Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

No idea where to start

Started by NAVYVET , Jun 06 2009 05:58 AM

Please log in to reply

#1
NAVYVET

Posted 06 June 2009 - 05:58 AM

Member

Member
18 posts

I am trying to clean out my girlfriends sons laptop. Every time I started it, it would get to the desktop and the screen would be flooded with boxes saying that Symantec was scanning email messages. So many, it would cover the screen. it wouldn't/won't allow em to download any kind of anti-virus or spyware removal tools. All I get is re-directed.

I made a Kaspersky anti virus bootable cd and ran that and it has made a HUGE difference. I was able to get to the desktop without the overload of Symantec blocks.

I then tried to install Avira Anti Virus. It goes through the install process and almost completes itself and then I get a setup error.
c:DOCUME~\THECHUC~1\LOCALS~!temp\RARsfxo\basic\setup.exe has been changed! Setup cannot continue.

Any app I have been able to install(and work) is because I downloaded it onto an external hard drive and then ran it fromt here on the laptop.

I was able to install spyware blaster and I updated it.

I installed SuperAntiSpyware BUT when I try to run it I get a "Super Anti Spyware Application has encountered a Problem and needs to close" error.

I installed ATF Cleaner and ran it with no problem. It deleted almost 98MB of trash.

I ran ROOTER with no problems.

I was able to install MalwareBytes BUT it won't run. I double click on the icon and I get nothing.
Spybot S&D is installed and it won't run as well. I double click and get nothing.

When I tried to search for and download any anti virus or spyware/malware tools it would redirect me to one of a hundred different pages. The when I ran the Kaspersky bootable A/V cd it allowed me to search for and try to get to an A/V or Spyware page BUT the web page stays blank and eventually stops. No error, no screen, no nothing. Just a blank page in the browser. This happened when I tried to get to Kaspersky's online scanner as well. I couldn't get to it either from a Google search OR typing the URL in the URL Bar, blank page.

Edited by NAVYVET, 06 June 2009 - 09:20 AM.

#2
kahdah

Posted 06 June 2009 - 09:44 AM

GeekU Teacher

Retired Staff
15,822 posts

Hello NAVYVET

Welcome to G2Go.

=====================

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

===========
Download This file. Note its name and save it to your root folder, such as C:\.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "Yes" to begin the scan.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

#3
NAVYVET

Posted 06 June 2009 - 11:42 AM

Member

Topic Starter
Member
18 posts

OTL logfile created on: 6/6/2009 12:30:23 PM - Run 1
OTL by OldTimer - Version 2.1.1.0
Folder = C:\Documents and Settings\THE Chuck\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.69% Memory free
2.60 Gb Paging File | 2.03 Gb Available in Paging File | 78.01% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.49 Gb Total Space | 16.59 Gb Free Space | 32.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREW
Current User Name: THE Chuck
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Internet Security\ISSVC.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
PRC - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\reader_s.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\THE Chuck\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccProxy [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
SRV - (ccPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (ISSVC [Auto | Running]) -- C:\Program Files\Norton Internet Security\ISSVC.exe (Symantec Corporation)
SRV - (lavasoft ad-aware service [Auto | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (navapsvc [Auto | Running]) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Dell Inc.)
SRV - (SAVScan [On_Demand | Stopped]) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
SRV - (SBService [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE (Symantec Corporation)
SRV - (SerialKeys [On_Demand | Stopped]) -- C:\WINDOWS\system32\skeys.exe (Microsoft Corporation)
SRV - (SNDSrvc [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (SymWSC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (2fbe2f99 [System | Stopped]) -- C:\WINDOWS\System32\drivers\2fbe2f99.sys ()
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Appdrv [On_Demand | Running]) -- C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (d38a41dc [System | Stopped]) -- C:\WINDOWS\System32\drivers\d38a41dc.sys ()
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070321.018\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070321.018\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\system32\DRIVERS\omci.sys (Dell Inc)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (SAVRT [On_Demand | Running]) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (STAC97 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20090506.001\symidsco.sys (Symantec Corporation)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (w29n51 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\mozilla firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/05 21:21:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/05 19:14:54 | 00,000,000 | ---D | M]

[2009/06/05 21:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THE Chuck Norris\Application Data\mozilla\Extensions
[2009/06/05 21:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THE Chuck Norris\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/05 21:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THE Chuck Norris\Application Data\mozilla\Firefox\Profiles\oo9nh9ph.default\extensions
[2005/12/30 12:27:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/05 19:14:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/24 00:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 00:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (178727 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 babe.the-killer.bz
O1 - Hosts: 127.0.0.1 www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1 babe.k-lined.com
O1 - Hosts: 127.0.0.1 www.babe.k-lined.com
O1 - Hosts: 127.0.0.1 did.i-used.cc
O1 - Hosts: 127.0.0.1 www.did.i-used.cc
O1 - Hosts: 127.0.0.1 coolwwwsearch.com
O1 - Hosts: 127.0.0.1 www.coolwwwsearch.com
O1 - Hosts: 127.0.0.1 coolwebsearch.com
O1 - Hosts: 127.0.0.1 www.coolwebsearch.com
O1 - Hosts: 127.0.0.1 hi.studioaperto.net
O1 - Hosts: 127.0.0.1 www.hi.studioaperto.net
O1 - Hosts: 127.0.0.1 wazzupnet.com
O1 - Hosts: 127.0.0.1 www.wazzupnet.com
O1 - Hosts: 127.0.0.1 gueb.com
O1 - Hosts: 127.0.0.1 www.gueb.com
O1 - Hosts: 127.0.0.1 kabex.com
O1 - Hosts: 127.0.0.1 www.kabex.com
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 miosearch.com
O1 - Hosts: 127.0.0.1 www.miosearch.com
O1 - Hosts: 127.0.0.1 blue-elefant.com
O1 - Hosts: 127.0.0.1 www.blue-elefant.com
O1 - Hosts: 6348 more lines...
O2 - BHO: () - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (MyWay.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (C:\WINDOWS\system32\he73hf9d.dll) - {a6c7b2a1-00f3-42bd-f434-00aaba2c8953} - C:\WINDOWS\system32\he73hf9d.dll File not found
O3 - HKLM\..\Toolbar: (Norton Internet Security) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" File not found
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Framework Windows] frmwrk32.exe File not found
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup File not found
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [pp] C:\windows\pp10.exe ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer (Symantec Corporation)
O4 - HKLM..\Run: [sysldtray] C:\windows\ld08.exe ()
O4 - HKLM..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Andyman\winlogon.exe File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [reader_s] C:\Documents and Settings\THE Chuck Norris\reader_s.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunServices: [p2p networking] p2pnetworking.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinn...rabblecubes.cab (ScrabbleCubes Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gsn.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} http://gamedownload....Plugin11USA.cab (ijjiPlugin2 Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinn...man/hangman.cab (Hangman Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {A6C7B2A1-00F3-42BD-F434-00AABA2C8953} - hasf8h3rfijfn98gf9iar - C:\WINDOWS\system32\he73hf9d.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 06:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\setup.exe -- [2008/04/13 20:12:34 | 00,043,520 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/06 12:28:44 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (sprecovr) - File not found
O34 - HKLM BootExecute: (\SystemRoot\sprecovr.txt) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/06/06 12:28:15 | 00,309,760 | ---- | C] () -- C:\j278wd7d.exe
[2009/06/06 12:26:49 | 00,524,288 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\THE Chuck\Desktop\OTL.exe
[2009/06/06 08:37:51 | 00,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2009/06/06 07:51:27 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\THE Chuck\Desktop\Spybot - Search & Destroy.lnk
[2009/06/06 07:46:03 | 00,001,614 | ---- | C] () -- C:\Documents and Settings\THE Chuck\Desktop\Mozilla Firefox.lnk
[2009/06/06 07:37:57 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/06 07:34:16 | 00,000,000 | ---D | C] -- C:\ATF Cleaner
[2009/06/06 07:30:10 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/06/06 07:22:49 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/06/06 07:16:52 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/06/06 07:16:51 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/06/06 07:16:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THE Chuck\Application Data\SUPERAntiSpyware.com
[2009/06/06 07:16:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/06/06 07:12:58 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\THE Chuck\Desktop\SpywareBlaster.lnk
[2009/06/06 07:12:57 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/06/05 21:29:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THE Chuck\Local Settings\Apps
[2009/06/05 21:23:16 | 30,075,904 | ---- | C] () -- C:\Documents and Settings\THE Chuck\Desktop\avira_antivir_personal_en.exe
[2009/06/05 21:23:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THE Chuck\Application Data\Adobe
[2009/06/05 21:21:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THE Chuck\Application Data\Mozilla
[2009/06/05 21:15:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\THE Chuck\Application Data\GTek
[2009/06/05 21:13:54 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\THE Chuck\Application Data\desktop.ini
[2009/06/05 21:13:52 | 00,001,298 | ---- | C] () -- C:\Documents and Settings\THE Chuck\Desktop\Media Center.lnk
[2009/06/05 21:13:50 | 00,000,087 | -HS- | C] () -- C:\Documents and Settings\THE Chuck\My Documents\desktop.ini
[2009/06/05 21:13:50 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\THE Chuck\Start Menu\Programs\Startup\desktop.ini
[2009/06/05 21:13:50 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\THE Chuck\Local Settings\desktop.ini
[2009/06/05 21:13:50 | 00,000,000 | --SD | C] -- C:\Documents and Settings\THE Chuck\Application Data\Microsoft
[2009/06/05 21:13:50 | 00,000,000 | R--D | C] -- C:\Documents and Settings\THE Chuck\My Documents\My Pictures
[2009/06/05 21:13:50 | 00,000,000 | R--D | C] -- C:\Documents and Settings\THE Chuck\My Documents\My Music
[2009/06/05 21:13:50 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\THE Chuck\Local Settings\Temporary Internet Files
[2009/06/05 21:13:50 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\THE Chuck\Local Settings\History
[2009/06/05 21:13:50 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\THE Chuck\Local Settings\Application Data
[2009/06/05 21:13:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THE Chuck\Local Settings\Temp
[2009/06/05 21:13:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THE Chuck\Application Data\Symantec
[2009/06/05 21:13:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THE Chuck\Application Data\Sun
[2009/06/05 21:13:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THE Chuck\Application Data\Macromedia
[2009/06/05 21:13:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THE Chuck\Application Data\Intel
[2009/06/05 21:13:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THE Chuck\Application Data\Identities
[2009/06/05 21:13:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THE Chuck\Application Data\AOL
[2009/06/05 20:49:09 | 21,468,93824 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/05 19:41:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/05 19:40:41 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/06/05 19:38:09 | 00,000,070 | -H-- | C] () -- C:\aaw7boot.cmd
[2009/06/05 19:14:55 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/06/05 19:05:31 | 00,037,888 | -H-- | C] () -- C:\WINDOWS\pp10.exe
[2009/05/19 22:02:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\2fbe2f99.sys
[2009/05/19 22:00:36 | 00,000,392 | ---- | C] () -- C:\WINDOWS\st_1242815320.exe
[2009/05/19 22:00:35 | 00,000,393 | ---- | C] () -- C:\WINDOWS\st_1242814738.exe
[2009/05/18 20:50:20 | 00,096,076 | ---- | C] () -- C:\WINDOWS\System32\drivers\784f0046.sys
[2009/05/18 20:29:42 | 00,036,352 | -H-- | C] () -- C:\WINDOWS\pp08.exe
[2009/05/18 20:15:21 | 00,096,076 | ---- | C] () -- C:\WINDOWS\System32\drivers\b7af2475.sys
[2009/05/18 20:04:59 | 00,039,936 | ---- | C] () -- C:\WINDOWS\st_1242699997.exe
[2009/05/18 19:35:08 | 00,096,076 | ---- | C] () -- C:\WINDOWS\System32\drivers\bdb38561.sys
[2009/05/18 19:24:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\790151
[2009/05/18 19:15:35 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/18 19:15:17 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/18 19:14:20 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/05/18 19:14:18 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/05/18 19:10:16 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/18 19:04:08 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/05/18 19:02:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\st_1242706221.exe
[2009/05/18 19:02:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\st_1242687791.exe
[2009/05/17 09:55:32 | 00,037,376 | ---- | C] () -- C:\WINDOWS\st_1242586998.exe
[2009/05/15 07:30:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\st_1242405488.exe
[2009/05/15 07:30:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\st_1242387062.exe
[2009/05/15 07:12:25 | 00,035,328 | -H-- | C] () -- C:\WINDOWS\pp06.exe
[2009/05/15 07:12:25 | 00,000,001 | ---- | C] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/05/15 07:12:24 | 00,037,376 | ---- | C] () -- C:\WINDOWS\System32\SYS32DLL.exe
[2009/05/15 07:12:24 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\t55ft3188f44.dat
[2009/05/15 07:12:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\796525
[2009/05/15 07:12:11 | 00,039,424 | -H-- | C] () -- C:\WINDOWS\ld08.exe
[2009/05/15 07:12:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\d38a41dc.sys
[2009/05/15 07:12:09 | 00,060,929 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reader_s.exe
[2009/05/15 07:11:56 | 00,000,002 | ---- | C] () -- C:\-125320776
[2009/05/15 07:11:51 | 00,004,785 | ---- | C] () -- C:\WINDOWS\System32\warning.gif
[2009/05/15 07:11:51 | 00,001,400 | ---- | C] () -- C:\WINDOWS\System32\ahtn.htm
[2009/05/15 07:11:45 | 00,125,440 | ---- | C] () -- C:\WINDOWS\System32\ntdll64.exe
[2009/05/15 07:11:43 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2009/05/08 17:40:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/05/08 07:08:07 | 00,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2009/05/08 07:01:16 | 00,001,887 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2009/05/08 07:01:16 | 00,001,887 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2009/03/08 16:40:55 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/03/08 16:40:53 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/11/05 10:18:44 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/06/12 23:52:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\MSVolume.dll
[2007/11/26 21:56:28 | 00,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/11/14 04:04:02 | 00,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/10/21 21:01:12 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/07/06 20:08:29 | 00,000,033 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2006/11/01 02:54:30 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/01 02:52:38 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/04/18 17:48:39 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\D2EDFC40D0.sys
[2006/04/13 21:17:38 | 00,000,056 | ---- | C] () -- C:\WINDOWS\System32\D040FCEDD2.sys
[2006/04/13 21:17:37 | 00,003,558 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/30 23:18:49 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/15 23:08:13 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/15 23:01:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/15 22:51:14 | 00,000,402 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/15 22:17:38 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/12/15 22:16:50 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 06:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 06:18:43 | 00,000,546 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 06:18:41 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 16:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/11 11:47:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll

