Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected again, AV hijacked, popups, shutdowns.


  • Please log in to reply
19 replies to this topic

#1 ccyne

ccyne

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 12 August 2009 - 09:38 AM

Here we go again... my daughter let a virus in.This time trying to find new myspace layouts. I've told her 100 times not to but she just hasn't learned yet.

Anyway she opened the page and it proceded to hijack Mcaffe (Basically turned off all the protections), wiped out all the restore points and It will not let me run SAS or malwarebytes which I still have on my desktop from the last infection. It also hijscked google search functions.
It wiped out the history files so I couldn't see what site she was on ( not that it matters now) and changed some settings. There were random IE pages that kept trying to open. Finally the system locked and kept freezing when windows would restart. So I went to safe mode. I was able to scan with Mcaffe in safe mode and it found 4 items
NTOSKRNL-HOOK trojan, Classification: Genetic Rootkit and said it removed it
And three other trojans classified as a (generic.dx!byy) and two (generic downloader.x!mi)'s all said to be quarantined.

After restart things are working better but there is no record or log of the scan and removal in Mcaffe. All the protections are shown to be running normal but I didn't do anything to "fix" them. I can't get Super anti spyware to run ( get an error message) and Malware won't do anything at all. I'm certain the virus is still there, whats next?

OS Windows xp sp2, browser ie 7.0

Edited by ccyne, 12 August 2009 - 10:36 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:33 PM

Posted 12 August 2009 - 10:46 AM

Hello,let's look at the rootkits first.
Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ccyne

ccyne
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 12 August 2009 - 09:57 PM

I ran the program but it didn't seem to work like it said it would. I did have to stop the scan because I forgot to shut down AV ( really dont think it's on anyway)and another background program. Because of this the First log might be invalid, The logs entries like this Hidden: file C:\WINDOWS\system32\srvikmov\9DCF955A233688FF10CB72AB0CBEEDFBCA51F95D.vmp in the first log are a known file from the background program and I cleared them prior to starting the second scan to help speed it up. I ended up running it several times because I couldn't get the clean checked Items box to activate I thought the program might have hung up so there are multiple logs at the bottom. After a couple tries I did the reboot anyway and here is the log that I retrieved. As I said none of the items were recommended for removal so thay are all still present.




Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 8/12/2009 at 12:29:25 PM
User "C Coyne" on computer "CHRIS"
Windows version 5.1 SP 2.0 Service Pack 2 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\UAC
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETsqdruiro
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SKYNETsqdruiro
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UACd.sys
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\WINDOWS\system32\srvikmov\3E3F5D5C311B3F7A7802AF8A8A972E4C1107D158.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\00B0B04BB184EC2CD1AA5E32EBE28651CBE1D1C8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7FD1D62F5814E90D3FE587CCAB21A2FF224937BA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F91F2EFDBDA02F51A624A64F2058D51CBF030A78.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7F1302CB3CF22F34525E00853D3E86E6027C900C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3B63408193A77EA99B3053CACBF60621F8ECC2FA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9930A5A08A40A5B5E9534E6909ECBF7945EAE916.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\AB3E83B75780227DB8478C4323265FF8EDDF61DF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7B4C75BFC61D9C0F622CE1D5359153CD9BB24467.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\539B0D28F9F8DA3ACC3C7B11FBAD18697FABCD85.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B3FF5D8C1D8100047EF4A2FC164F668A50384CB5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DC92ABA96D7C35551B53F8CB3DBDE88E9D851E08.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\07612AA25AAD0E9A45B3C84ACB8C8D29DA7850A1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\69C513F0FF2678D5C8FCC76B297777AFBA33F9FC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7C12EC2E50C025652BEBF087929B8BD19F1CEC78.