generic host win32 svhosts runtime16 errors cant read memory items

[fistandantilus]

general mayham the computer is xp here are the logs thank you in advance for any help you people are awsome for helping dummies like myself.

[recovering disk space - old attachment deleted by admin]

[fistandantilus]

also sorry i hope ididnt bump seeing as it was just a second ago i posted for like three days when ui started up the computer it would just display background i would have to manul start explorer through the process menue accessed by pressing ctrl alt delete.
sorry dfid not mean to bump

[fistandantilus]

hey i tried to upload the logs apparently it didnt work so i will paste and copy sorry guys

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/26/2010 at 01:31 PM

Application Version : 4.39.1002

Core Rules Database Version : 5122
Trace Rules Database Version: 2934

Scan type       : Complete Scan
Total Scan Time : 01:52:04

Memory items scanned      : 528
Memory threats detected   : 4
Registry items scanned    : 8848
Registry threats detected : 1669
File items scanned        : 62503
File threats detected     : 22

Adware.Vundo/Variant-Bx
   C:\WINDOWS\SYSTEM32\EYAQCLT.DLL
   C:\WINDOWS\SYSTEM32\EYAQCLT.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{555CCDAB-AB87-4324-8070-0A467F0D072B}
   HKCR\CLSID\{555CCDAB-AB87-4324-8070-0A467F0D072B}
   HKCR\CLSID\{555CCDAB-AB87-4324-8070-0A467F0D072B}
   HKCR\CLSID\{555CCDAB-AB87-4324-8070-0A467F0D072B}#Version
   HKCR\CLSID\{555CCDAB-AB87-4324-8070-0A467F0D072B}#Flags
   HKCR\CLSID\{555CCDAB-AB87-4324-8070-0A467F0D072B}\InprocServer32
   HKCR\CLSID\{555CCDAB-AB87-4324-8070-0A467F0D072B}\InprocServer32#ThreadingModel
   HKCR\CLSID\{555CCDAB-AB87-4324-8070-0A467F0D072B}\ProgID
   HKCR\Kbwqgvhp
   HKCR\Kbwqgvhp#TimeStamp
   HKCR\Kbwqgvhp\CLSID
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{555CCDAB-AB87-4324-8070-0A467F0D072B}
   HKU\S-1-5-21-823518204-1644491937-682003330-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{555CCDAB-AB87-4324-8070-0A467F0D072B}
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{555CCDAB-AB87-4324-8070-0A467F0D072B}
   HKLM\System\ControlSet001\Services\bxsucnpz
   HKLM\System\ControlSet001\Enum\Root\LEGACY_bxsucnpz
   HKLM\System\ControlSet003\Services\bxsucnpz
   HKLM\System\ControlSet003\Enum\Root\LEGACY_bxsucnpz
   HKLM\System\CurrentControlSet\Services\bxsucnpz
   HKLM\System\CurrentControlSet\Enum\Root\LEGACY_bxsucnpz

Trojan.Agent/Gen-FakeAlert[Pamela]
   C:\WINDOWS\SYSTEM32\BNKUHILU.DLL
   C:\WINDOWS\SYSTEM32\BNKUHILU.DLL
   HKLM\System\ControlSet001\Services\lanmanserver
   HKLM\System\ControlSet001\Enum\Root\LEGACY_lanmanserver
   HKLM\System\ControlSet003\Services\lanmanserver
   HKLM\System\ControlSet003\Enum\Root\LEGACY_lanmanserver
   HKLM\System\CurrentControlSet\Services\lanmanserver
   HKLM\System\CurrentControlSet\Enum\Root\LEGACY_lanmanserver

Trojan.Agent/Gen-Falcomp
   C:\WINDOWS\TEMP\AFTGGDKY.EXE
   C:\WINDOWS\TEMP\AFTGGDKY.EXE

