: ALG >>> displayname: Application Layer Gateway Service >>> Name: Apple Mobile Device >>> displayname: Apple Mobile Device >>> Name: AudioSrv >>> displayname: Windows Audio >>> Name: BITS >>> displayname: Background Intelligent Transfer Service >>> Name: Bonjour Service >>> displayname: Bonjour Service >>> Name: Browser >>> displayname: Computer Browser >>> Name: CryptSvc >>> displayname: Cryptographic Services >>> Name: DcomLaunch >>> displayname: DCOM Server Process Launcher >>> Name: Dhcp >>> displayname: DHCP Client >>> Name: Dnscache >>> displayname: DNS Client >>> Name: ERSvc >>> displayname: Error Reporting Service >>> Name: Eventlog >>> displayname: Event Log >>> Name: EventSystem >>> displayname: COM+ Event System >>> Name: FastUserSwitchingCompatibility >>> displayname: Fast User Switching Compatibility >>> Name: helpsvc >>> displayname: Help and Support >>> Name: HidServ >>> displayname: HID Input Service >>> Name: IAANTMON >>> displayname: Intel® Matrix Storage Event Monitor >>> Name: iPod Service >>> displayname: iPod Service >>> Name: JavaQuickStarterService >>> displayname: Java Quick Starter >>> Name: lanmanserver >>> displayname: Server >>> Name: lanmanworkstation >>> displayname: Workstation >>> Name: Lavasoft Ad-Aware Service >>> displayname: Lavasoft Ad-Aware Service >>> Name: LmHosts >>> displayname: TCP/IP NetBIOS Helper >>> Name: Netman >>> displayname: Network Connections >>> Name: Nla >>> displayname: Network Location Awareness (NLA) >>> Name: PlugPlay >>> displayname: Plug and Play >>> Name: PolicyAgent >>> displayname: IPSEC Services >>> Name: ProtectedStorage >>> displayname: Protected Storage >>> Name: RasMan >>> displayname: Remote Access Connection Manager >>> Name: RpcSs >>> displayname: Remote Procedure Call (RPC) >>> Name: SamSs >>> displayname: Security Accounts Manager >>> Name: Schedule >>> displayname: Task Scheduler >>> Name: seclogon >>> displayname: Secondary Logon >>> Name: SENS >>> displayname: System Event Notification >>> Name: SharedAccess >>> displayname: Windows Firewall/Internet Connection Sharing (ICS) >>> Name: ShellHWDetection >>> displayname: Shell Hardware Detection >>> Name: Spooler >>> displayname: Print Spooler >>> Name: srservice >>> displayname: System Restore Service >>> Name: SSDPSRV >>> displayname: SSDP Discovery Service >>> Name: stisvc >>> displayname: Windows Image Acquisition (WIA) >>> Name: TapiSrv >>> displayname: Telephony >>> Name: TermService >>> displayname: Terminal Services >>> Name: Themes >>> displayname: Themes >>> Name: TrkWks >>> displayname: Distributed Link Tracking Client >>> Name: W32Time >>> displayname: Windows Time >>> Name: WebClient >>> displayname: WebClient >>> Name: winmgmt >>> displayname: Windows Management Instrumentation >>> Name: WMDM PMSP Service >>> displayname: WMDM PMSP Service >>> Name: wscsvc >>> displayname: Security Center >>> Name: wuauserv >>> displayname: Automatic Updates >>> Name: WudfSvc >>> displayname: Windows Driver Foundation - User-mode Driver Framework >>> Name: WZCSVC >>> displayname: Wireless Zero Configuration >>> Name: clr_optimization_v2.0.50727_32 >>> displayname: .NET Runtime Optimization Service v2.0.50727_X86 >>> >>> MSG [1544] 2010/02/03 20:15:36: Configure new scan with profile: smart MSG [1544] 2010/02/03 20:15:36: -> scanning critical objects MSG [1544] 2010/02/03 20:15:36: -> scanning running processes MSG [1544] 2010/02/03 20:15:36: -> scanning registry MSG [1544] 2010/02/03 20:15:36: -> scanning lsp MSG [1544] 2010/02/03 20:15:36: -> scanning browser hijacks MSG [1544] 2010/02/03 20:15:36: -> scanning cookies MSG [1544] 2010/02/03 20:15:36: -> neutralizing rootkits MSG [1544] 2010/02/03 20:15:36: -> use mild rootkit detection MSG [1544] 2010/02/03 20:15:36: -> use spyware heuristics MSG [1544] 2010/02/03 20:15:36: -> use medium heuristics MSG [1544] 2010/02/03 20:15:36: -> scan only executables MSG [1544] 2010/02/03 20:15:36: -> file size limit = 20480 kB (0 = unlimited) ERR [1544] 2010/02/03 20:15:36: SDKController::GetInfectionList -> Not in found infections state ERR [1544] 2010/02/03 20:18:53: SDKController::StartScan -> Scan already in progress MSG [2440] 2010/02/03 20:21:29: Scan was completed in 353 seconds MSG [2440] 2010/02/03 20:21:29: Objects processed: 61904, infections detected: 1 --- Feb 7 2010 Just checking to make sure this is posted in the right spot...Can anyone help?
  14. Hi, I have been infected with a worm called MyDoom, which I see the new definitions can remove. My problem is that it isn't working. I scan, it cleans it, it says a Reboot is required. I reboot and it is back again. Is there something I am doing wrong? I just downloaded the new version of Ad-Aware Free and updated the definition files. It just isn't working. I have been using the free version of this product for several years and have loved it. I just can't figure this one out. Thanks in advance, Jim