========== Files - Modified Within 30 Days ==========

[2009/06/06 12:28:15 | 00,309,760 | ---- | M] () -- C:\j278wd7d.exe
[2009/06/06 12:26:50 | 00,524,288 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\THE Chuck\Desktop\OTL.exe
[2009/06/06 11:06:59 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/06 11:05:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/06 11:05:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\THE Chuck\Local Settings\desktop.ini
[2009/06/06 11:04:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/06 11:04:32 | 21,468,93824 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/06 07:51:27 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\THE Chuck\Desktop\Spybot - Search & Destroy.lnk
[2009/06/06 07:46:03 | 00,001,614 | ---- | M] () -- C:\Documents and Settings\THE Chuck\Desktop\Mozilla Firefox.lnk
[2009/06/06 07:16:52 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/06/06 07:12:58 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\THE Chuck\Desktop\SpywareBlaster.lnk
[2009/06/05 21:23:34 | 30,075,904 | ---- | M] () -- C:\Documents and Settings\THE Chuck\Desktop\avira_antivir_personal_en.exe
[2009/06/05 21:14:52 | 00,000,087 | -HS- | M] () -- C:\Documents and Settings\THE Chuck\My Documents\desktop.ini
[2009/06/05 21:05:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\d38a41dc.sys
[2009/06/05 21:05:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\2fbe2f99.sys
[2009/06/05 19:38:14 | 00,000,070 | -H-- | M] () -- C:\aaw7boot.cmd
[2009/06/05 19:14:55 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/06/05 19:05:31 | 00,037,888 | -H-- | M] () -- C:\WINDOWS\pp10.exe
[2009/05/19 22:02:01 | 00,000,002 | ---- | M] () -- C:\-125320776
[2009/05/19 22:00:36 | 00,000,392 | ---- | M] () -- C:\WINDOWS\st_1242815320.exe
[2009/05/19 22:00:35 | 00,000,393 | ---- | M] () -- C:\WINDOWS\st_1242814738.exe
[2009/05/19 21:39:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/18 21:18:52 | 00,096,076 | ---- | M] () -- C:\WINDOWS\System32\drivers\784f0046.sys
[2009/05/18 21:04:00 | 00,036,352 | -H-- | M] () -- C:\WINDOWS\pp08.exe
[2009/05/18 20:50:26 | 00,001,400 | ---- | M] () -- C:\WINDOWS\System32\ahtn.htm
[2009/05/18 20:50:24 | 00,004,785 | ---- | M] () -- C:\WINDOWS\System32\warning.gif
[2009/05/18 20:50:02 | 00,125,440 | ---- | M] () -- C:\WINDOWS\System32\ntdll64.exe
[2009/05/18 20:32:06 | 00,096,076 | ---- | M] () -- C:\WINDOWS\System32\drivers\b7af2475.sys
[2009/05/18 20:04:59 | 00,039,936 | ---- | M] () -- C:\WINDOWS\st_1242699997.exe
[2009/05/18 19:38:38 | 00,096,076 | ---- | M] () -- C:\WINDOWS\System32\drivers\bdb38561.sys
[2009/05/18 19:15:35 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/18 19:14:18 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/05/18 19:04:08 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/05/18 19:04:08 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/05/18 19:02:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\st_1242706221.exe
[2009/05/18 19:02:34 | 00,000,000 | ---- | M] () -- C:\WINDOWS\st_1242687791.exe
[2009/05/17 09:55:32 | 00,037,376 | ---- | M] () -- C:\WINDOWS\st_1242586998.exe
[2009/05/15 07:30:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\st_1242405488.exe
[2009/05/15 07:30:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\st_1242387062.exe
[2009/05/15 07:12:25 | 00,035,328 | -H-- | M] () -- C:\WINDOWS\pp06.exe
[2009/05/15 07:12:25 | 00,000,001 | ---- | M] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/05/15 07:12:24 | 00,000,002 | -H-- | M] () -- C:\WINDOWS\t55ft3188f44.dat
[2009/05/15 07:12:23 | 00,037,376 | ---- | M] () -- C:\WINDOWS\System32\SYS32DLL.exe
[2009/05/15 07:12:11 | 00,039,424 | -H-- | M] () -- C:\WINDOWS\ld08.exe
[2009/05/15 07:12:09 | 00,060,929 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\reader_s.exe
[2009/05/15 07:11:43 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009/05/08 20:00:00 | 00,000,552 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Andyman.job
[2009/05/08 15:45:09 | 00,001,887 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2009/05/08 15:45:09 | 00,001,887 | ---- | M] () -- C:\WINDOWS\diagerr.xml

========== LOP Check ==========

[2009/06/06 08:52:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/16 00:22:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/05/18 19:14:20 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/08 17:32:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/11/13 08:02:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2005/12/30 23:19:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2007/07/03 20:27:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2006/10/30 23:14:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/03/26 15:57:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/05/03 11:06:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/03/02 10:53:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008/01/22 08:59:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/03/18 13:30:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2007/05/29 00:26:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/01/13 07:56:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2007/07/07 07:22:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2005/12/15 22:57:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2005/12/15 22:51:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2005/12/15 22:41:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2005/12/15 22:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/06/12 22:28:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2007/01/20 01:02:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2009/03/09 16:39:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/03/18 19:14:53 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/11/17 23:18:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Games
[2007/09/07 16:33:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/12/27 10:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2005/12/15 22:48:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2009/06/06 07:52:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/01/22 09:04:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2005/12/15 22:56:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/06/06 11:36:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/07/25 13:28:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2007/06/11 20:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/06/06 07:16:51 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\THE Chuck\Application Data
[2009/06/05 21:23:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THE Chuck\Application Data\Adobe
[2005/12/30 23:19:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THE Chuck\Application Data\AOL
[2009/06/05 21:15:09 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\THE Chuck\Application Data\GTek
[2005/08/16 06:50:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THE Chuck\Application Data\Identities
[2005/12/15 22:41:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THE Chuck\Application Data\Intel
[2005/12/15 23:02:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THE Chuck\Application Data\Macromedia
[2005/12/15 22:40:53 | 00,000,000 | --SD | M] -- C:\Documents and Settings\THE Chuck\Application Data\Microsoft
[2009/06/05 21:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THE Chuck\Application Data\Mozilla
[2005/12/15 22:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THE Chuck\Application Data\Sun
[2009/06/06 07:16:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THE Chuck\Application Data\SUPERAntiSpyware.com
[2005/12/15 22:53:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THE Chuck\Application Data\Symantec
[2009/05/18 19:15:35 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/05/19 21:39:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/08 20:00:00 | 00,000,552 | ---- | M] () -- C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Andyman.job
[2009/06/06 11:05:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 346 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

OTL Extras logfile created on: 6/6/2009 12:30:23 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\THE Chuck\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.69% Memory free
2.60 Gb Paging File | 2.03 Gb Available in Paging File | 78.01% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.49 Gb Total Space | 16.59 Gb Free Space | 32.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREW
Current User Name: THE Chuck
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"80:TCP" = 80:TCP:*:Enabled:SYS32DLL
"7171:TCP" = 7171:TCP:*:Enabled:SYS32DLL

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 File not found
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL File not found
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA File not found
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA (BitTorrent, Inc.)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 File not found
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) File not found
C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable File not found
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent (BitTorrent, Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1 (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{29D3773E-54F4-23C2-D523-236A4453B844}_is1" = FileAlyzer
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3B29A786-5803-4e9e-9B58-3014A5B4E519}" = Norton AntiSpam
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5677563D-0CB1-485f-9E18-C5025306BB3F}" = Norton AntiSpam
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9743AF47-B746-4324-B4C4-512E67D04370}" = Symantec Technical Support Web Controls
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{D8F6834B-D5E7-4451-8681-B051ABD8561D}" = ccCommon
"{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}" = CC_ccProxyExt
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FC08587A-4F01-4188-819F-F55880022917}" = ccPxyCore
"{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"erunt_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"mozilla firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MS-MPEG4" = Microsoft MPEG-4 VKI Video Codec V1/V2/V3
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2005 (Symantec Corporation)
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"xvid" = XviD MPEG-4 Video Codec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/6/2009 7:11:02 AM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/6/2009 7:17:05 AM | Computer Name = ANDREW | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.26.0.1004, faulting
module superantispyware.exe, version 4.26.0.1004, fault address 0x0008a7a3.