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3E2744E32A6A59E4D348C2E315097FC9955E4087.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B028BEE91182D811F3D1353F2154A07D2F92163A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B10B0C837E164F61598155C980DB4B44F81D22A0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5157D3A7142BC3887F4E48EE2329808B0ED82C21.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\79EB20DC7AF6308790A8A62272C0A98C87CEF30F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4E53B4D517C60FD327163579FB025F8F03B8F28B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0CC745A49A759DA13AEC276DF5C406B23DAF5CA4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FA851243CB3DDFE60997A78D9C0682BD378B6B9E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4947C6E9B83F2F7480C4C1FAE70B26FDFE3707DD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\85CF94CA5EF3E7A25D98B1A61F828B63C5D60C26.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1A47B9129DE3970AD9A85618455CC5167419B422.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\65CD7B890C7B6053AF9F1305E9D4CB930A6CEB6E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\701266837A3E12E51A1F3C1985389B6D4DFB8D97.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CA72233D07C0CD663546C81B439F0EE743957F92.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BED133B2974E77C82C4A70351E6F05791DF212D0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E789C58C63F3BA5CCF0F0341C030F1C2BA7CF81D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\71CD58E4A03040128AE8681148AB34F1F75B441D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\005BC08BCD95407FE707E0DF2C3C74AD62122D6C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D36187B0311B78F87ED40638AE12ACEAF6EC8A60.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0A562C0D590DB84435A7D007B5563B312F32DD07.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5D6423262EC0FBC76DB671DE5E53B754039076B0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\82558BE9F81CBD7ECD9CF43F3FB659B814E85A5F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4C6E6779D93B80024077F9C405C08DA2E3868A0F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\23B434394D5FDA2953271E7267E2DF86741F3533.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2E9B782538E7EDFCC855386E40E7B9EA69A813B4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0CBA3DA9A698C1F38B8274FABD108672B3CE6CA8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BEC0B874EAE365D3F0B32499605547EF1A696690.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\507D03B864E7398676A4FD0F2C2A036EF76FF37B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A264491FFE9CB72F7356768C618FA0078D72E51F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2C95DBE47BDA2DFED1FE0A39C0D970F5D48CB79A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5D33F88770D7E24CDE87EF6E61ADD11CADF69CD7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C7C7B0C878FD3CF66D9A22604FF370C32329660D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9C837F5DA1403D5CE6FFA1B94230A8289B267EBD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BBFDF1DBD6164BBF950EB341FDFA94602ED728E1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\149026202FB31B6275FB9787F1AABCF6CA70DAA6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\EBB449FF2DA04DB1399294675793D4C40C2F4B38.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E3317498426241F2B4E39C345ECCDABC50032466.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C348A4AC55D820DB903DB8114A5E684433CDCC8B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8F4B5B94A9D42F7B5C7BC0DCD11302B82187CA6B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4D3B43586B062249A80206B7155F336053EA270C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A47812A3A3D951CF7EC96CB40BBB9CDB72BA33CB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B8054485BCC2C75FA6A02B69398479D85CCF16D3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\273306D40CE7245A58AD4BDD1BAED23C2944CFD2.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\41554647724316B830287BF220A5F0DDF4A25BA5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D31DA83AB04FE508C15B90B35B08B5A57C222232.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B4E15F7E623443DF3F4210ACA385660D24A73D97.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DE71DB09E06BB6CE41C8F10D9A3F77B625218215.