Trojan.Agent/Gen-Koobface
   C:\WINDOWS\TEMP\GGKTPFG.EXE
   C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23987] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10195] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25479] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10211] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11613] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9403] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26544] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6512] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31138] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30473] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21720] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22521] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3282] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10790] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [558] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19783] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [237] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4678] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6467] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3576] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17545] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21359] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [285] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23122] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26113] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14871] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22129] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4864] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17791] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20863] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6473] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15019] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28824] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [798] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21501] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3139] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18915] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [471] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32316] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32158] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13082] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12973] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2550] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24923] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3030] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12427] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23520] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30865] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21016] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31863] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15991] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11728] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18762] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1797] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23678] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4858] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7706] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30816] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23706] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12651] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21966] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [209] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8209] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23274] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5459] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21398] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22363] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15745] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15423] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32568] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2811] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31836] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1922] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2392] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19537] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20967] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23056] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1928] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32650] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17682] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11477] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17725] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2456] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3859] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15165] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18538] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17065] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14992] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21131] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5753] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17175] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17731] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25457] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25381] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13944] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27476] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12044] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17469] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13780] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31417] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24546] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22527] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28530] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20323] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29446] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24088] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6446] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1852] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9333] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25818] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [695] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12393] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29119] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12864] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22124] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10058] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24464] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7472] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28694] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13261] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [291] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15083] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8847] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18844] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32731] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24355] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [984] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12077] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19422] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12481] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21468] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3871] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1196] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1666] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2359] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12329] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26489] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9579] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26423] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8662] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29201] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32355] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4138] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5022] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24219] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27673] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8301] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20579] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12208] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17032] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2860] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24622] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27039] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24033] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10326] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16197] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7150] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17561] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11974] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [787] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18532] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4029] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27962] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28709] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32082] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10435] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12852] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30980] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9715] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19057] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3728] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16901] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5383] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24525] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22424] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21884] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4372] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12918] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [826] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31766] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9305] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1099] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10222] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17567] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [738] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [771] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31793] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19837] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31645] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3920] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18735] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19051] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27324] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10086] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5240] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5966] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1017] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1791] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16115] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3641] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15007] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22075] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28323] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12508] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16896] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20186] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8094] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8841] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15472] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1819] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4542] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26723] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14986] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10969] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15875] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32142] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [340] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23144] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22904] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32273] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28536] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31902] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21234] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6567] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16622] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31629] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19400] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27646] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9038] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13589] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14473] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [902] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17873] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20071] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11400] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14336] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26140] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13447] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28153] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1306] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3722] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [716] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19777] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7548] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25648] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31951] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13234] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21425] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17190] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27983] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2174] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6643] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15766] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16568] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19139] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3762] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2823] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9099] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6233] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20803] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13938] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25305] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18468] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19679] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28350] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23302] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15101] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20858] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13884] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11297] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26778] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28727] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22418] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32240] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [422] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4651] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26085] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31842] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5267] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3713] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18805] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25141] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8225] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9791] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28688] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18839] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28208] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5219] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27837] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7833] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19913] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6403] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24121] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27057] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9190] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1011] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3631] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2490] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14293] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13070] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2070] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19215] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20645] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16574] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14670] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18811] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2474] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22958] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17403] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2135] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3865] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16137] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23095] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27564] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18954] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5246] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29207] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23821] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14849] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28022] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4760] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17147] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23836] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31095] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17998] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5857] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32655] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26532] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25360] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24710] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25567] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4514] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21747] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9300] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12214] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23881] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14664] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7335] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7341] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31821] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32513] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30276] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31678] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18435] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5273] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1721] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32328] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9339] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31957] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11953] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30194] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12432] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12274] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8989] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11925] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26827] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18647] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17257] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22248] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30931] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [874] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8765] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21283] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22767] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29015] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1126] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15477] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21671] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1585] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5726] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22157] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9873] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23569] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23548] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3051] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10010] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14479] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23602] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5868] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5677] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29638] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24252] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15280] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28454] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5191] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27728] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14184] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1317] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25114] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8264] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28093] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5732] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25093] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6151] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11112] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23766] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19340] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [127] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17463] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17360] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16650] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29932] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19182] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14397] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1949] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12733] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18380] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20666] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7314] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13507] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27045] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14130] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6610] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24601] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11440] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7505] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10468] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7439] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10948] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16513] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20350] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32382] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1181] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19476] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27755] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4842] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24780] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8061] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30685] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22479] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7019] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30597] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15903] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7636] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [346] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6539] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30603] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19221] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23362] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7025] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27509] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8437] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25937] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8416] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5878] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1120] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18429] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21665] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16738] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9982] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24689] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7887] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9044] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15210] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25970] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13823] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12596] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18544] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31526] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19242] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14916] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16814] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14767] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3767] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29975] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1345] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15232] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8634] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4208] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17764] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2332] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2228] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1518] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14801] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4050] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32033] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19586] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16853] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22500] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5699] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3161] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3604] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13960] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22014] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10250] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31034] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3172] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29981] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [477] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8558] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12700] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25327] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13316] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27995] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14806] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32088] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6336] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24983] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23711] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [67] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9709] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27619] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8792] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5486] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31171] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8449] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5420] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8929] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14494] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15651] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16422] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6594] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32388] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2556] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31253] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32137] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22151] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6163] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27907] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21562] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25840] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11777] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5043] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15150] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6943] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7924] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32622] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12754] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2441] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23772] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1551] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22937] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7827] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24258] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11652] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2168] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5152] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12111] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27640] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7253] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29076] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4117] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13459] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4509] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25375] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32552] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17916] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25806] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31259] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16285] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22670] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13698] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10365] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13301] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18483] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7484] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14440] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18577] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32464] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14375] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14713] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22849] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9360] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9257] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28126] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24956] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26413] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27597] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3680] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1142] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4056] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2010] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25916] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19291] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3473] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8956] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20241] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31089] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32213] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30357] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5398] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21616] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31979] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20056] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19030] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11947] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22473] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15013] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26222] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29212] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1436] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1360] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11276] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12624] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5301] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6676] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7690] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7915] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29249] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14828] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7745] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18975] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18599] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9900] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2408] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18702] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25992] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8471] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5933] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22042] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17824] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28077] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3440] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21458] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7641] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30664] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7429] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10283] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16923] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24230] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9235] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3057] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7936] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30385] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4193] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12083] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4199] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3822] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28415] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18511] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [367] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10113] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12062] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [519] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13911] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5950] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13671] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20824] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1339] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30582] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26996] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32148] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8640] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32765] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11036] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31192] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11619] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12089] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4351] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11968] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12569] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10304] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8695] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3227] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12296] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20536] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30369] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28050] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6130] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13207] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8334] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16443] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14260] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8383] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22102] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21453] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [73] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10893] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32470] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1263] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [504] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7052] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16476] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20994] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30281] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3570] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22020] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4235] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14779] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31286] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3510] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3434] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13349] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28214] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2544] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30199] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20891] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22266] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9655] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16012] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1639] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23247] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23253] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6588] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29070] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7532] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10359] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28405] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16121] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7259] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14549] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29796] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27258] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1475] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24115] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6381] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25442] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21780] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26817] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10016] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28967] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5704] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28754] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31608] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25976] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14725] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21082] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22293] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31122] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6245] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6354] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15723] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16972] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22724] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3843] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19695] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17976] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24580] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2981] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4520] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18462] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32759] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14910] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2905] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29294] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14081] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2125] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16367] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13693] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14163] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19941] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27558] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14643] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25894] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24285] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [395] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27886] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30828] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9071] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1524] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28578] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