Error - 6/6/2009 7:17:15 AM | Computer Name = ANDREW | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.26.0.1004, faulting
module superantispyware.exe, version 4.26.0.1004, fault address 0x0008a7a3.

Error - 6/6/2009 7:17:34 AM | Computer Name = ANDREW | Source = Application Error | ID = 1001
Description = Fault bucket 1292266010.

Error - 6/6/2009 7:19:45 AM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/6/2009 7:19:45 AM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/6/2009 7:31:44 AM | Computer Name = ANDREW | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.26.0.1004, faulting
module superantispyware.exe, version 4.26.0.1004, fault address 0x0008a7a3.

Error - 6/6/2009 7:33:14 AM | Computer Name = ANDREW | Source = Application Error | ID = 1001
Description = Fault bucket 1292266010.

Error - 6/6/2009 7:49:16 AM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/6/2009 7:49:16 AM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 6/5/2009 9:14:30 PM | Computer Name = ANDREW | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 6/5/2009 9:15:35 PM | Computer Name = ANDREW | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 6/5/2009 9:18:52 PM | Computer Name = ANDREW | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/6/2009 7:05:47 AM | Computer Name = ANDREW_AHLQUIST | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Intuit Internal Printer share
name Printer.

Error - 6/6/2009 7:05:48 AM | Computer Name = ANDREW | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 6/6/2009 7:06:07 AM | Computer Name = ANDREW | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 6/6/2009 7:10:49 AM | Computer Name = ANDREW | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SymWSC service.

Error - 6/6/2009 7:10:58 AM | Computer Name = ANDREW | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 6/6/2009 8:41:44 AM | Computer Name = ANDREW | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 6/6/2009 8:41:44 AM | Computer Name = ANDREW | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

< End of report >

#4
kahdah

Posted 06 June 2009 - 11:58 AM

GeekU Teacher

Retired Staff
15,822 posts

Hi you mentioned that you ran the Kaspersky Bootable cd did it find anything called Virut?

#5
NAVYVET

Posted 06 June 2009 - 03:02 PM

Member

Topic Starter
Member
18 posts

As far as Kaspersky finding Virut, I don't believe so but I couldn't be positive.

Edited by NAVYVET, 06 June 2009 - 05:08 PM.

#6
NAVYVET

Posted 06 June 2009 - 05:14 PM

Member

Topic Starter
Member
18 posts

It tells me there is too much information so I will have to break it up.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-06 16:56:52
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

INT 0x62 ? 8A5D7BF8
INT 0x63 ? 8A4D5F00
INT 0x82 ? 8A5D7BF8
INT 0x83 ? 8A4D5F00
INT 0x83 ? 8A4D5F00
INT 0xB4 ? 8A4D5F00
INT 0xB4 ? 8A4D5F00

Code 8A23C240 ZwEnumerateKey
Code 8A0D5200 ZwFlushInstructionCache
Code 8A39FEBE IofCallDriver
Code 8A39F61E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 8A39FEC3
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 8A39F623
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP 8A0D5204
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB70 5 Bytes JMP 8A23C244
? spwe.sys The system cannot find the file specified. !
.reloc C:\WINDOWS\system32\drivers\NDIS.sys section is executable [0x8A479200, 0x32AAA, 0xE0000060]
.text USBPORT.SYS!DllUnload B9AF38AC 5 Bytes JMP 8A4D54E0