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B80C71255217221153D0B404E436EF2AC363D5D7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FE7E8BBD66DBC84207A0614D1227A14252F61CBA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1D7E907F668270D5FDA1A5DE17EF8BBA72DDAA1B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A3320566CAAF6444C6DED3CAFD9BDAA617011DF9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B4F5CFA973B7DDA14750A273432CC05E652886FB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B0D988CA8F7FDFEA8923BE07026B22D8D66A52FE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5BF98FDE86765038F43E9EEE363A6E48480FFEDC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\12F188C54DA18A2C4CD1ADF60DBCC2BF2681DDC0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\13D48BAF5521B1F5742033E9EC0F812EDF05904C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3F2539BCDD841997113B4CDD0EFC033DDC48319E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5BB5E1C0B6DD3A46FF552E782DFE02D7E06841E0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9578AED6B8943914B038BC7E66B7E54773ED7D60.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5741BF908F1D5F83EA7CB3D7CDA7201FF45DFADD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8BA3990CC47805566E30FC1C4CE67231141195B5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\513CD4EA2A86FBC9D73288C5B8C7FD81A49699AB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C55065074EEB72F28F4B47B9A2F78E32FBE2A045.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D5D45C6B14E77CAEBC78F7F069B744B88F46822D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1BA44B0AD3C66D7D0E5405E70525020D3CE83905.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\284502D82AFD40534CB718A2D594DA58AD6CCFDD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\63C6937447B14A6158A65F3785614D37BCEA27BF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1F657CB5A7BDD3BEA2B31D334592389E355A5A54.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9074324C2851CF03F0D007B37A04F1FD623574EE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3599BFFAAA7C7FF6C953C4585216851F8B97F79A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0BC0E26A460662E80DD696428E5EF7B192EA3107.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4BE5902FD5831BCC1D1D792CA4FB12869EDBCABE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\EC278F6C36274E16871B0918EFE7B2B232E3471E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9642921E3D52F51B515E39030C7B286227330069.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C36CF7D65527802264C31FE8AE655D1FA4161D25.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\424DC30D26B2C6EE193B0BF127E8485223DF6758.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\65F84D86451587F971FE77B04DB4E00A0E6F1C0F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\032F5203BA29DC0D6D9B108439CA1869223675C6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\066B0ACCF16F872B55D8BEB0B059D2CE8DBF028A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F3AF7242DC7A6BB19105B6BE8EFDD96C324E302C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\114789F08B276DC8C7695325214D0EB433D4B301.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F59FFF9B513C44ECEA0208C22AAA438BBD25060A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\AC5CB559ED5075B1CCFE1D8C209624D9E3418F5B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BE4D921073CDA0EABED2EB0285C0BA74C2B64CF3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\75E4C1F529981FE9AA10E727873A7F15D0422AEC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\829A732E154C5DC301D93278279447930959F81A.vmp
Hidden: file C:\WINDOWS\system32\SKYNETjuanhgyr.dll
Hidden: file C:\WINDOWS\system32\srvikmov\02B17C395120EBDBB4C0AEF677CA85B8327B1752.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E534B355B4ABBE3D33B0BCD89B25FDAA4421D814.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D6299F793956405EB5C214ECEBA9E704AEAA2A79.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BA8A3157A4907EDE7D4B45F1F6C192BD4A500D29.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\651248F64F49059583FCAEB90822ECD314C5D325.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\023687C37EE8EBD388D5201A6B0A36663C114DFD.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\55TDNSGT\AAHnAQAAAAAAAIAAwAAAAAA.0N5DiMBAAAAAQAAADc0NzE2ZGE0LTg3MzctMTFkZS05N2M3LTAwMzA0ODYzMmM5YQBgxSoAAAA=odZHAA==,,http%3A%2F%2Fwww-news-today[1].com%2F,;ord=1250078311