29659] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5000] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16334] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32055] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29708] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24176] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23526] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32218] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1776] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22588] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21829] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9126] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18550] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9551] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5644] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24404] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14855] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31635] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15466] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16978] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28885] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29604] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21371] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13164] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14369] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8716] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23663] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24656] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24334] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4548] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25272] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25964] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14172] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17922] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19406] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18729] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [531] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15238] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22752] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21659] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5322] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18331] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14609] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25867] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27707] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13999] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23854] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15374] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31341] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17524] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7778] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17011] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29993] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7554] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24944] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3069] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31335] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7499] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18969] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2714] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5076] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12247] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4891] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21926] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16230] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22506] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20596] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19947] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20934] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9005] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15554] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10025] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1961] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17627] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3527] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4144] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5049] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15183] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28988] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2577] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21823] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2720] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27749] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25147] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16732] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19118] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12694] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1257] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19385] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11145] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17136] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28797] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3838] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18216] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26325] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7957] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23356] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23308] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15204] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11734] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16613] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13109] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15799] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13650] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30876] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7396] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13453] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12961] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3412] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8400] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20618] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15308] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14026] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5328] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2927] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28857] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30041] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31471] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13213] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12891] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25873] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16246] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6479] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31231] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23951] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10244] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20268] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9846] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11406] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23979] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20426] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31405] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5623] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29064] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29774] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1530] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7068] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28836] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15751] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1224] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [133] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14567] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18872] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16935] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15456] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26440] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32579] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29376] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10413] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [619] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14321] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20105] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7991] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20257] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [880] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25688] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7128] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7794] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29644] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17654] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8024] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16765] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5601] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9387] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19734] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7123] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11810] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18168] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23897] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18310] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10571] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27221] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16525] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16880] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1940] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [553] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16847] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2207] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26735] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29589] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5671] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28426] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19428] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1038] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22664] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30069] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19646] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1885] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12951] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28699] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31389] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9988] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [225] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3734] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28551] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10511] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32443] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19613] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1873] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25518] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28071] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29501] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10474] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28612] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19412] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12411] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19701] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8018] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17141] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23553] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18195] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11051] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10702] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2059] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9785] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9463] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7526] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14457] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14953] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12356] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31663] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8750] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31450] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18238] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4308] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22549] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22964] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3124] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19008] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4013] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14998] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25163] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3625] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25633] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13022] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22555] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20918] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18359] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19346] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5006] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13966] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15396] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [373] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29556] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28083] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31046] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16519] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22713] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [79] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27400] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [990] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27941] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10408] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28372] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13185] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13404] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [215] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11200] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30014] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10714] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24765] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27209] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2250] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30145] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6370] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26407] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2517] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2468] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17475] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28541] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11521] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14211] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32279] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25578] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15815] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10037] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19324] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24890] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26101] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6069] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32546] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18173] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25245] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21856] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5574] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26064] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24950] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2234] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8923] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31924] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7183] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5978] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23505] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22172] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20557] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11914] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11373] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6124] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22877] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31068] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3206] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22451] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26975] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5055] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6840] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26669] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27084] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7244] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22615] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31460] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30129] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29283] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16236] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26675] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25038] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3877] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26146] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31602] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12557] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19515] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17223] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6060] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4035] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20192] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3582] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26833] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17715] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31520] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18768] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23040] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28933] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19248] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18517] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2398] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17305] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4007] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23587] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1803] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1366] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15368] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17812] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20748] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29741] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25065] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26004] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19898] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7942] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4815] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2681] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28563] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16989] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10189] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8777] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29365] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20694] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12460] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28945] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29960] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30184] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29261] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10675] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20159] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8476] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17600] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27351] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7232] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30260] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30761] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21622] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16558] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21768] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21228] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29495] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2140] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1895] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24732] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28459] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1393] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16695] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15881] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30096] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22026] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19467] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17933] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1105] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1715] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12924] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28487] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29125] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11750] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29000] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19078] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5431] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29173] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21889] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24743] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20563] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22816] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3789] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25758] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29152] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7450] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4226] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20165] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1333] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25949] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29240] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27357] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3658] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12116] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24170] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14631] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18140] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27810] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1072] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6397] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2763] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1208] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28001] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28961] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9448] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12226] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29692] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7074] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28159] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11685] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19063] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20961] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23319] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21273] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5568] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21174] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9906] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11391] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24814] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13732] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8428] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4739] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14676] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16662] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13513] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20623] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23499] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20329] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24853] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20181] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15483] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27695] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15025] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26009] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25524] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6807] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2851] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11543] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27701] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24716] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25982] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1879] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23869] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12350] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13371] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20001] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9469] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19488] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25572] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12666] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3042] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32525] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20678] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6861] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26037] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17333] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5650] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21944] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21513] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25081] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19194] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7374] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1114] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29343] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25715] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2098] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6889] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30412] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3233] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2283] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26981] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19106] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22888] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20733] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7739] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4356] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9093] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7511] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16531] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [334] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4782] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21507] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6894] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3014] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2665] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30020] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11859] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6883] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8531] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11603] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27188] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25490] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8880] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31936] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17846] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6136] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2310] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24301] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14752] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15581] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6916] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6321] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3980] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25059] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11215] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19188] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32497] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18298] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13431] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29316] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10926] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9399] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7292] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24443] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1901] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31247] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18201] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4930] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29911] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23237] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29404] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27515] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11756] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29054] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9573] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11789] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29671] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15314] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17955] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23985] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7675] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24792] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3925] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22081] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25485] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8106] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18653] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13377] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7565] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23924] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24039] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4280] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5546] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11767] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [161] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22342] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15095] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8586] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27215] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22178] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18817] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29228] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29398] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17709] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24999] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1187] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31799] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32246] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25354] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18784] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5786] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6697] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12945] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25321] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27394] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13868] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13802] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1077] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4645] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5115] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26860] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11096] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16825] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23669] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29835] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15663] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24683] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3555] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31438] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2453] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [297] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10638] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12290] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9120] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [455] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12897] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11646] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15951] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20809] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4836] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20815] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1415] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6758] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26189] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15930] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31444] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11822] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32634] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [886] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10119] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31177] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30964] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15156] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7854] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26838] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1988] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30233] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6834] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9524] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22642] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25387] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16716] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12454] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4269] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23990] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12967] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14451] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14266] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11118] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3325] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7271] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24236] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4122] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25922] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2987] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30151] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20411] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11166] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32170] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19570] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19439] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18222] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14970] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32224] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26948] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26811] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28268] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14157] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23608] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31505] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13055] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6087] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27248] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22931] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30303] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13006] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16498] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18337] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [22430] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17290] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18010] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20885] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31760] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6178] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24929] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12269] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15526] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [23471] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26954] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5747] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28356] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27439] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13486] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21726] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3418] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19521] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25251] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10146] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21971] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16067] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13033] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11510] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18741] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32677] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20776] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5535] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [12787] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1241] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25016] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30172] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17639] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [1579] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [6206] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [21349] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [32716] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25906] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19619] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [26249] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20951] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9290] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11871] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [20099] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31848] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [15189] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24531] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27030] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29425] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [935] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27449] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [646] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7326] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [17900] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [11248] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [25797] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [18932] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [19631] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27275] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16859] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29513] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31116] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27127] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [2938] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4177] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [13932] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [30691] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [962] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [434] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [14512] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10747] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [31237] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4821] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [9196] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3756] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16143] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [10298] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [27385] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [16820] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5252] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [4095] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [28852] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5835] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [3379] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [8078] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [7456] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [5279] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [29267] C:\WINDOWS\TEMP\GGKTPFG.EXE
   [24