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[180] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[180] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[180] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[180] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[180] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[180] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[180] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0064000A
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[180] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0065000A
.text C:\WINDOWS\eHome\ehmsas.exe[204] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\eHome\ehmsas.exe[204] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\eHome\ehmsas.exe[204] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\eHome\ehmsas.exe[204] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\eHome\ehmsas.exe[204] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\eHome\ehmsas.exe[204] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\eHome\ehmsas.exe[204] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0087000A
.text C:\WINDOWS\eHome\ehmsas.exe[204] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0088000A
.text C:\WINDOWS\system32\svchost.exe[284] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[284] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[540] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[540] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[540] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[540] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[540] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[540] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[540] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006C000A
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[540] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006D000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[584] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[584] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[584] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[584] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[584] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[584] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[584] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006D000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[584] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006E000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[636] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Bonjour\mDNSResponder.exe[636] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Bonjour\mDNSResponder.exe[636] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Bonjour\mDNSResponder.exe[636] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Bonjour\mDNSResponder.exe[636] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Bonjour\mDNSResponder.exe[636] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Bonjour\mDNSResponder.exe[636] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0071000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[636] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\cisvc.exe[680] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\cisvc.exe[680] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\cisvc.exe[680] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\cisvc.exe[680] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\cisvc.exe[680] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\cisvc.exe[680] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\cisvc.exe[680] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\cisvc.exe[680] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009C000A
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[684] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[684] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[684] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[684] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[684] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[684] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[684] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008B000A
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[684] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008C000A
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\Ati2evxx.exe[692] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0099000A
.text C:\WINDOWS\Explorer.EXE[784] Explorer.EXE 0101A57C 4 Bytes [FF, 15, 1C, 11]
.text C:\WINDOWS\Explorer.EXE[784] C:\WINDOWS\Explorer.EXE section is writeable [0x01001000, 0x44C09, 0xE0000060]
.reloc C:\WINDOWS\Explorer.EXE[784] C:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0x8800, 0xE0000040]
.text C:\WINDOWS\Explorer.EXE[784] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\Explorer.EXE[784] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\Explorer.EXE[784] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\Explorer.EXE[784] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\Explorer.EXE[784] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\Explorer.EXE[784] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\Explorer.EXE[784] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C0000A
.text C:\WINDOWS\Explorer.EXE[784] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[936] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\services.exe[936] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\services.exe[936] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\services.exe[936] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\services.exe[936] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\services.exe[936] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\services.exe[936] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\services.exe[936] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\lsass.exe[960] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FF94778
.text C:\WINDOWS\system32\lsass.exe[960] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FF94807
.text C:\WINDOWS\system32\lsass.exe[960] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FF94814
.text C:\WINDOWS\system32\lsass.exe[960] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FF94A8E
.text C:\WINDOWS\system32\lsass.exe[960] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FF947FD
.text C:\WINDOWS\system32\lsass.exe[960] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FF94855
.text C:\WINDOWS\system32\lsass.exe[960] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\lsass.exe[960] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1128] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\Ati2evxx.exe[1128] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\Ati2evxx.exe[1128] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\Ati2evxx.exe[1128] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\Ati2evxx.exe[1128] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\Ati2evxx.exe[1128] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\Ati2evxx.exe[1128] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1128] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\svchost.exe[1164] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1164] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1268] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1268] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1268] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1268] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1268] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1268] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1268] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007F000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1268] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0082000A
.text C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1312] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\System32\svchost.exe[1356] C:\WINDOWS\System32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\System32\svchost.exe[1356] C:\WINDOWS\System32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\svchost.exe[1456] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1456] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\svchost.exe[1568] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[1568] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\ctfmon.exe[1632] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0099000A
.text C:\WINDOWS\eHome\ehRecvr.exe[1652] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\eHome\ehRecvr.exe[1652] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\eHome\ehRecvr.exe[1652] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\eHome\ehRecvr.exe[1652] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\eHome\ehRecvr.exe[1652] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\eHome\ehRecvr.exe[1652] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\eHome\ehRecvr.exe[1652] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0062000A
.text C:\WINDOWS\eHome\ehRecvr.exe[1652] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0063000A
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1772] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1772] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1772] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1772] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1772] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1772] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1772] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1772] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0094000A
.text C:\WINDOWS\System32\bcmwltry.exe[1788] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\System32\bcmwltry.exe[1788] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\System32\bcmwltry.exe[1788] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\System32\bcmwltry.exe[1788] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\System32\bcmwltry.exe[1788] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\System32\bcmwltry.exe[1788] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\System32\bcmwltry.exe[1788] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D8000A
.text C:\WINDOWS\System32\bcmwltry.exe[1788] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D9000A
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1808] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1808] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1808] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1808] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1808] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1808] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1808] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008E000A
.text C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[1808] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008F000A
.text C:\WINDOWS\eHome\ehSched.exe[1844] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\eHome\ehSched.exe[1844] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\eHome\ehSched.exe[1844] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\eHome\ehSched.exe[1844] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\eHome\ehSched.exe[1844] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\eHome\ehSched.exe[1844] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\eHome\ehSched.exe[1844] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0060000A
.text C:\WINDOWS\eHome\ehSched.exe[1844] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0061000A
.text C:\WINDOWS\system32\spoolsv.exe[1848] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\spoolsv.exe[1848] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\spoolsv.exe[1848] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\spoolsv.exe[1848] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\spoolsv.exe[1848] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\spoolsv.exe[1848] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\spoolsv.exe[1848] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\spoolsv.exe[1848] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0098000A
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1872] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1872] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1872] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1872] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1872] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1872] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1872] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006F000A
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[1872] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0071000A
.text C:\Program Files\Norton Internet Security\ISSVC.exe[1932] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Norton Internet Security\ISSVC.exe[1932] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Norton Internet Security\ISSVC.exe[1932] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Norton Internet Security\ISSVC.exe[1932] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Norton Internet Security\ISSVC.exe[1932] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Norton Internet Security\ISSVC.exe[1932] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Norton Internet Security\ISSVC.exe[1932] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006F000A
.text C:\Program Files\Norton Internet Security\ISSVC.exe[1932] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0070000A
.text C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe[2012] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe[2012] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe[2012] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe[2012] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe[2012] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe[2012] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe[2012] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0071000A
.text C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe[2012] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0072000A
.text C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[2088] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[2088] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[2088] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[2088] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[2088] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[2088] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[2088] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0083000A
.text C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[2088] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0084000A
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[2172] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[2172] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[2172] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[2172] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[2172] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[2172] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[2172] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009D000A
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[2172] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009E000A
.text C:\Program Files\Apoint\Apntex.exe[2296] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Apoint\Apntex.exe[2296] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Apoint\Apntex.exe[2296] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Apoint\Apntex.exe[2296] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Apoint\Apntex.exe[2296] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Apoint\Apntex.exe[2296] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Apoint\Apntex.exe[2296] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes JMP 0092000A
.text C:\Program Files\Apoint\Apntex.exe[2296] ntdll.dll!LdrLoadDll + 4 7C9163C7 1 Byte [84]
.text C:\Program Files\Apoint\Apntex.exe[2296] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[2328] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[2328] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[2328] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[2328] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[2328] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[2328] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[2328] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[2328] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\svchost.exe[2344] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[2344] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[2344] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[2344] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[2344] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[2344] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[2344] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[2344] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2364] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2364] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2364] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2364] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2364] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2364] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2364] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009E000A
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2364] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009F000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2408] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2408] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2408] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2408] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2408] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2408] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2408] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0093000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2408] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0094000A
.text C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe[2468] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe[2468] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe[2468] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe[2468] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe[2468] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe[2468] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe[2468] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B5000A
.text C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe[2468] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B6000A
.text C:\WINDOWS\ehome\mcrdsvc.exe[2488] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\ehome\mcrdsvc.exe[2488] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\ehome\mcrdsvc.exe[2488] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\ehome\mcrdsvc.exe[2488] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\ehome\mcrdsvc.exe[2488] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\ehome\mcrdsvc.exe[2488] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\ehome\mcrdsvc.exe[2488] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0060000A
.text C:\WINDOWS\ehome\mcrdsvc.exe[2488] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0061000A
.text C:\j278wd7d.exe[2504] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\j278wd7d.exe[2504] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\j278wd7d.exe[2504] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\j278wd7d.exe[2504] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\j278wd7d.exe[2504] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\j278wd7d.exe[2504] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\j278wd7d.exe[2504] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009E000A
.text C:\j278wd7d.exe[2504] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009F000A
.text C:\WINDOWS\System32\alg.exe[2564] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\System32\alg.exe[2564] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\System32\alg.exe[2564] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\System32\alg.exe[2564] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\System32\alg.exe[2564] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\System32\alg.exe[2564] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\System32\alg.exe[2564] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\alg.exe[2564] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0070000A
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2668] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2668] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2668] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2668] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2668] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2668] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2668] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0070000A
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[2668] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0072000A
.text C:\WINDOWS\System32\reader_s.exe[2952] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\System32\reader_s.exe[2952] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\System32\reader_s.exe[2952] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\System32\reader_s.exe[2952] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\System32\reader_s.exe[2952] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\System32\reader_s.exe[2952] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\System32\reader_s.exe[2952] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\reader_s.exe[2952] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0094000A
.text C:\WINDOWS\system32\WLTRAY.exe[2960] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\WLTRAY.exe[2960] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\WLTRAY.exe[2960] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\WLTRAY.exe[2960] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\WLTRAY.exe[2960] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\WLTRAY.exe[2960] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\WLTRAY.exe[2960] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B4000A
.text C:\WINDOWS\system32\WLTRAY.exe[2960] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B5000A
.text C:\Program Files\iTunes\iTunesHelper.exe[3028] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\iTunes\iTunesHelper.exe[3028] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\iTunes\iTunesHelper.exe[3028] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\iTunes\iTunesHelper.exe[3028] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\iTunes\iTunesHelper.exe[3028] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\iTunes\iTunesHelper.exe[3028] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\iTunes\iTunesHelper.exe[3028] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00BB000A
.text C:\Program Files\iTunes\iTunesHelper.exe[3028] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00BC000A
? C:\WINDOWS\System32\svchost.exe[3212] number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[3212] C:\WINDOWS\System32\svchost.exe section is writeable [0x00401000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\System32\svchost.exe[3212] C:\WINDOWS\System32\svchost.exe section is executable [0x00405000, 0x5600, 0xE0000040]
.text C:\WINDOWS\System32\svchost.exe[3212] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\System32\svchost.exe[3212] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\System32\svchost.exe[3212] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\System32\svchost.exe[3212] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\System32\svchost.exe[3212] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\System32\svchost.exe[3212] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
? C:\WINDOWS\System32\svchost.exe[3220] number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[3220] C:\WINDOWS\System32\svchost.exe section is writeable [0x00401000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\System32\svchost.exe[3220] C:\WINDOWS\System32\svchost.exe section is executable [0x00405000, 0x5600, 0xE0000040]
.text C:\WINDOWS\System32\svchost.exe[3220] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\System32\svchost.exe[3220] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\System32\svchost.exe[3220] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\System32\svchost.exe[3220] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\System32\svchost.exe[3220] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\System32\svchost.exe[3220] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
? C:\WINDOWS\System32\svchost.exe[3248] number of sections mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[3248] C:\WINDOWS\System32\svchost.exe section is writeable [0x00401000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\System32\svchost.exe[3248] C:\WINDOWS\System32\svchost.exe section is executable [0x00405000, 0x5600, 0xE0000040]
.text C:\WINDOWS\System32\svchost.exe[3248] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\System32\svchost.exe[3248] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\System32\svchost.exe[3248] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\System32\svchost.exe[3248] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\System32\svchost.exe[3248] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\System32\svchost.exe[3248] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\ehome\ehtray.exe[3268] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\ehome\ehtray.exe[3268] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\ehome\ehtray.exe[3268] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\ehome\ehtray.exe[3268] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\ehome\ehtray.exe[3268] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\ehome\ehtray.exe[3268] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\ehome\ehtray.exe[3268] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A8000A
.text C:\WINDOWS\ehome\ehtray.exe[3268] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A9000A
.text C:\Program Files\Apoint\Apoint.exe[3972] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Apoint\Apoint.exe[3972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Apoint\Apoint.exe[3972] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Apoint\Apoint.exe[3972] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Apoint\Apoint.exe[3972] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Apoint\Apoint.exe[3972] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Apoint\Apoint.exe[3972] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A0000A
.text C:\Program Files\Apoint\Apoint.exe[3972] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A1000A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3984] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3984] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3984] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3984] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3984] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3984] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3984] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3984] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009C000A
.text C:\WINDOWS\system32\cidaemon.exe[4176] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\cidaemon.exe[4176] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\cidaemon.exe[4176] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\cidaemon.exe[4176] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\cidaemon.exe[4176] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\cidaemon.exe[4176] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\cidaemon.exe[4176] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\cidaemon.exe[4176] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009C000A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4276] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4276] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4276] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4276] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4276] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4276] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4276] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00DB000A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4276] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00DC000A
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe[4400] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe[4400] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe[4400] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe[4400] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe[4400] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe[4400] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe[4400] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A
.text C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe[4400] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009C000A
.text C:\Program Files\Digital Line Detect\DLG.exe[4584] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Digital Line Detect\DLG.exe[4584] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Digital Line Detect\DLG.exe[4584] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Digital Line Detect\DLG.exe[4584] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Digital Line Detect\DLG.exe[4584] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Digital Line Detect\DLG.exe[4584] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Digital Line Detect\DLG.exe[4584] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A4000A
.text C:\Program Files\Digital Line Detect\DLG.exe[4584] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A5000A
.text C:\Documents and Settings\THE Chuck Norris\Desktop\OTL.exe[4792] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Documents and Settings\THE Chuck Norris\Desktop\OTL.exe[4792] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Documents and Settings\THE Chuck Norris\Desktop\OTL.exe[4792] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Documents and Settings\THE Chuck Norris\Desktop\OTL.exe[4792] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Documents and Settings\THE Chuck Norris\Desktop\OTL.exe[4792] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Documents and Settings\THE Chuck Norris\Desktop\OTL.exe[4792] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Documents and Settings\THE Chuck Norris\Desktop\OTL.exe[4792] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AE000A
.text C:\Documents and Settings\THE Chuck Norris\Desktop\OTL.exe[4792] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AF000A
.text C:\WINDOWS\System32\svchost.exe[4872] C:\WINDOWS\System32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\System32\svchost.exe[4872] C:\WINDOWS\System32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\System32\svchost.exe[4872] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\System32\svchost.exe[4872] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\System32\svchost.exe[4872] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\System32\svchost.exe[4872] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\System32\svchost.exe[4872] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\System32\svchost.exe[4872] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A0000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A1000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] WININET.dll!HttpAddRequestHeadersW 780CD015 5 Bytes JMP 00E9000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00EAF9F0 \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EB0A60 \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00EB08A0 \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EB0780 \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00EAFDA0 \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[5104] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00EAFFD0 \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5568] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\iPod\bin\iPodService.exe[5568] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\iPod\bin\iPodService.exe[5568] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\iPod\bin\iPodService.exe[5568] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\iPod\bin\iPodService.exe[5568] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\iPod\bin\iPodService.exe[5568] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\iPod\bin\iPodService.exe[5568] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0075000A
.text C:\Program Files\iPod\bin\iPodService.exe[5568] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0076000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spwe.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spwe.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spwe.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spwe.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spwe.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spwe.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 3CE90043
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D0
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D02EE8
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D3ADE856
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01D8A9E8
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 021EF5E8
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] FDE8F075
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001CE
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043CB
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] A7E8C68B
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C200021F
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] CB9006C7
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] BAE80043
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 90E95ECE
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830001CF
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] D2F9E856
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9C01C700
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E90043CB
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43CB9C06
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] CCE85607
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590001D2
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 436A7DB8
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 1E4CE800
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0002
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0001CEC7
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43CB9006
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 021EF9E8
IAT C:\WINDOWS\System32\svchost.exe[3212] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 3CE90043
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D0
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D02EE8
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D3ADE856
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01D8A9E8
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 021EF5E8
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] FDE8F075
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001CE
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043CB
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] A7E8C68B
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C200021F
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] CB9006C7
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] BAE80043
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 90E95ECE
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830001CF
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] D2F9E856
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9C01C700
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E90043CB
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43CB9C06
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] CCE85607
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590001D2
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 436A7DB8
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 1E4CE800
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0002
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0001CEC7
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43CB9006
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 021EF9E8
IAT C:\WINDOWS\System32\svchost.exe[3220] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 3CE90043
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D0
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D02EE8
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D3ADE856
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] EC8B5500
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [5D10C483] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FF1475FF
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 75FF1075
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0875FF0C
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 01D8A9E8
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 08458B00
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 021EF5E8
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] FDE8F075
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 830001CE
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] FF00FC65
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 4E8D0875
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] E80043CB
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 00001D70
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] A7E8C68B
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C200021F
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B560004
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6A006AF1
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 0C4E8D01
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] CB9006C7
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] BAE80043
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B000022
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 90E95ECE
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 830001CF
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 72102479
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 10418B04
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 10418DC3
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] F18B56C3
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFFCDE8
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 07740108
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] D2F9E856
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 9C01C700
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] E90043CB
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFFFAE
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] C7F18B56
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 43CB9C06
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FFA0E800
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 44F6FFFF
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 74010824
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] CCE85607
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 590001D2
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C25EC68B
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 046A0004
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 436A7DB8
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 1E4CE800
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F18B0002
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8BF07589
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0001CEC7
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 570CC783
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] C70C4E8D
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 43CB9006
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 1CC2E800
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C68B0000
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 021EF9E8
IAT C:\WINDOWS\System32\svchost.exe[3248] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0004C200