Hidden: file C:\WINDOWS\system32\srvikmov\27D068DD92E2504890728E80157E61A3F5C46244.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\75180D5691749FF239DF89279468086270DA1340.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\AC0075F0BB185399ABF7958CD3528785F6C22E29.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A65FB6EDB068CD7CBB75B98BECA61A7F62349F37.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CB3AA2711FCE9309DEC0BFA27585565563D9E670.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\23DA120559C40B65F36E7F95CB5104ED666E7472.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\499D76B176461042818BCE46AFC95A6363DBB64D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\AF14D1B076BD560B3EB18571E5414EAFBB2FDFDC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BE79DC0D574DC5652EEC6DF681290C7B40390670.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A039158C4B1620D8D67847AA791923919AD769D6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6C65740F8D8012581E532655D39B86C5803AD2F0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\59CBC67EC14CE926939FBE731801092B8D9C951D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C18B43475C26C9A41D51ADB478E131AE17B82494.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8265F7BE14445E5E98FEF9B3DC2BCF3794B9376F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\56DD07784813E77D781D00D8532D6FC29379110F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\60DC701285FD853C8549F09D66AAD3F26C980EBD.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\I813L01N\AAA6jgMAAAAAAAIAAwAAAAAA5fhqDiMBAAAAAAAAAAAzjpYEOd0.AAAA8FKBnyoAAABgAuRpAAAAAEABkNkqAAAAGPJRlioAAAA=,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1250077374
Hidden: file C:\WINDOWS\system32\srvikmov\BA06F0EDABA2FA06E812B49CD7B648AEBA14D753.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\371AF37ECC6AF77DC2E737BAC4D3368A76AED357.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CBCEB28C0BA1E29E7A6713A71ACD5CCB6714FD53.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\13DE332AC255254E7E07EF34DCF963B8B6A46C69.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8BAB0ECFF59D57668A04B02C08192FED1725A345.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\95763CCEC1EF272A29804D89EF35CAA633F7BAF5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5A11991F703406237E3BC7C750666A767D5B2E77.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\89CEF305EBDBCD45816EA76DD77EDDA3DA3CDC5A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\370A0CA6D33F6F91324E2FF716127AD527E6B02C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8C79362C378D2A1EEDB45D08F16E9D427BD1548E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4716CE46C0B6FE61CC48EF54F3CADF8E01D15D46.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4CBCB6028B9E6412A0925C4F234455EF2E959AB3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F12A9CF44493C4E056536B340BDC8564481FB24D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\25A11F67FECF7D252C2180676F22D2A403C565AB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\35939E34B9C6895D80A0EC85C3C84B208BDF8C31.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E3A71C67CC622F5D8F40527D35B2E93376CBCF48.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\662FE15FD765691E8CD4DE5FF280AB7C81D601EF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\17FCFB9C4350C77742B4CE9D0854392C22640F03.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A77FE553BB3BF6483F8D50503384F47D99A85944.vmp
Hidden: file C:\WINDOWS\system32\tblevmid.dll
Hidden: file C:\WINDOWS\system32\srvikmov\8DACF83CD67DA490D6AA0F98AA79611B8CAC274D.vmp
Hidden: file C:\WINDOWS\system32\UACayleeaopfo.dll
Hidden: file C:\WINDOWS\system32\srvikmov\42177DB238D63E90DAB2F5A2D4789418D5350AC2.vmp
Hidden: file C:\WINDOWS\system32\SKYNEThobtghqb.dat
Hidden: file C:\WINDOWS\system32\srvikmov\7030F5D89225D489CC5B9131839EB5F153FF2BC7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F2D8F4639FE97BAD2DE31614C62B004CC6B39AEF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F00D599588545296CD3D60722250F1CA407D8DC3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\93217CA9C0890B911069EDE511D46920884AF9FA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\083139F383BF23112930403244B8B88FE9B3B50C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F3840FA4BC47DDD1BD9B0576920DED69061A78F4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\ECF8D53D12CB6F387E227E74495FD7C24E9C7923.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A95C370E8B8AA4021FF675A3215DFC7BA1076EE8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2BD9784712E3A156773C7C0CDB3BD912D8AA73E1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A17349547A336AFAC6CB2A32B4A11179D5EF6803.