[fistandantilus]

soooo sorry for bumping so much but every time i try to paste the hjt log it freezes so ill try to upload it again i hope this works

Also something i forgot to mention while trying to update java its says i cant remove the older version because its being used by another cd drive

[recovering disk space - old attachment deleted by admin]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

P2P - I see you have P2P software installed on your machine. (Ares) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

=============================

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

=============================

Copy and paste the text in the code box below into Notepad.

Code: [Select]

@echo off
del/f  c:\windows\system32\eyaqclt.dll
del begone.bat
exit

Then click File > Save as
Save to the Desktop as

begone.bat
And Save as type: All Files.

Double-click on begone.bat to run it.

==============================

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {555CCDAB-AB87-4324-8070-0A467F0D072B} - c:\windows\system32\eyaqclt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [4411] C:\WINDOWS\TEMP\ggktpfg.exe
NOTE. There could be many lines with this same file. If there is, click each one of them.

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

==================================

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[fistandantilus]

hey super dave first of all you are aswome second i cant seem to find any klog for combo fix also whenever it restarts my copmputer online armor seems to block its start up what should i do thanks again your the best thety really should be paying you

[SuperDave]

Please look in your C: drive for a folder called ComboFix and then search for a file named ComboFix.txt

[fistandantilus]

thanks super dave here it is
ComboFix 10-02-10.01 - Administrador 02/10/2010  12:16:01.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.34.3082.18.767.493 [GMT -6:00]
Running from: c:\documents and settings\Administrador\Escritorio\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((   Files Created from 2010-01-10 to 2010-02-10  )))))))))))))))))))))))))))))))
.

2010-02-09 20:45 . 2010-02-09 20:45   5115824   ----a-w-   c:\documents and settings\All Users\Datos de programa\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-09 19:24 . 2010-02-09 19:24   52224   ----a-w-   c:\documents and settings\Administrador\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-02 21:47 . 2010-02-02 21:47   --------   d-----w-   c:\archivos de programa\Archivos comunes\Java
2010-02-02 21:47 . 2010-02-02 21:47   503808   ----a-w-   c:\documents and settings\Administrador\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-77d6ff33-n\msvcp71.dll
2010-02-02 21:47 . 2010-02-02 21:47   499712   ----a-w-   c:\documents and settings\Administrador\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-77d6ff33-n\jmc.dll
2010-02-02 21:47 . 2010-02-02 21:47   348160   ----a-w-   c:\documents and settings\Administrador\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-77d6ff33-n\msvcr71.dll
2010-02-02 21:47 . 2010-02-02 21:47   61440   ----a-w-   c:\documents and settings\Administrador\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42e234a6-n\decora-sse.dll
2010-02-02 21:47 . 2010-02-02 21:47   12800   ----a-w-   c:\documents and settings\Administrador\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42e234a6-n\decora-d3d.dll
2010-02-02 21:10 . 2010-02-02 21:11   --------   d-----w-   c:\archivos de programa\Free Window Registry Repair
2010-02-02 20:24 . 2010-02-02 20:29   --------   d-----w-   c:\archivos de programa\Windows Live Safety Center
2010-02-01 19:36 . 2010-02-01 19:36   --------   d-----w-   c:\documents and settings\All Users\Datos de programa\Alwil Software
2010-02-01 19:22 . 2010-02-01 19:22   --------   d-----w-   c:\archivos de programa\Trend Micro
2010-02-01 16:35 . 2010-02-01 16:35   152576   ----a-w-   c:\documents and settings\Administrador\Datos de programa\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-22 03:03 . 2010-01-22 03:03   --------   d-----w-   c:\documents and settings\NetworkService\Datos de programa\Yahoo!
2010-01-20 02:27 . 2010-01-20 02:27   --------   d-----w-   c:\documents and settings\Administrador\Datos de programa\Apple Computer
2010-01-20 02:24 . 2010-01-20 02:25   --------   d-----w-   c:\archivos de programa\QuickTime
2010-01-20 02:24 . 2010-01-20 02:24   --------   d-----w-   c:\documents and settings\All Users\Datos de programa\Apple Computer
2010-01-20 02:23 . 2010-01-20 02:23   --------   d-----w-   c:\archivos de programa\Archivos comunes\Apple
2010-01-20 02:22 . 2010-01-20 02:22   --------   d-----w-   c:\archivos de programa\Apple Software Update
2010-01-20 02:22 . 2010-01-20 02:22   --------   d-----w-   c:\documents and settings\All Users\Datos de programa\Apple
2010-01-19 04:13 . 2010-02-10 02:24   --------   d-----w-   c:\documents and settings\Administrador\Datos de programa\LimeWire
2010-01-19 04:13 . 2010-01-19 04:13   --------   d-----w-   c:\archivos de programa\LimeWire