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A5D61F8

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\NDIS \Device\Ndis [8A480984] NDIS.sys[.reloc]

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\NetBT \Device\NetBT_Tcpip_{832A6E0F-370E-4FA6-90B1-A60C04E1FD73} 89F541F8
Device \Driver\usbuhci \Device\USBPDO-0 8A453500
Device \Driver\usbuhci \Device\USBPDO-1 8A453500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5691F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5691F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5691F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5691F8
Device \Driver\usbuhci \Device\USBPDO-2 8A453500
Device \Driver\usbuhci \Device\USBPDO-3 8A453500
Device \Driver\usbehci \Device\USBPDO-4 8A452500

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5D81F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5D81F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A5D81F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89F541F8
Device \Driver\NetBT \Device\NetbiosSmb 89F541F8

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 8A453500
Device \Driver\NetBT \Device\NetBT_Tcpip_{8BE49F89-66C9-46DE-A962-50677E49F8A5} 89F541F8
Device \Driver\usbuhci \Device\USBFDO-1 8A453500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89F201F8
Device \Driver\usbuhci \Device\USBFDO-2 8A453500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89F201F8
Device \Driver\usbuhci \Device\USBFDO-3 8A453500
Device \Driver\usbehci \Device\USBFDO-4 8A452500
Device \Driver\Ftdisk \Device\FtControl 8A5D81F8
Device \FileSystem\Fastfat \Fat 89F1B500
Device \FileSystem\Fastfat \Fat B3037297

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Cdfs \Cdfs 89F441F8
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [284] 0x00A00000
Library \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1164] 0x00A00000
Library \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1312] 0x00A00000
Library \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1356] 0x00A00000
Library \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1456] 0x00A00000
Library \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1568] 0x00A00000
Library \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2328] 0x00A00000
Library \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2344] 0x00A00000
Library \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [3212] 0x00B10000
Library \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [3220] 0x00B10000
Library \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [3248] 0x00B10000
Library \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [4872] 0x00A00000
Library \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [5104] 0x00EA0000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACpjnridwydroruow.sys (*** hidden *** ) [SYSTEM] uacd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x02 0x9F 0xB4 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys@imagepath \systemroot\system32\drivers\UACpjnridwydroruow.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACpjnridwydroruow.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACimrdbbgomqfulhy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACnsiuaqpwhlnusel.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACtgskwkadqlrklkc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACoqqvpxuiqjkcdot.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACeoegrerlydaaiva.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACgqpxxfmyhxudauw.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACgyjhxwulirtktqb.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACcbmxbhpaoshjnqx.log
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x02 0x9F 0xB4 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\Services\uacd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\uacd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\uacd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\uacd.sys@imagepath \systemroot\system32\drivers\UACpjnridwydroruow.sys
Reg HKLM\SYSTEM\ControlSet002\Services\uacd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\uacd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\uacd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACpjnridwydroruow.sys
Reg HKLM\SYSTEM\ControlSet002\Services\uacd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACimrdbbgomqfulhy.dll
Reg HKLM\SYSTEM\ControlSet002\Services\uacd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACnsiuaqpwhlnusel.dat
Reg HKLM\SYSTEM\ControlSet002\Services\uacd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACtgskwkadqlrklkc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\uacd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACoqqvpxuiqjkcdot.dll
Reg HKLM\SYSTEM\ControlSet002\Services\uacd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACeoegrerlydaaiva.dll
Reg HKLM\SYSTEM\ControlSet002\Services\uacd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAConotskuobtdfmpq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\uacd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACgqpxxfmyhxudauw.log
Reg HKLM\SYSTEM\ControlSet002\Services\uacd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACgyjhxwulirtktqb.log
Reg HKLM\SYSTEM\ControlSet002\Services\uacd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACcbmxbhpaoshjnqx.log
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Files - GMER 1.0.15 ----