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\67919F18D254CE5E75B6DDD967A3A1473B16E1C4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F5466A41F647E3E5B2E2FD7B9CEE33B6576EDA05.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9B40ACFA7774B2CE172C807CFBF0A8936E618F9E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8A01336DB4EED9FD36A44061F56288BF2ECC137B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C6E0A95A962E66943CB064A38F4057090AA1D04A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\80AEEFDA86987FA5C3D8878B9DB262E5027CBF1D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5061B610F687CB563205F09D539FF72EA555E302.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\ACECEAA3C9E0FE508614CA70F141063AC1D84E5A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6B52AB82B779AB69B304FD8D407282F4086B28DD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\70317CAC509F04C63A082FA6797B7F966E8BF87C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\128CC981036EE2FBAE61D49DBC5188963DD39F61.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\19DB53DE0CF6761C976EAEEED15E298E0C8FF118.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BE31808795AE4F74E12B02C933A3F9D8E50BAF6F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1C20468A8E4CF8CC22BB67FD87B5C3A7199AB3D8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\14BD25B37F838DC10767813591C7F562BA1A7350.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4804C82F2C0C195DEFEE1EFCF17AAF3E3EF26DEB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\EE457FBFE2B9E2B054A2D21F7F8056D0453CB217.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D26AA581904F364BB56CAA0256AB7D16F831FC24.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\70D4FB4D690035C95DA726ED32C35FB45F8A7DE0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BDC33821F48D1D7913B0B2343266C4D8B7187A85.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E3EB01220FE470D67C68BE1B08B81E5D272A9621.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\48928907074F4220E1917748263130F176B3DA86.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\AA5A23AC7E92C57630E49E2F1F34BA293B68B927.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DB613ADB97B31057D5A28EA56404D8E1BC99F333.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5D94E23764C93E91182B826DC31EC0B0FBF82C44.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CA351ED8554C3A0DF2B15DF5B041EEC653BF84A6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\418E30FDD1983726B49AC964EF9F0EB48A0A59C3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\47E26E93E26F65405718D0501BF6AB5527CB8E06.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\AA50048CE69F54D6D036AB3555184DE222D4A49D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5D789559A0356D54A7CB7D7954350D91CF63F4D4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3290A3A9ECDCAAA01B93F3CFB83689A7050D39F8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3E3D1719798923ED128D6D3B47CC11A449CC0B56.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D553470D9B0D6DE47E18142B4C56BC63B9841551.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2EEC475F62023FD3FBCD36DC94BC2CD61D1DC00E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2A96D70C7BACB0F855F21A0A81503B0FF2E157D5.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\temp\UAC2bad.tmp
Hidden: file C:\WINDOWS\system32\srvikmov\7A81684DEDFDC3D349FD30BE023BF950BFD38CE3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C72F7EF7D246CF073AB6CA26BDEB9342AD63C29B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6BCBE0530C38528BC126F6ACEF8CD307D9F2CAA6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DADCAA21B6858994921738F54E92411C78482C79.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D987272730F68167110B5BAEC344ADE4E4ED8D83.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B8EB4B557784310FE7CD865318BB683CA6794D13.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1341579DA766B3E3883FF02A6C1DDB7884EE5E98.vmp
Hidden: file C:\WINDOWS\system32\drivers\UACmliiplnxxg.sys
Hidden: file C:\WINDOWS\system32\srvikmov\80BAAF450904F27C98152E686FF16B5583F73505.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B942A05B40D3DCF8582987E43CCF04242BD7B615.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\ED0CFA159470F545DD9CBFEE2D8ED4432336F608.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B85D6749B994075E2C996A3F30C8655FC05AF6A2.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\41CBEF732E3E67E34BFD63D6263C00DBE0AA156D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D4985551464AF6A0F7BBBBEE3AEBA7B143084189.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\EE86DEAA641C60E0852D9F0BDB3357FE26CE5202.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\18EBACF918AE0A566BA39FF647FB5140C707E454.vmp