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 02:21 . 2008-10-29 06:47   1744   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-02-09 20:45 . 2009-10-23 01:43   --------   d-----w-   c:\archivos de programa\Malwarebytes' Anti-Malware
2010-02-09 20:44 . 2001-08-24 11:00   90662   ----a-w-   c:\windows\system32\perfc00A.dat
2010-02-09 20:44 . 2001-08-24 11:00   486594   ----a-w-   c:\windows\system32\perfh00A.dat
2010-02-09 19:24 . 2009-10-22 18:53   117760   ----a-w-   c:\documents and settings\Administrador\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-02 21:47 . 2008-10-29 06:45   --------   d-----w-   c:\archivos de programa\Java
2010-02-02 20:17 . 2007-11-16 11:48   --------   d-----w-   c:\archivos de programa\Alwil Software
2010-02-02 16:28 . 2010-02-02 16:28   0   ----a-w-   c:\windows\system32\BA.tmp
2010-02-02 16:28 . 2010-02-02 16:28   0   ----a-w-   c:\windows\system32\B9.tmp
2010-02-01 19:40 . 2008-10-29 06:46   --------   d-----w-   c:\archivos de programa\Google
2010-02-01 19:04 . 2009-09-30 03:02   --------   d-----w-   c:\archivos de programa\Winamp
2010-02-01 16:35 . 2009-11-10 14:43   79488   ----a-w-   c:\documents and settings\Administrador\Datos de programa\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-31 22:34 . 2009-10-22 18:52   --------   d-----w-   c:\archivos de programa\SUPERAntiSpyware
2010-01-29 14:05 . 2010-01-29 14:05   0   ----a-w-   c:\windows\system32\1E.tmp
2010-01-29 14:05 . 2010-01-29 14:05   0   ----a-w-   c:\windows\system32\1D.tmp
2010-01-28 22:09 . 2009-10-23 05:43   152672   ----a-w-   c:\windows\system32\aswBoot.exe
2010-01-28 21:57 . 2009-10-23 05:44   46672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2010-01-28 21:57 . 2009-10-23 05:44   163280   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2010-01-28 21:54 . 2009-10-23 05:44   23376   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2010-01-28 21:54 . 2009-10-23 05:44   100432   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2010-01-28 21:54 . 2009-10-23 05:44   94800   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2010-01-28 21:54 . 2009-10-23 05:44   19024   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2010-01-28 21:53 . 2009-10-23 05:44   28240   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2010-01-19 11:57 . 2009-10-23 05:44   38848   ----a-w-   c:\windows\system32\avastSS.scr
2010-01-07 22:07 . 2009-10-23 01:44   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-10-23 01:43   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-12-17 23:14 . 2008-10-29 06:46   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-12-01 03:25 . 2009-12-01 03:25   0   ----a-w-   c:\windows\nsreg.dat
2008-10-14 15:13 . 2008-10-14 15:13   2578   --sh--r-   c:\archivos de programa\Archivos comunes\081014171349.html
2008-10-13 22:21 . 2008-10-13 22:21   40366   --sh--r-   c:\archivos de programa\Archivos comunes\081014002159.html
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]
2007-10-28 21:45   1502232   ----a-w-   c:\archivos de programa\Spesoft\tbSpes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}"= "c:\archivos de programa\Spesoft\tbSpes.dll" [2007-10-28 1502232]

[HKEY_CLASSES_ROOT\clsid\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Messenger (Yahoo!)"="c:\archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\archivos de programa\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\archivos de programa\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avast5"="c:\archiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-28 2757512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Administrador\Men£ Inicio\Programas\Inicio\
LimeWire On Startup.lnk - c:\archivos de programa\LimeWire\LimeWire.exe [2009-12-16 503808]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Service Manager.lnk - c:\archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   ----a-w-   c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menś Inicio^Programas^Inicio^Inicio rįpido de Adobe Reader.lnk]
backup=c:\windows\pss\Inicio rįpido de Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 04:55   54832   ----a-w-   c:\archivos de programa\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44   3883856   ----a-w-   c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 21:10   56928   ------w-   c:\archivos de programa\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\All Users\\Datos de programa\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\spanish\\setup.exe"=
"c:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/22/2009 11:44 PM 163280]
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 8:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 8:24 PM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/22/2009 11:44 PM 19024]
S2 gupdate;Google Update Service (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [2/1/2010 1:37 PM 133104]
S3 SASENUM;SASENUM;c:\archivos de programa\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 8:24 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-01 19:37]

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-01 19:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/?fr=fp-yma2
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Search
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 12:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-1644491937-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{70352449-10B9-4B1A-6E17-25888A073CF1}*]
"hajknalopikdjppk"=hex:69,61,65,68,6b,6b,61,6a,6d,6c,68,62,64,63,6d,6d,67,6f,
   00,00
"iadllcfbepggbpknda"=hex:6a,61,65,68,6e,6b,6a,69,70,6d,6a,66,69,61,66,63,6d,61,
   64,6e,00,6a

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|’’’’"•€|ž»Ńw*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3224)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-10  12:24:39
ComboFix-quarantined-files.txt  2010-02-10 18:24
ComboFix2.txt  2010-02-10 02:26

Pre-Run: 19,202,822,144 bytes libres
Post-Run: 19,176,247,296 bytes libres

- - End Of File - - 834A5C96305DEFCEB71DAB4B78E880F4

[SuperDave]