#7
NAVYVET

Posted 06 June 2009 - 05:15 PM

Member

Topic Starter
Member
18 posts

--- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Andyman\Local Settings\Temp\CC110.tmp 3765 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1104.tmp 18622 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\smss.exe 37387 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\SPORE - Creepy & Cute [Big-Hair] [mininova].torrent 15646 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Spore-RELOADED [mininova].torrent 20781 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Spore-RELOADED_[www.NewTorrents.info].torrent 20922 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Spore.iso___Crack_And_Serial___(100__Working).4714560.TPB.torrent 20733 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\~DF12D3.tmp 16384 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\~DF2F32.tmp 16384 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\~DF31B9.tmp 16384 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\~DF3453.tmp 16384 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\~DF361A.tmp 16384 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\~DF3802.tmp 16384 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\~DF3CA6.tmp 16384 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\~DF4117.tmp 16384 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\~DF4E41.tmp 16384 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\~DF548B.tmp 16384 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\~DF5F96.tmp 16384 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\~DF5FAD.tmp 16384 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\~DF6D81.tmp 16384 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\~DFB6AE.tmp 16384 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\~DFC04B.tmp 16384 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\~DFDD5F.tmp 16384 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\~syst 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\login.exe 37387 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\neoodep.exe 15001 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\notepad.exe 37387 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\s8s38jf94kg.exe 15000 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\Serj_Tankian_-_Elect_the_Dead.4257004.TPB.torrent 7735 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\services.exe 37387 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\set1CE.tmp 121064 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\set2.tmp 121064 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\set3.tmp 121064 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\set42A.tmp 121064 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\{B9273671-638E-4A25-87C6-6A867DEB84B2} 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{B9273671-638E-4A25-87C6-6A867DEB84B2}\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1} 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{B9273671-638E-4A25-87C6-6A867DEB84B2}\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\0x2ec02d4c.exe 421888 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\{B9273671-638E-4A25-87C6-6A867DEB84B2}\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\dialog1.bmp 205976 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{B9273671-638E-4A25-87C6-6A867DEB84B2}\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\dialog2.bmp 205976 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{B9273671-638E-4A25-87C6-6A867DEB84B2}\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\dialog3.bmp 205976 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{B9273671-638E-4A25-87C6-6A867DEB84B2}\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\dialog4.bmp 205976 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{B9273671-638E-4A25-87C6-6A867DEB84B2}\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\dialog5.bmp 205976 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{B9273671-638E-4A25-87C6-6A867DEB84B2}\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\dialog6.bmp 205976 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{B9273671-638E-4A25-87C6-6A867DEB84B2}\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\dialog7.bmp 205976 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{B9273671-638E-4A25-87C6-6A867DEB84B2}\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\dialog8.bmp 205976 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{B9273671-638E-4A25-87C6-6A867DEB84B2}\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\license.txt 20588 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{B9273671-638E-4A25-87C6-6A867DEB84B2}\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\msvcr71.dll 348160 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\etilqs_5r2CWxtynWFL8x7cSxaJ 20500 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\etilqs_F9c6hhVnSU1C6dWq8lW7 28700 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\etilqs_HXCqbKysOdpe1xJGJHXf 1024 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\etilqs_HXCqbKysOdpe1xJGJHXf-journal 1544 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\etilqs_ld5WWSQAZWochBm8VOVy 4 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\etilqs_MGk4hzyMBkSTevTmGkHz 28700 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\etilqs_OvhgYJLBG9g5VKqj1umD 49200 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\etilqs_rK2eDMKGNcVEgrE9ByYD 24600 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\etilqs_T4QBZNCU0mMZ7CjoHJi7 16400 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\etilqs_ZyoHtNSrG50lYgoc9jtE 28700 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\external.txt 6161 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\winlogon.exe 16389 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\WPDNSE 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\xzqerq.exe 15001 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\[isoHunt] Spore-RELOADED.torrent 21413 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\[isoHunt] Spore.iso.4538927.TPB.torrent 20675 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\[isoHunt] Spore.iso___Crack_And_Serial___(100__Working).4714560.TPB.torrent 21069 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\[isoHunt] Spore.Update.1.02.Cracked-BAT.torrent 18745 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\[isoHunt] Spore__Creepy___Cute_Parts(EA)_(Multi)_[L]_[Strategy].4611878.TPB.torrent 16812 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{0E09D243-10DE-4B12-A1B2-3E377ABF07AC} 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{0E09D243-10DE-4B12-A1B2-3E377ABF07AC}\{9DF0196F-B6B8-4C3A-8790-DE42AA530101} 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{0E09D243-10DE-4B12-A1B2-3E377ABF07AC}\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\dialog1.bmp 205976 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{0E09D243-10DE-4B12-A1B2-3E377ABF07AC}\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\dialog2.bmp 205976 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{0E09D243-10DE-4B12-A1B2-3E377ABF07AC}\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\dialog3.bmp 205976 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{0E09D243-10DE-4B12-A1B2-3E377ABF07AC}\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\dialog4.bmp 205976 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{0E09D243-10DE-4B12-A1B2-3E377ABF07AC}\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\dialog5.bmp 205976 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{0E09D243-10DE-4B12-A1B2-3E377ABF07AC}\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\dialog6.bmp 205976 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{0E09D243-10DE-4B12-A1B2-3E377ABF07AC}\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\dialog7.bmp 205976 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{0E09D243-10DE-4B12-A1B2-3E377ABF07AC}\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\dialog8.bmp 205976 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{0E09D243-10DE-4B12-A1B2-3E377ABF07AC}\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\GameuxInstallHelper.dll 78184 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\{0E09D243-10DE-4B12-A1B2-3E377ABF07AC}\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\isrtp32.dll 29696 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\{0E09D243-10DE-4B12-A1B2-3E377ABF07AC}\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\license.txt 24013 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\{0E09D243-10DE-4B12-A1B2-3E377ABF07AC}\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\patchw32.dll 202240 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\{0E09D243-10DE-4B12-A1B2-3E377ABF07AC}\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\readme.txt 15667 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\taskmgr.exe 37387 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\1KIWIGYB 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\1KIWIGYB\btn96x22set[1] 2962 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\1KIWIGYB\desktop.ini 67 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\1KIWIGYB\NewStatus[1] 64719 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\1KIWIGYB\spacer[1] 67 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\1KIWIGYB\SymButton[1] 3472 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\1KIWIGYB\warning[1].gif 4785 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\1KIWIGYB\xmlStrings[1] 18864 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\4SMQTLCS 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\4SMQTLCS\10036[1] 23204 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\4SMQTLCS\desktop.ini 67 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\4SMQTLCS\resource[1] 13683 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\4SMQTLCS\statusHints[1] 362 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\4SMQTLCS\statusTabBgTop[1] 294 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\4SMQTLCS\warning_wht[1] 1040 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\A5AAQ20J 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\A5AAQ20J\check_wht[1] 1214 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\A5AAQ20J\desktop.ini 67 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\A5AAQ20J\shared[1] 29251 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\A5AAQ20J\statusTabBg[1] 322 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\A5AAQ20J\urgent_wht[1] 1210 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\A5AAQ20J\winlogon[1].htm 1400 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\DHPOHQ08 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\DHPOHQ08\BackgroundWarning[1] 14011 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\DHPOHQ08\desktop.ini 67 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\DHPOHQ08\lsp[1].exe 104960 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\DHPOHQ08\nis2005[1] 3140 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\DHPOHQ08\SecurityCheck[1] 714 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\DHPOHQ08\statusTabBgBottom[1] 289 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\DHPOHQ08\statusTabSeparator[1] 854 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat 32768 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\TWAIN.LOG 695 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Twain001.Mtx 3 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Twunk001.MTX 156 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\UAC29a1.tmp 73728 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\UAC29b1.tmp 343040 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\UAC783b.tmp 343040 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\UACe1a.tmp 73728 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\UACe2a.tmp 343040 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\visual_effects_k1.7z 247446 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\VP6.reg 340 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\VP6Install.exe 26176 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\svchost.exe 37387 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\system_of_a_down_discography.4812817.TPB-1.torrent 19234 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\system_of_a_down_discography.4812817.TPB.torrent 19234 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\536974020.exe 37383 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\537599020.exe 37383 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\727029283.exe 182273 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\7zS66D.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\8.tmp 146432 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\863.exe 32256 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\9.tmp 146432 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\aahf87w3hrygfuydbfkjd.tmp 160 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\alm.log 14229 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\History 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\History\History.IE5 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\History\History.IE5\desktop.ini 145 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\History\History.IE5\index.dat 32768 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\jisfije9fjoiee.tmp 4 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\jusched.log 31773 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\kotor2style_rebalance_v1.1.zip 3335 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4AD.tmp 5797 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4BB.tmp 18556 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4C4.tmp 18596 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4C5.tmp 18561 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC40.tmp 3787 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC400.tmp 5838 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5C0.tmp 18579 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5C1.tmp 18564 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5C4.tmp 18576 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5CB.tmp 18556 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5D.tmp 7540 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5E.tmp 7547 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5EA.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5F.tmp 7558 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6.tmp 2309 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\dd_vcredistMSI2DA1.txt 530346 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\dd_vcredistMSI2F15.txt 524148 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\dd_vcredistUI2DA1.txt 12144 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\dd_vcredistUI2F15.txt 13082 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\dn21.tmp 60201096 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\dn22.tmp 60201096 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\dn2353.tmp 40372381 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC7C.tmp 7551 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC7E.tmp 7518 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC7F.tmp 7548 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8.tmp 2301 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\AUInst.log 270 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\avg8inst.log 71612 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\AVSETUP_4a29a983 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\AVSETUP_4a29a983\setup.log 3868 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\bd5aeedy.exe 15001 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\bvwbu3r3ru7fodfj9.tmp 160 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1.tmp 2316 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC10.tmp 2325 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC101.tmp 3815 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC102F.tmp 9450 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC104.tmp 3750 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1084.tmp 9480 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1087.tmp 9430 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC108A.tmp 9472 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4C9.tmp 18557 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4CF.tmp 18609 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4D4.tmp 7522 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4D5.tmp 7536 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4D6.tmp 7555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCBF.tmp 7535 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCBF6.tmp 18537 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCBFB.tmp 18534 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCBFC.tmp 18645 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCBFE.tmp 18560 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC0.tmp 7555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC02.tmp 18605 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC03.tmp 9444 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC04.tmp 9482 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC0C.tmp 18571 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC0F.tmp 18609 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC10.tmp 18643 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC12.tmp 18640 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC45D.tmp 18592 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC463.tmp 7547 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC476.tmp 18556 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1CD.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1CE.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1D0.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1F.tmp 2333 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1F6.tmp 18528 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC2.tmp 2340 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC20.tmp 2314 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC21.tmp 2334 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC22.tmp 2287 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4E4.tmp 18627 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4E6.tmp 18560 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4E8.tmp 7562 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4EA.tmp 7548 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4EB.tmp 7553 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4EE.tmp 18573 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC24.tmp 2324 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC249.tmp 18588 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC24A.tmp 18529 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC25A.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC26A.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC27.tmp 2294 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC271.tmp 7576 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\setC5.tmp 121064 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\setC9.tmp 121064 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\Sims2Logo.jpg 37440 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC28.tmp 2301 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC281.tmp 18559 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC286.tmp 18603 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC28F.tmp 18564 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC29A.tmp 18560 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC2A.tmp 2294 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC2B.tmp 2302 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC2C.tmp 2290 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC984.tmp 3193 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC98D.tmp 18554 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC98E.tmp 18578 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC98F.tmp 18541 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC990.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC991.tmp 18576 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC994.tmp 7528 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4F1.tmp 3187 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4F2.tmp 7540 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4F3.tmp 7544 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4F4.tmp 7566 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4F5.tmp 18590 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4F6.tmp 18575 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4F7.tmp 2861 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4F8.tmp 2842 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4F9.tmp 2869 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4FA.tmp 2856 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4FB.tmp 2856 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4FC.tmp 2763 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4FD.tmp 2806 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4FE.tmp 18601 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4FF.tmp 2868 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5.tmp 2293 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC50.tmp 2329 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC500.tmp 3201 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC501.tmp 7623 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC503.tmp 2785 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC504.tmp 7541 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC505.tmp 7595 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC506.tmp 7553 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC507.tmp 7565 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC508.tmp 7613 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC509.tmp 7558 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC50A.tmp 7632 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC50B.tmp 1856 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC50C.tmp 2899 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC50D.tmp 7548 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC50E.tmp 7569 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC50F.tmp 7534 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC51.tmp 2266 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC510.tmp 7554 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC511.tmp 2900 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC512.tmp 2899 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC513.tmp 7515 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC514.tmp 7527 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC516.tmp 7575 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC517.tmp 7566 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC518.tmp 18618 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC519.tmp 7640 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC51A.tmp 2860 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC51D.tmp 7552 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC51E.tmp 2946 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC51F.tmp 7583 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC52.tmp 2305 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC520.tmp 18570 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC521.tmp 2835 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC522.tmp 2905 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC527.tmp 18572 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC528.tmp 7556 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC529.tmp 7571 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC52A.tmp 3203 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC52B.tmp 2835 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC52E.tmp 7580 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC531.tmp 7550 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC533.tmp 18582 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC534.tmp 18589 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC535.tmp 2999 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC536.tmp 2865 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC537.tmp 18565 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC53A.tmp 18566 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC53B.tmp 2904 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC53C.tmp 2872 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC53F.tmp 2909 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC54.tmp 7580 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC540.tmp 2934 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC543.tmp 2908 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC544.tmp 18543 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC545.tmp 18532 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC54C.tmp 7544 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC54D.tmp 7530 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC55.tmp 7569 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC550.tmp 18578 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC551.tmp 18581 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC56B.tmp 18554 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC570.tmp 18611 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC571.tmp 18550 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC574.tmp 18574 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC575.tmp 18621 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC576.tmp 18548 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC577.tmp 18550 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC578.tmp 18557 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC579.tmp 18538 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC57A.tmp 18637 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC57D.tmp 18563 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC57E.tmp 18533 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC57F.tmp 18552 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC580.tmp 18569 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC581.tmp 18553 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC582.tmp 18556 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC583.tmp 18598 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC584.tmp 18557 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC587.tmp 18551 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\VP6VFW.dll 445504 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC58D.tmp 18637 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC59.tmp 7596 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC590.tmp 18546 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC591.tmp 18510 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC593.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC598.tmp 18582 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC59B.tmp 18560 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC59C.tmp 18554 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5A.tmp 7538 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5A9.tmp 18576 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5AA.tmp 18581 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5B.tmp 7606 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5B1.tmp 18520 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5B2.tmp 18547 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5B3.tmp 18564 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5B4.tmp 18552 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5B9.tmp 18549 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5BA.tmp 18541 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5BF.tmp 18531 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1600.tmp 18590 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1625.tmp 9457 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC162C.tmp 9447 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1637.tmp 18563 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1638.tmp 18576 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC163C.tmp 18561 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC163D.tmp 18563 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC163E.tmp 18581 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC163F.tmp 18537 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1640.tmp 18548 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1641.tmp 18562 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1642.tmp 18549 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCD08.tmp 18576 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCD0C.tmp 18525 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCD14.tmp 7554 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCD18.tmp 18566 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCD21.tmp 18604 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCD33.tmp 18585 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCD36.tmp 18571 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE51.tmp 18555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE61.tmp 18549 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE74.tmp 7579 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE8.tmp 1853 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE9E.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE9F.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCEA7.tmp 7611 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCEC.tmp 7565 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCED4.tmp 7611 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCEE.tmp 7544 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF.tmp 2270 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF0.tmp 7557 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF00.tmp 9434 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC121B.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC121E.tmp 18547 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC121F.tmp 18602 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1220.tmp 18563 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1221.tmp 18567 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1228.tmp 18552 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1229.tmp 18603 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC122A.tmp 18573 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC122B.tmp 18627 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC122E.tmp 18613 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC122F.tmp 18626 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC123.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC130F.tmp 18567 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC131F.tmp 18529 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1325.tmp 18583 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC140E.tmp 18585 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC140F.tmp 18603 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1432.tmp 18579 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1436.tmp 18539 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC2CA.tmp 7608 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC2D.tmp 2286 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC2E.tmp 2318 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC2E6.tmp 7568 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC2EB.tmp 1864 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC2F1.tmp 7620 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3.tmp 2316 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC30F.tmp 18609 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4F0.tmp 7567 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC502.tmp 3190 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC515.tmp 7618 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC532.tmp 7542 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC562.tmp 18576 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC588.tmp 18585 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC5C.tmp 7532 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC60.tmp 7574 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC64.tmp 7526 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC67.tmp 7529 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC69C.tmp 3752 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6AD.tmp 3742 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6C.tmp 7576 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC710.tmp 18585 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC725.tmp 5892 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC732.tmp 5868 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC77.tmp 7588 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC7B.tmp 7549 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC80.tmp 7535 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC818.tmp 9477 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC84.tmp 1864 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC890.tmp 5881 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8A8.tmp 3725 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC31A.tmp 7606 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC31C.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC31F.tmp 7578 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC32.tmp 2331 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC327.tmp 3727 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC849.tmp 18555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC84A.tmp 18558 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC853.tmp 18575 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC861.tmp 5813 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC864.tmp 18601 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC888.tmp 5878 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC88E.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC89.tmp 7543 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC34.tmp 2287 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC34F.tmp 3775 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC35.tmp 2313 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC359.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC63.tmp 7517 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC899.tmp 18562 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC89A.tmp 18574 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8A7.tmp 3766 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC368.tmp 7554 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC37C.tmp 7554 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC38C.tmp 7552 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC38D.tmp 1845 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC394.tmp 7543 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3A1.tmp 18572 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3A2.tmp 7563 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3A3.tmp 1853 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3B.tmp 2340 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3B4.tmp 7555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3B5.tmp 3788 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3B6.tmp 7588 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3C2.tmp 7612 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3C3.tmp 7554 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3C4.tmp 3821 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3C6.tmp 7585 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3C9.tmp 7534 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3CF.tmp 7527 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3D1.tmp 18589 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3D5.tmp 18527 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3EE.tmp 3765 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3EF.tmp 3728 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3F5.tmp 18549 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3F7.tmp 3695 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3FC.tmp 18555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3FD.tmp 7585 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8A9.tmp 18553 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8AC.tmp 18576 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8AD.tmp 18578 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8AE.tmp 5834 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8B5.tmp 18560 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8B7.tmp 18550 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC962.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC96B.tmp 18563 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC96C.tmp 7594 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC97.tmp 7543 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC97B.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC97C.tmp 18576 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC981.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC679.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC68.tmp 7571 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC68E.tmp 3721 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC69.tmp 1832 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC694.tmp 3770 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC696.tmp 3739 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC698.tmp 3766 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC699.tmp 3791 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC69A.tmp 3730 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC69B.tmp 3714 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC69D.tmp 3721 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC69E.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6A.tmp 18535 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6A0.tmp 3817 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6A1.tmp 3751 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6A3.tmp 3799 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6A4.tmp 3765 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6A6.tmp 3741 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6A9.tmp 18564 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6AB.tmp 18638 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6B3.tmp 18545 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6B4.tmp 18544 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6B5.tmp 18565 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6B6.tmp 18555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6B7.tmp 18597 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6B8.tmp 18578 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6B9.tmp 18555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6BC.tmp 18569 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8BC.tmp 5865 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8BE.tmp 3717 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8C.tmp 7578 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8C5.tmp 18546 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8CF.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17BD.tmp 18559 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17C0.tmp 18541 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17C1.tmp 18541 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17C6.tmp 18557 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17C7.tmp 18544 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17CA.tmp 18572 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17CB.tmp 9454 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17D0.tmp 9458 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17D3.tmp 9460 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17DA.tmp 9447 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17DD.tmp 9469 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17DE.tmp 9459 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17E3.tmp 18538 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17F2.tmp 9473 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17F9.tmp 18553 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1800.tmp 9435 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1803.tmp 9456 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC180C.tmp 9471 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1811.tmp 9457 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1814.tmp 9468 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1827.tmp 9470 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC182C.tmp 2907 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC182D.tmp 2840 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1A.tmp 2330 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1B.tmp 2356 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC997.tmp 1863 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC998.tmp 7577 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC999.tmp 3773 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC9A.tmp 7559 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC9A0.tmp 7542 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6E7.tmp 18575 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC6F.tmp 7621 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC7.tmp 2329 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC70.tmp 7540 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC71.tmp 7578 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC716.tmp 5896 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC717.tmp 5831 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC72.tmp 7617 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC728.tmp 5914 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC729.tmp 5857 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC72A.tmp 3765 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC72B.