Hidden: file C:\WINDOWS\system32\UACdobugqsdgy.dll
Hidden: file C:\WINDOWS\system32\srvikmov\786E8D527A177992DB1B3C29A6799534FE005EDC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A1A7DD537997CDF5F1E7D66ED50EF9BEAA815B89.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7B0C42AEE7E7F4FC19032C548DE5B73E809BF031.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F2910B29C7ABA0F88DB0CC9E6FF26DDBB65C9AB3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7EB30002A290AC9BCE48230F22E5410FC9672C9C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A4A437D4A8291633ABE63B02E9F18566FBD6FA44.vmp
Hidden: file C:\WINDOWS\system32\uacinit.dll
Hidden: file C:\WINDOWS\system32\srvikmov\82EF66CE70048244C59224C469BC33A556AFD35F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B1C468AB607CD097A9EC5A6B600603EB2921772D.vmp
Hidden: file C:\WINDOWS\system32\UACrwclfsjxfm.dat
Hidden: file C:\WINDOWS\system32\srvikmov\EDC3AC90C0A94172C4C09F3803A8BC6521C6E9D9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8CF56623A34C70D1B6D9AB6A144F07B60C6B6DC7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\45D5ACA98C4AC0D6FC4FE11957EB8036D2B609E4.vmp
Hidden: file C:\WINDOWS\system32\UACpevtaldawr.db
Hidden: file C:\WINDOWS\system32\srvikmov\5ABD9A09BBC83CE67B1AF9379F37EEA00CC8DCFD.vmp
Hidden: file C:\WINDOWS\system32\UACiogaudgmbl.dll
Hidden: file C:\WINDOWS\system32\UACjtthedqndq.dll
Hidden: file C:\WINDOWS\system32\srvikmov\D146318A60A5A3302D0C78298F4D1326DDBAA2E3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\73C3BC2F2526B93C471B56EBF10577127A0388AF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B541E4E504CB96D732E029DC8DC20A05D9EA22AA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9D4092EC9C601379FCBD6EA7D911A973A53E6B51.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F47F3530AA0BCBEA06316FBB6CCB42736F796F2A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F6965BE1EBF213919B5BB676FC80D44F09EDF792.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C4C38C76700578F9F42D6B6D41909CDF790975C5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DD30BAA3404BD04D06F4F16836BB629DFE30C5E8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0750313F2014B0D9A00A57A127443BB6B2D537DB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2D3683110C9DCCD0CE4F13F42D456FE000D53B41.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B8903E80817C8625B50E6D8FCBCDC67F1D17BD46.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E9FFB188AC2EB0935B00D39DB0CF66895A56B81E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C3B475CB345988472E4084A1D3AE6C1F39AD403B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\02DE94C9DAA65D27A7EBA898BCB7B21020B2C415.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2CF2A73BE76C3F7D40557DD2EBAA6812B15097FA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3D9A6AB1D4812CB864B95B9D41ABFBB7C4EEC5FF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E75368F86D98FAE01EB0CB04C0FF99DB84A214E3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2AE3492ED83F1950ACE11821CB2979BADD9A77F3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\828709BE975F5E298529E2FF9611086A529B098C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\ED271943C1E1B6087D56BD0F8925B05F5BE1F93F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\435FA7D4531781C0829E5633DC1176E605AF1C06.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\83FE179D8BA60B62C44C9F7DBB6D87A970EC378D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\654938E92FB46C2CAE13D10600BD03920AA56F6C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\19B25942C4548CE21DE181CB266B7E6A176487E4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\17D1071CAAA9A20856A84E8BF37FFF4E2DCD342F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BC8B43C457DA2801F783203D00249188D039AE67.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7EEECE4DBA892BD04BB200A4492163D8B34B782E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3361442BF45DD4C36D47E36D37348BFBD82CB39F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\55215EA3892C675A4A3E25C9289B29A1B82D170F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FCF9CF012F8B3F0699E7CCAAAB4E9E7EFBE46BB4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BA8EBD67B60C8D9084E0731AB7D5F09BBAEAEF2F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2F03FBC816CF0ED02F698E76092014ADF41D9FA1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1D188DF806CFEE9C21FEB0A26ADAE78E06F31AF9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\40DAEDAA4565EC4CEB9D09D03479FBCD5A581C5C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\42754E036167A61CBB97C5F97D19C318B28CAC02.