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  File::
  c:\windows\system32\BA.tmp
  c:\windows\system32\B9.tmp
  c:\windows\system32\1E.tmp
  c:\windows\system32\1D.tmp
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

============================

P2P - I see you have P2P software installed on your machine. (LimeWire) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

=====================================

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners

If you agree, please uninstall Free Window Registry Repair

================================

[fistandantilus]

ComboFix 10-06-27.06 - Administrador 07/01/2010  13:55:31.5.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.34.3082.18.767.495 [GMT -5:00]
Running from: c:\documents and settings\Administrador\Escritorio\commy.exe
Command switches used :: c:\documents and settings\Administrador\Escritorio\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

FILE ::
"c:\windows\system32\1D.tmp"
"c:\windows\system32\1E.tmp"
"c:\windows\system32\B9.tmp"
"c:\windows\system32\BA.tmp"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GWUQDCNK
-------\Service_bxsucnpz
-------\Service_gwuqdcnk
-------\Legacy_GWUQDCNK
-------\Service_gwuqdcnk


(((((((((((((((((((((((((   Files Created from 2010-06-01 to 2010-07-01  )))))))))))))))))))))))))))))))
.

2010-06-29 02:42 . 2010-05-06 10:33   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll
2010-06-29 02:36 . 2010-06-29 08:03   --------   d--h--w-   c:\windows\$hf_mig$
2010-06-26 23:04 . 2010-06-26 23:04   --------   d-----w-   c:\archivos de programa\Archivos comunes\Java
2010-06-26 20:17 . 2010-04-29 20:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-26 20:17 . 2010-06-26 20:17   --------   d-----w-   c:\archivos de programa\Malwarebytes' Anti-Malware
2010-06-26 20:17 . 2010-04-29 20:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-06-26 16:22 . 2010-06-26 16:22   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2010-06-26 16:20 . 2010-06-26 16:20   --------   d-sh--w-   c:\documents and settings\LocalService\PrivacIE
2010-06-26 16:19 . 2010-06-26 16:19   --------   d-----w-   c:\windows\system32\config\systemprofile\Datos de programa\Yahoo!
2010-06-26 16:19 . 2010-06-26 16:19   --------   d-----r-   c:\documents and settings\LocalService\Favoritos
2010-06-26 15:49 . 2007-05-16 21:45   3497832   ----a-w-   c:\windows\system32\d3dx9_34.dll
2010-06-26 15:48 . 2010-06-26 15:48   --------   d-----w-   c:\windows\Logs
2010-06-26 14:55 . 2010-06-26 14:55   --------   d-----w-   C:\Heroes of Might and Magic V - Collectors Edition
2010-06-26 03:48 . 2010-06-26 08:58   --------   d-----w-   c:\documents and settings\All Users\Datos de programa\OnlineArmor
2010-06-26 03:48 . 2010-06-26 03:49   --------   d-----w-   c:\documents and settings\Administrador\Datos de programa\OnlineArmor
2010-06-26 03:47 . 2010-04-20 09:13   24440   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2010-06-26 03:47 . 2010-04-20 09:13   29560   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2010-06-26 03:47 . 2010-04-20 09:13   228216   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2010-06-26 03:47 . 2010-06-26 03:47   --------   d-----w-   c:\archivos de programa\Tall Emu
2010-06-25 14:00 . 2010-06-25 14:00   --------   d-----w-   c:\documents and settings\All Users\Datos de programa\Blizzard
2010-06-25 04:18 . 2010-07-01 08:02   --------   d-sh--w-   c:\windows\Installer
2010-06-25 02:03 . 2010-06-25 02:03   --------   d-----w-   c:\documents and settings\LocalService\Datos de programa\Yahoo!
2010-06-24 18:03 . 2010-06-24 18:03   --------   d-----w-   c:\archivos de programa\SpaceMonger
2010-06-24 18:03 . 2010-06-24 18:03   --------   d-----w-   c:\documents and settings\Administrador\Datos de programa\SpaceMonger
2010-06-21 00:24 . 2010-06-21 00:24   --------   d-----w-   c:\archivos de programa\GameSpy Arcade
2010-06-21 00:22 . 2010-06-21 00:22   --------   d-----w-   c:\archivos de programa\directx
2010-06-19 16:33 . 2010-06-19 16:33   --------   d-----w-   c:\archivos de programa\Archivos comunes\xing shared
2010-06-14 23:30 . 2010-06-14 23:30   --------   d--h--r-   c:\documents and settings\NetworkService\Reciente
2010-06-13 15:10 . 2010-06-13 15:10   --------   d-----w-   c:\archivos de programa\Black Isle
2010-06-13 14:41 . 1996-09-30 07:32   9728   ----a-w-   c:\windows\system\rnaph.dll
2010-06-13 14:41 . 1996-08-16 08:44   87552   ----a-w-   c:\windows\system\url.dll
2010-06-13 02:30 . 2010-06-13 02:30   --------   d-----w-   c:\documents and settings\Administrador\WINDOWS
2010-06-13 00:11 . 2010-06-13 00:11   691696   ----a-w-   c:\windows\system32\drivers\sptd.sys
2010-06-13 00:10 . 2010-06-13 00:26   --------   d-----w-   c:\documents and settings\Administrador\Datos de programa\DAEMON Tools Lite
2010-06-13 00:10 . 2010-06-13 00:10   --------   d-----w-   c:\documents and settings\All Users\Datos de programa\DAEMON Tools Lite
2010-06-12 17:04 . 2010-06-12 17:09   --------   d-----w-   c:\documents and settings\NetworkService\Datos de programa\Azureus
2010-06-12 17:02 . 2010-06-12 17:02   --------   d-----w-   c:\documents and settings\All Users\Datos de programa\Azureus
2010-06-12 17:02 . 2010-07-01 18:51   --------   d-----w-   c:\documents and settings\Administrador\Datos de programa\Azureus
2010-06-12 17:01 . 2010-06-13 00:27   --------   d-----w-   c:\archivos de programa\Azureus
2010-06-12 00:13 . 2010-06-12 00:13   --------   d-----r-   c:\documents and settings\NetworkService\Favoritos
2010-06-05 21:21 . 2010-06-05 21:21   --------   d-----w-   c:\windows\wb
2010-06-04 03:11 . 2010-06-19 16:33   --------   d-----w-   c:\archivos de programa\Real
2010-06-04 03:11 . 2010-06-19 16:35   --------   d-----w-   c:\archivos de programa\Archivos comunes\Real