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC72D.tmp 3755 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC72F.tmp 5871 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC730.tmp 3698 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC731.tmp 5890 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDBE.tmp 18557 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDC5.tmp 18574 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDCB.tmp 7538 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDCE.tmp 7564 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8DB.tmp 5838 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8E4.tmp 3748 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC9.tmp 2315 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC9AE.tmp 18573 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC9AF.tmp 18552 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC9B0.tmp 18558 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC9B1.tmp 7535 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCA7C.tmp 18596 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCA9.tmp 18615 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCA97.tmp 2904 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCA98.tmp 3187 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCA9D.tmp 18562 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC932.tmp 3693 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC933.tmp 3694 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC934.tmp 3753 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC939.tmp 18577 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC93C.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC941.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC945.tmp 5887 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC947.tmp 5885 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC948.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC949.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC94A.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC94B.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC94C.tmp 5922 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC94E.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC94F.tmp 5870 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC950.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC953.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC954.tmp 7587 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC955.tmp 7595 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC956.tmp 7632 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC959.tmp 7576 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC95C.tmp 1827 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC95E.tmp 18546 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC95F.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC960.tmp 5861 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC9BE.tmp 18602 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC9C3.tmp 18546 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCA.tmp 2288 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCA0.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCA22.tmp 7531 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCA3.tmp 7567 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCA31.tmp 7571 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCA4.tmp 7628 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCA45.tmp 5869 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCA47.tmp 9452 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8D.tmp 7561 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC90.tmp 7594 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC931.tmp 7589 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC94D.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC961.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC982.tmp 7549 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC995.tmp 18575 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC9A8.tmp 18644 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC9B4.tmp 18575 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC9C7.tmp 18558 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCA5.tmp 7542 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCA76.tmp 7584 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCA9F.tmp 5927 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAB3.tmp 18607 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCACC.tmp 2951 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB2.tmp 7565 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB52.tmp 5886 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB6C.tmp 18563 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC89.tmp 18549 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC8A.tmp 18561 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCA0.tmp 9474 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCA9.tmp 9470 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCB9.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCBA.tmp 9454 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCBB.tmp 9456 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCC2.tmp 7535 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCC3.tmp 7559 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCC4.tmp 18557 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCC5.tmp 18528 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCC6.tmp 7565 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCC7.tmp 18624 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCC8.tmp 7615 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB22.tmp 18582 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB27.tmp 18559 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB3.tmp 7526 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB44.tmp 7599 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB45.tmp 1843 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB5F.tmp 5959 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB6.tmp 7607 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB6A.tmp 18557 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB6B.tmp 18588 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\amt.log 32373 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC108C.tmp 9458 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC11.tmp 2283 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC110A.tmp 18550 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC119E.tmp 9473 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC121.tmp 7545 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1230.tmp 18619 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1249.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC126B.tmp 18555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC13.tmp 2337 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1326.tmp 18533 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC138.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC13BD.tmp 9444 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC14.tmp 2274 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC143A.tmp 18538 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC144B.tmp 18558 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC14DC.tmp 9475 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC150.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC153C.tmp 18554 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC15D8.tmp 18586 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC16.tmp 2311 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1645.tmp 9445 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC165A.tmp 18558 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC168A.tmp 18581 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC16BA.tmp 9467 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1719.tmp 9514 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC173E.tmp 18569 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1749.tmp 18579 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1763.tmp 18606 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1784.tmp 18622 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17BC.tmp 18526 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1C9.tmp 18536 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1E.tmp 2326 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC23.tmp 2292 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC276.tmp 7568 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC29.tmp 2331 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4D7.tmp 7573 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC8B9.tmp 18529 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB7F.tmp 18534 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\setB.tmp 121064 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB6E.tmp 18575 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB7.tmp 7578 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB72.tmp 18567 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB77.tmp 7556 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB7C.tmp 18536 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB7E.tmp 5839 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB81.tmp 18544 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB82.tmp 18631 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB85.tmp 18575 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB86.tmp 7564 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB89.tmp 18566 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB8C.tmp 18538 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB91.tmp 18613 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB95.tmp 18561 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB96.tmp 18572 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB98.tmp 18541 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB9A.tmp 18569 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCBA.tmp 7619 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCBAE.tmp 18562 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCBB.tmp 7563 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCBE.tmp 7546 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCCD.tmp 18604 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCCE.tmp 7602 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCD1.tmp 5904 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCD2.tmp 18580 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCD4.tmp 7598 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCD9.tmp 18549 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCDA.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCDB.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCE.tmp 18608 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCEA.tmp 18537 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCEB.tmp 18566 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCEC.tmp 18555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCEE.tmp 18561 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCEF.tmp 7597 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCF0.tmp 7574 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCFE.tmp 9471 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCD8F.tmp 5876 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCD91.tmp 7567 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC65B.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC65C.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\000002A0 117571584 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\100006AF.tok 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\100006B5.tok 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\100006B7.data 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\100006B8.tok 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\100006B9.data 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\100006BA.data 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\1000074E.tok 992 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\1000074F.data 2119 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDA6.tmp 18617 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDA9.tmp 18579 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDAA.tmp 18550 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDB4.tmp 18602 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDB7.tmp 18603 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDB8.tmp 18631 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDDF.tmp 18553 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDE0.tmp 18543 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDE2.tmp 18499 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDE4.tmp 18548 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDE6.tmp 18545 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDF0.tmp 18543 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDF2.tmp 7597 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE.tmp 2319 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE02.tmp 18588 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE03.tmp 18582 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE04.tmp 18540 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE05.tmp 18560 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE06.tmp 7562 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE07.tmp 7598 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE08.tmp 7593 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE0B.tmp 18558 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE0C.tmp 18613 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE0D.tmp 7555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE0E.tmp 18557 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE1.tmp 3740 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE10.tmp 18550 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE11.tmp 18542 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE12.tmp 18590 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE16.tmp 18547 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE17.tmp 18596 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE19.tmp 18576 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE1A.tmp 7542 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE1B.tmp 18550 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE1C.tmp 18543 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE1D.tmp 18585 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE1E.tmp 18541 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE1F.tmp 18550 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE20.tmp 18574 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE21.tmp 18584 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE22.tmp 7565 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE23.tmp 18566 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC90E.tmp 9497 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC926.tmp 3770 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC92A.tmp 18602 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC92C.tmp 3774 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC92D.tmp 3771 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC92E.tmp 3706 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC930.tmp 3769 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC763.tmp 9448 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC78.tmp 7555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC79.tmp 1825 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC81.tmp 7583 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC813.tmp 9478 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC82.tmp 3741 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC820.tmp 18651 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC822.tmp 9496 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC834.tmp 18582 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC839.tmp 18533 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC83D.tmp 18554 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCA73.tmp 2831 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE25.tmp 18576 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE26.tmp 18573 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE27.tmp 18582 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE28.tmp 18548 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE29.tmp 18533 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE2A.tmp 18542 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE2B.tmp 18564 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE2C.tmp 18555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE2D.tmp 7582 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE2F.tmp 18547 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE31.tmp 18623 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE34.tmp 18520 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE37.tmp 18651 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE38.tmp 18554 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE3B.tmp 18596 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE3C.tmp 18570 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE41.tmp 18555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE44.tmp 18537 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE45.tmp 18532 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE46.tmp 18556 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE47.tmp 18568 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE48.tmp 18593 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE49.tmp 18556 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE4A.tmp 18579 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAA3.tmp 18608 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAA5.tmp 18534 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAA8.tmp 2866 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAAB.tmp 18534 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAAE.tmp 18572 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB94.tmp 18549 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCBA1.tmp 5868 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCBE8.tmp 18556 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC.tmp 2300 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC14.tmp 18580 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC4.tmp 7547 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCCB.tmp 18529 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCCDD.tmp 7561 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCD.tmp 2397 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCD5.tmp 3743 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCD98.tmp 5854 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDBA.tmp 9457 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDD8.tmp 18517 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCDF3.tmp 7617 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE0F.tmp 18576 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE24.tmp 18545 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCE5.tmp 3759 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF01.tmp 7573 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF45.tmp 18567 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF84.tmp 9467 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCFB8.tmp 18604 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\dn23B.tmp 58487182 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\First15.exe 1453843 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCABD.tmp 18598 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCABF.tmp 9462 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCACF.tmp 18558 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAD.tmp 3738 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAD0.tmp 18643 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAD1.tmp 2840 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAD2.tmp 2892 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAD3.tmp 2773 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAD6.tmp 2884 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCADE.tmp 3164 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAE3.tmp 2857 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAE8.tmp 2890 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAED.tmp 2825 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAF.tmp 7558 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAF2.tmp 2849 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAF5.tmp 18564 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAF8.tmp 2919 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAF9.tmp 18640 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCAFE.tmp 2789 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCB.tmp 2336 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF5C.tmp 18536 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF6B.tmp 18549 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF6C.tmp 18557 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF6E.tmp 18569 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF6F.tmp 18665 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF7.tmp 3724 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF71.tmp 18554 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF79.tmp 18541 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF8.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC19.tmp 18523 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC1A.tmp 18577 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC2E.tmp 18528 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC3.tmp 7541 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC31.tmp 18546 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC32.tmp 18519 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCC39.tmp 18588 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCFAE.tmp 18637 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCFB.tmp 3769 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCFB1.tmp 18687 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC108D.tmp 9463 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1090.tmp 9453 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1096.tmp 9455 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC10A2.tmp 18522 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC10AC.tmp 18590 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC10AD.tmp 9473 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC10B2.tmp 9467 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC10B4.tmp 9475 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC10B7.tmp 9485 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC10B8.tmp 9471 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC10BB.tmp 9466 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC10C.tmp 3751 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC10E.tmp 7592 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC10EB.tmp 9452 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC10F.tmp 7573 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCFBD.tmp 18541 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCFD.tmp 3747 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCFD2.tmp 18549 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCFD9.tmp 9452 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCFF.tmp 7571 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCFF5.tmp 9475 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCFF8.tmp 2926 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Cookies 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\Cookies\index.dat 16384 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\dan13_dorak.zip 17968 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC13CB.tmp 18550 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC13D.tmp 3750 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC13D6.tmp 9455 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC13FE.tmp 18555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF0D.tmp 2894 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF0F.tmp 3207 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF12.tmp 3159 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF14.tmp 18558 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF18.tmp 2902 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF1A.tmp 2883 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF1B.tmp 3152 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF1C.tmp 2858 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF24.tmp 9460 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF27.tmp 9454 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF28.tmp 9479 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF29.tmp 9463 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF2A.tmp 9465 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CCF2D.tmp 9456 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC111A.tmp 18566 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC111E.tmp 18637 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1128.tmp 18572 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC113.tmp 3754 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1133.tmp 18571 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC113C.tmp 18662 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC117.tmp 3793 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC118C.tmp 9467 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC118D.tmp 9469 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC118E.tmp 9445 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1190.tmp 9456 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1192.tmp 9474 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1195.tmp 9476 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1198.tmp 9484 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC119A.tmp 9486 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC119B.tmp 9460 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC119C.tmp 9470 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC119D.tmp 9485 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC11B8.tmp 9511 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC11B9.tmp 9445 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC11BC.tmp 9477 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC11BD.tmp 9447 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC11C0.tmp 9466 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC11C2.tmp 9454 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC11C5.tmp 9465 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC11CD.tmp 2938 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC11E.tmp 7622 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC11E5.tmp 18559 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC12.tmp 2353 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1201.tmp 9445 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1204.tmp 9475 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1233.tmp 18595 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1237.tmp 18549 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1238.tmp 18574 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC123A.tmp 18573 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC123B.tmp 18576 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC123D.tmp 18595 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC123E.tmp 18600 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1243.tmp 18572 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1244.tmp 18567 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1245.tmp 18551 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1246.tmp 18519 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1255.tmp 18535 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1256.tmp 18588 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC126.tmp 7575 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1271.tmp 9486 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1272.tmp 18552 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC12A.tmp 7555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC12A0.tmp 18551 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC12A1.tmp 9459 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC12AC.tmp 9464 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC12B.tmp 3742 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC12D.tmp 3762 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC12DB.tmp 18554 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC12F0.tmp 18567 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC132A.tmp 18567 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC132D.tmp 18573 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1332.tmp 18603 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC13B0.tmp 9466 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC13B1.tmp 18659 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC2C2.tmp 7631 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC2D5.tmp 7574 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC2E2.tmp 18586 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC2FA.tmp 3746 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC31.tmp 2286 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC320.tmp 7637 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC33.tmp 2317 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC36.tmp 2268 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC395.tmp 7559 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3AD.tmp 3766 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3B7.tmp 3753 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3D4.tmp 7555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC3E2.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4.tmp 2333 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC407.tmp 18574 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC49.tmp 18524 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC4C6.tmp 18590 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1647.tmp 18531 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1648.tmp 18567 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1649.tmp 18545 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC164A.tmp 18558 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC164B.tmp 18581 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC164C.tmp 18614 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC164D.tmp 18561 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC164E.tmp 18594 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1651.tmp 18646 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1656.tmp 18620 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC16A6.tmp 18634 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC16B0.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC16B2.tmp 0 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC168.tmp 18561 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1683.tmp 18612 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1689.tmp 18608 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC172A.tmp 18564 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC172E.tmp 18544 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1730.tmp 18555 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1739.tmp 18553 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC173A.tmp 18608 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC173B.tmp 18590 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC173C.tmp 18549 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1743.tmp 18666 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1744.tmp 18603 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1745.tmp 18548 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1748.tmp 18516 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC143B.tmp 18625 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1440.tmp 18594 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1441.tmp 18538 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1442.tmp 18551 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC144A.tmp 18565 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC16BB.tmp 9461 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC16C8.tmp 18556 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC16E2.tmp 9483 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC16E5.tmp 9449 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC16EE.tmp 9423 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC16F1.tmp 9466 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC16F4.tmp 9486 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17.tmp 2346 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1705.tmp 9452 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC170E.tmp 9484 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1714.tmp 9443 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC15.tmp 2290 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1547.tmp 18529 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1548.tmp 18587 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC15D7.tmp 18576 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1753.tmp 18673 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1755.tmp 18651 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1759.tmp 18592 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC175A.tmp 18551 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1767.tmp 9475 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC176E.tmp 18566 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC176F.tmp 18667 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1770.tmp 9430 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1777.tmp 18536 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1778.tmp 18546 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1779.tmp 9446 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC177A.tmp 9448 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC177D.tmp 18612 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC177E.tmp 18557 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1783.tmp 18613 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC146A.tmp 18582 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1477.tmp 18630 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1785.tmp 9470 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1786.tmp 18563 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1787.tmp 9438 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC178A.tmp 18593 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC178D.tmp 18627 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1790.tmp 9454 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1791.tmp 9461 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1796.tmp 18525 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1799.tmp 9481 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17AA.tmp 18545 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17AB.tmp 18565 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17AC.tmp 18517 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17B3.tmp 18550 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17B4.tmp 18566 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17B5.tmp 18544 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17B6.tmp 18568 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17B7.tmp 18624 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17B8.tmp 9467 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC17BB.tmp 18586 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\17F.tmp 146432 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\1AE.tmp 146432 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\2165994224.exe 182273 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\2428930744.exe 182273 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\3081131713.exe 182273 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\3172226644.exe 182273 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1508.tmp 18585 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1525.tmp 18625 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1527.tmp 9465 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1528.tmp 18562 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1529.tmp 18530 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1533.tmp 9477 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC1539.tmp 18616 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\3172539144.exe 20481 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\3174101644.exe 20481 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\3175910395.exe 182273 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\3206273434.exe 182273 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\3882804290.exe 182273 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\3911148348.exe 182273 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\399.exe 51200 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\3999068830.exe 182273 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\422.tmp 146432 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\43gcjvgahnu44.ths 487424 bytes executable
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC15DB.tmp 18542 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC15DF.tmp 18595 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC15E0.tmp 18588 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC15E1.tmp 18600 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC15E2.tmp 18550 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC15E8.tmp 18579 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC15E9.tmp 18521 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC15EA.tmp 18575 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC15F0.tmp 18606 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC15F2.tmp 18535 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC15F5.tmp 18565 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC15F6.tmp 18558 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC15F7.tmp 18549 bytes
File C:\Documents and Settings\Andyman\Local Settings\Temp\CC15FD.tmp 9462 bytes
File C:\i386\symndis.sys (size mismatch) 47192/182656 bytes executable
File C:\i386\ndis.sys (size mismatch) 182912/182656 bytes executable
File C:\WINDOWS\system32\drivers\UACpjnridwydroruow.sys 52224 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\drivers\UACpxtewbchevputxy.sys 52224 bytes executable
File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 212224/182656 bytes executable
File C:\WINDOWS\system32\drivers\symndis.sys (size mismatch) 47192/182656 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\dllcache\ndis.sys (size mismatch) 212224/182656 bytes executable
File C:\WINDOWS\system32\UACeoegrerlydaaiva.dll 19968 bytes executable
File C:\WINDOWS\system32\UACgqpxxfmyhxudauw.log 4877 bytes
File C:\WINDOWS\system32\UACimrdbbgomqfulhy.dll 24064 bytes executable
File C:\WINDOWS\system32\uacinit.dll 5749 bytes
File C:\WINDOWS\system32\UACnsiuaqpwhlnusel.dat 224 bytes
File C:\WINDOWS\system32\UAConotskuobtdfmpq.dll 66560 bytes
File C:\WINDOWS\system32\UACoqqvpxuiqjkcdot.dll 17408 bytes executable
File C:\WINDOWS\system32\UACtgskwkadqlrklkc.dll 19968 bytes executable