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0A26420AC07A7047DC5E34BE7823F843D7948361.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D9208F1BD0C858E1D5D79D013CD79BE14AB326E0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5FD962520F90A5E8618C0C3EB24967F6B3125828.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2F0A2CB4A34A7E068DEE252F609B2EDCE431A8F5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F3CCCD78F9338CD789D61EFF05DBE02603FB184F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\92BBA9CA805C1F516BE3F8ED1C2CEA01CBB7AFDE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4288F8A04B113C6ADC4CC8206315FFAE5C7DBB2A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C0E4B27664078582643AFE54546F011384A20EE9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\ACCF329D8C3DDDDAD66FACC7CC5A6EE551F8AC9B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1E8A40254762AC97ACB3EF2CF3024FBD317FB875.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5C0816E84AE9F8BEED5FE9AF07CDAF76FC07910D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0FCA3166BF58EF8452ED2F782F353AB4CDF112A7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\706BB2DAC8B9F7F5FA8B30EC896DB0F7658DE0EF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\68C2B3A2B16A44B43C34CD4021002E3F6A0E0FC3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\547DC77FF2D3051AC0C8F24837DB7615AE6839F3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\765BF3140696E12675F9468B18E4022A59B071B4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CFCA9C6A2DD737AFAF19D825D6EAB7E72D2BE0EF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9B91DA8AC299701B009EA51B2F3209F2DDC97E5E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\AC499D61E36FF5EC3EBC200CB1355E0C1F748CB1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\572F7ADE1F2EBA8F57723B06107647F9AEC9F0B0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\34EF6A45A2495C606CA67743F47F3727CEDD5678.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7C2413871558E13A82B75633E63423A6DFB2CD0B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1B4E9A90B3C56AFB1BABEDDB98D6BCDB4B884DF0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\42BCBE2332E0B4E8F1982E95752679E2F993C702.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D07872BCFD23A9700D49F1502D7E5EF55E83A50D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B6CD1EAF6BE9316AEA40C36772CE8BD7BDD35A35.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D476F634E273BB826FBE4AD42C1F36575FBFA53A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\33D2F2A5FD68728B50534DCA317289C6C1A242FF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\72ADBC7CDD320DEB1D9F7EE8E426C7E9FC9947AB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\49A51B914FC0FEB3E98D73761056F8D2ABB24931.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6E8C29A3D4398A5FB9F2BF184E2A2826B99FF6E5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D47C95D3930C64743874BE24969E0FDDF77DBFB9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C5E541883D6FBAF113A7FF9B21384EF6A7799680.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9DD0733EBE44562CDF4B11D97B9156BD427B705A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C0B4F211EF1B983691C14C04945A9ADC2D1323ED.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\543159ABFA27CA9A4110D5E2FD5170FD511B856B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\AA1852F9BB54CE530BD3FB3B372D8CE325865138.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5AC05F6FC74531E871A93FE7C267DD07932389D3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\26B1829E3D09B7270311BFFADCF4074B409E3887.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\97FEE97A70F7C410C82651EF80B6709C9A18BACD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5D610ADF047056E6BA1F9D8CFB359354007F8B5B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F7B4F324A8FE111853939A2FC941FC7E182FC8ED.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0B0A6A4D165C18D38EC6B23DB8C21B7EF403FA84.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1B1844890D6C4F9BDD6905A7115168F30CDC9C3F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B824D30475D99E180030383CB3FC5EC37F7682E9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5AAF3B6E6D685FB5F6A7A8016DB0FDC388F71696.