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 04:40 . 2008-10-29 06:47   1744   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-06-26 16:37 . 2010-06-26 16:37   63488   ----a-w-   c:\documents and settings\Administrador\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-26 16:37 . 2009-10-22 18:53   117760   ----a-w-   c:\documents and settings\Administrador\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-26 04:44 . 2009-02-02 12:11   --------   d--h--w-   c:\archivos de programa\InstallShield Installation Information
2010-06-26 03:48 . 2001-08-24 11:00   95468   ----a-w-   c:\windows\system32\perfc00A.dat
2010-06-26 03:48 . 2001-08-24 11:00   515776   ----a-w-   c:\windows\system32\perfh00A.dat
2010-06-25 14:49 . 2009-09-04 23:07   --------   d-----w-   c:\archivos de programa\DOSBox-0.72
2010-06-24 17:22 . 2009-06-04 21:43   --------   d-----w-   c:\archivos de programa\Sony
2010-06-24 17:20 . 2009-06-04 21:45   --------   d-----w-   c:\documents and settings\Administrador\Datos de programa\Sony
2010-06-24 17:20 . 2009-06-04 21:46   --------   d-----w-   c:\archivos de programa\VSTplugins
2010-06-24 17:17 . 2009-10-08 03:33   --------   d-----w-   c:\archivos de programa\Archivos comunes\AVSMedia
2010-06-24 17:17 . 2009-10-08 03:33   --------   d-----w-   c:\archivos de programa\AVS4YOU
2010-06-23 20:53 . 2009-10-22 18:52   --------   d-----w-   c:\archivos de programa\SUPERAntiSpyware
2010-06-19 16:35 . 2010-06-19 16:35   45056   ----a-w-   c:\documents and settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-19 16:35 . 2010-06-19 16:35   45056   ----a-w-   c:\documents and settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-19 16:35 . 2010-06-19 16:35   45056   ----a-w-   c:\documents and settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-19 16:35 . 2010-06-19 16:35   45056   ----a-w-   c:\documents and settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-19 16:35 . 2010-06-19 16:35   49152   ----a-w-   c:\documents and settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-19 16:35 . 2010-06-19 16:35   308808   ----a-w-   c:\documents and settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-19 16:35 . 2010-06-19 16:35   14848   ----a-w-   c:\documents and settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-19 16:35 . 2010-06-19 16:35   40960   ----a-w-   c:\documents and settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-19 16:35 . 2010-06-19 16:35   341600   ----a-w-   c:\documents and settings\All Users\Datos de programa\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-19 16:32 . 2007-11-16 11:48   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2010-06-19 16:07 . 2009-02-02 11:51   --------   d-----w-   c:\archivos de programa\Windows Media Connect 2
2010-06-10 15:15 . 2008-10-29 06:46   --------   d-----w-   c:\archivos de programa\Google
2010-06-10 15:15 . 2010-02-02 21:10   --------   d-----w-   c:\archivos de programa\Free Window Registry Repair
2010-06-06 00:46 . 2009-06-04 21:46   --------   d-----w-   c:\documents and settings\Administrador\Datos de programa\Publish Providers
2010-05-28 15:07 . 2010-05-28 15:07   503808   ----a-w-   c:\documents and settings\Administrador\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-39d165e1-n\msvcp71.dll
2010-05-28 15:07 . 2010-05-28 15:07   499712   ----a-w-   c:\documents and settings\Administrador\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-39d165e1-n\jmc.dll
2010-05-28 15:07 . 2010-05-28 15:07   348160   ----a-w-   c:\documents and settings\Administrador\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-39d165e1-n\msvcr71.dll
2010-05-28 15:07 . 2010-05-28 15:07   61440   ----a-w-   c:\documents and settings\Administrador\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4512c229-n\decora-sse.dll
2010-05-28 15:07 . 2010-05-28 15:07   12800   ----a-w-   c:\documents and settings\Administrador\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4512c229-n\decora-d3d.dll
2010-05-06 20:59 . 2009-10-23 05:43   165032   ----a-w-   c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2009-10-23 05:44   46672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-10-23 05:44   164048   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-10-23 05:44   23376   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2009-10-23 05:44   100432   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2009-10-23 05:44   94800   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2009-10-23 05:44   19024   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2009-10-23 05:44   28880   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:33 . 2004-08-19 13:42   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-05-02 08:07 . 2004-08-19 13:30   1851392   ----a-w-   c:\windows\system32\win32k.sys
2010-04-21 16:53 . 2007-11-16 10:52   86327   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-20 05:31 . 2004-08-19 13:38   285696   ----a-w-   c:\windows\system32\atmfd.dll
2010-04-14 16:47 . 2009-10-23 05:44   38848   ----a-w-   c:\windows\system32\avastSS.scr
2008-10-14 15:13 . 2008-10-14 15:13   2578   --sh--r-   c:\archivos de programa\Archivos comunes\081014171349.html
2008-10-13 22:21 . 2008-10-13 22:21   40366   --sh--r-   c:\archivos de programa\Archivos comunes\081014002159.html
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]
2007-10-28 21:45   1502232   ----a-w-   c:\archivos de programa\Spesoft\tbSpes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}"= "c:\archivos de programa\Spesoft\tbSpes.dll" [2007-10-28 1502232]