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (NDIS Filter Driver/Symantec Corporation) [MANUAL] SYMNDIS <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

#8
kahdah

Posted 06 June 2009 - 05:42 PM

GeekU Teacher

Retired Staff
15,822 posts

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image

--------------------------------------------------------------------
Please disable your antivirus before attempting to run Combofix,also do install the recovery console if asked.

Double click on Combo-Fix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt

#9
NAVYVET

Posted 06 June 2009 - 07:59 PM

Member

Topic Starter
Member
18 posts

Mozilla doesn't give me an option to change the name before I save it. Trying to download it in IE results in an instant lock up. It is a hard lock, so bad I have to turn off the laptop.

I tried downloading it on another laptop and saving it on his laptop across the network. That worked. I double click and I get hard drive activity for a few seconds and then a small error box pops up. There is no indication of what error it is as all that pops up is a small box with ERROR in the top of it, a bubble with a question mark in it and an ok button. Clicking on the ok button makes the box go away and causes the Combo-Fix.exe icon to go away or delete itself. I looked in the recycle bin and all that is there is a Combo-Fix prefetch file.

#10
kahdah

Posted 06 June 2009 - 08:01 PM

GeekU Teacher

Retired Staff
15,822 posts

No it will not run because you have a Virut infection.
See details below:

VIRUT

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
https://forums2.syma...age/ba-p/388834
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.

http://home.mcafee.c...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)

What this means is we cannot proceed with any sort of fix as your legitimate files have already been corrupted and this action is, unfortunately, irreversible. I apologize but there is nothing else I can do or advise to completely clear your machine. You must reformat your pc to rid yourself of this deadly virus.