[HKEY_CLASSES_ROOT\clsid\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Messenger (Yahoo!)"="c:\archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\archiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"@OnlineArmor GUI"="c:\archivos de programa\Tall Emu\Online Armor\oaui.exe" [2010-04-20 6678008]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" [2010-06-19 202256]
"DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\archiv~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-04-20 925688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   ----a-w-   c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi6"=sfvmr.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menś Inicio^Programas^Inicio^Inicio rįpido de Adobe Reader.lnk]
backup=c:\windows\pss\Inicio rįpido de Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 04:55   54832   ----a-w-   c:\archivos de programa\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44   3883856   ----a-w-   c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 21:10   56928   ------w-   c:\archivos de programa\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Datos de programa\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\spanish\\setup.exe"=
"c:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Azureus\\Azureus.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/23/2009 12:44 AM 164048]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [6/25/2010 10:47 PM 228216]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [6/25/2010 10:47 PM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [6/25/2010 10:47 PM 29560]
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS [10/12/2009 9:24 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 67656]
R1 sfvmr;sfvmr;c:\windows\system32\drivers\sfvmr.sys [4/3/2010 3:32 PM 11584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/23/2009 12:44 AM 19024]
R2 OAcat;Online Armor Helper Service;c:\archivos de programa\Tall Emu\Online Armor\oacat.exe [6/25/2010 10:47 PM 1284600]
S0 hktmoqi;hktmoqi;

S2 SvcOnlineArmor;Online Armor;c:\archivos de programa\Tall Emu\Online Armor\oasrv.exe [6/25/2010 10:47 PM 3364856]
S3 SASENUM;SASENUM;c:\archivos de programa\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 12872]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/12/2010 7:11 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-07-01 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]

2010-07-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1644491937-682003330-500.job
- c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-07-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1644491937-682003330-500.job
- c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-07-01 c:\windows\Tasks\User_Feed_Synchronization-{BED322EF-4B97-4629-815C-532228394031}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]

2010-07-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-23 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ares - c:\archivos de programa\Ares\Ares.exe
HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 14:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,a0,c1,bd,7f,38,fa,47,ba,4a,fe,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,a0,c1,bd,7f,38,fa,47,ba,4a,fe,\

[HKEY_USERS\S-1-5-21-823518204-1644491937-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,33,87,e1,95,c8,21,49,92,46,16,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,33,87,e1,95,c8,21,49,92,46,16,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222 A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,33,87,e1,95,c8,21,49,92,46,16,\

[HKEY_USERS\S-1-5-21-823518204-1644491937-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0C3C2942-48E3-F1A5-8404-1A9ECE8DAA33}*]
"galmnjgagljkdg"=hex:61,63,6c,6c,6e,6f,65,6f,6f,6a,6a,70,69,62,64,6d,6a,6e,6a,
   6e,6b,6e,68,6f,63,66,61,63,68,6b,69,6c,6f,69,6e,67,65,63,68,6d,69,6e,6b,64,\

[HKEY_USERS\S-1-5-21-823518204-1644491937-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{70352449-10B9-4B1A-6E17-25888A073CF1}*]
"hajknalopikdjppk"=hex:6a,61,65,68,6d,6b,63,69,68,65,61,63,6f,70,6c,65,6b,67,
   66,67,00,6a
"iadllcfbepggbpknda"=hex:6a,61,65,68,6e,6b,6a,69,70,6d,6a,66,69,61,66,63,6d,61,
   64,6e,00,6a

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|’’’’"•€|ž»Ńw*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(444)
c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(284)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Alwil Software\Avast5\AvastSvc.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\archivos de programa\CyberLink\Shared Files\RichVideo.exe
c:\archivos de programa\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2010-07-01  14:17:08 - machine was rebooted
ComboFix-quarantined-files.txt  2010-07-01 19:17
ComboFix2.txt  2010-02-10 18:24

Pre-Run: 13,864,103,936 bytes libres
Post-Run: 13,883,006,976 bytes libres

- - End Of File - - BD8E75F2A8773CF18FAE4FDD785856AC

[SuperDave]

P2P - I see you have P2P software installed on your machine. (Azureus ) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

======================================

How is your computer running now?

I'd like us to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[fistandantilus]

it is running alot better no more win 32 errors or cant read memory items or anything
thanks a million superdave about the p2p programs i had already removed ares and limewire and put on azureus what was showing up that i coould find was the instant access icons so i removed them the way im going to handle azureus is anything i download im going to hav avast running to try to catch anything harmful comming in and after its completed downloading im going to scan with malwarebytes and avast to make sure its clean any other suggestions would be great here is the eset log you requested it found 2 trojans oh and the thing about azurues is that i am from florida but i live in mexico so alot of the watch american tv onling programs dont work here and if i dont watch some family guy or simpsons at the end of the day i am going to end up killing someone but i promise you like sex ill try to keep it as safe as possible

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f28f1fbd1ead97458e55ea44bfc42407
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-02 05:14:26
# local_time=2010-07-02 12:14:26 (-0600, Hora de verano de México)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 12909755 12909755 0 0
# compatibility_mode=768 16777175 100 0 12820057 12820057 0 0
# compatibility_mode=6401 16777213 66 100 0 5366586 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=49099
# found=2
# cleaned=2
# scan_time=2966
C:\Qoobox\32788R22FWJFW\dmio.sys   Win32/Olmarik.ZC trojan (cleaned - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{2EF8F654-C797-414C-AF3A-2A6E7470CA46}\RP8\A0003504.sys   Win32/Olmarik.ZC trojan (cleaned - quarantined)   00000000000000000000000000000000   C

[SuperDave]

Ok. That sound good. Let's do some clean-up

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type commy /uninstall in the runbox
* Make sure there's a space between commy and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

============================

Download OTC by OldTimer and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

=============================

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

=================================

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!