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FFB4A269B81BFB061BAFE418AFDD326FD7084EE7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CD2ADB4FB0B332650D1F231C05998F3194FACF07.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\71ED5E672CCCB1F8D2F3F3A41F949FEECA7D5584.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A335B5FC4D0A5AC4F1430D95503AC195B3F03960.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C993609FBF3D34810BCB3895A25D63505DC4DEA7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F6689EE142AA307A4C5A662FAB40FB64EC35FB8A.vmp
Hidden: file C:\WINDOWS\Temp\UAC2570.tmp
Hidden: file C:\WINDOWS\system32\srvikmov\5C5C339D81893C42FBE06289191074C49AE836AB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\965937B4B71C09107344C12B27CDA8CF24FE5EC4.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\0QMNUXXF\AAAAAAAAQDgUAAAAAAAIAAwAAAAAArBNvDiMBAAAAAAAAAGU2NzFjZTFlLTg3MzUtMTFkZS1iOGFlLTAwMWU2ODQ5ZjVhNQBTrCoAAAA=,,http%3A%2F%2Fad.bannerconnect[1].net%2F,;ord=1250077643
Hidden: file C:\WINDOWS\system32\srvikmov\BD36DE646450F554EFA0376EBABC67251006C7AD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BAF4E5E8E2F167BD8DCC51B2D0F1807FB3C1F34D.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\7E8XLCCJ\AAInAQAAAAAAAIAAwAAAAAAGYFvDiMBAAAAAQAAAGY3MjQ0NThlLTg3MzUtMTFkZS1hNTExLTAwMWU2ODQ5ZjM0MQCFoioAAAA=ibBOAA==,,http%3A%2F%2Fwww-news-today[1].com%2F,;ord=1250077671
Hidden: file C:\WINDOWS\system32\srvikmov\D7E0D9F46F26B9291CAFD5A4E7AED147057966F3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\37F51B35473B988EDBF16412FE5CBE478FB73EE1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F59124AD64DE522FF164904D97597E9A54E4F43C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0D5B2C9B04C407824B9BE7F9DAA77EDA595DA508.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2BF80F5533AC83B144D1C2B35A8A6E142D95B9F9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\14A98C54767B7BA70BBDAC04CDB54C4AAC42CE98.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\09E28D93773596C7C4E7AECAE36959DAD570AD28.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\60C0FA0CEC0DBDDD1AADA08B8B699DBE86867B12.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D12CB5BC8440C494CA650DD81A1134D7F51D890C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\97963630A97E005281AF4FDE6EEE216764854239.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F9AA74969A7DC28DB981D38C8079D0296B036B2C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CD50D9C914A67687023D43408566D35C30BA8A9E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\260118CEE22CD9B91840CF61944DA9CD7FC06871.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B9CB7491BEA0D5DB5E72D08E09E66E1476395E45.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6EAF6AF7856C82EED3E6A4E22E88AFE95DC468B4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6578442096200788C94D46BCB6F7E69EEE5D1562.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6A71ADD4FA4C33907A1EA4315DD740A8B0F6F8DB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\97D145124757CDEC4EB50F38B7E1BC8F7732EEBA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\44BF3A729F722C38476B9097A4DB5AF1DF1F55B1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8630FD8038A257FBE5CF01C186A130983649FAF2.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\459B6148E99DE322551F15A237E536C3E0DE86F2.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B5AA044A8030CAC74FEED36451CCD2B6541F42DD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\10DBED31DBF9932673F7662D71A947CF1E7BE2F3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CA68583A6FC6DA7B06232A4EB1C50BBB90F09EB7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9DCF8E1530E96AD12F247E0444CEA90A969D64C2.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8D8F167FAFA1ADC6CA3027BCFC934343B9D0A7EA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8CF7DE9AE775BBFD3D9FCFF4B2BD4F9AABDD4757.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FB066F1EA1F444BC22D7313B49BAEC7E695221B1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\77EDAB410FDF86ABE09CEDB100249BAB41ABE3BA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\02968216139EF27704C86706792162400D76EAB3.vmp
Hidden: file C:\WINDOWS\system32\3dokcan.dll
Hidden: file C:\WINDOWS\system32\extiww32.dll
Hidden: file C:\WINDOWS\system32\imgorpop.dll
Hidden: file C:\WINDOWS\system32\errevmat.exe
Hidden: file C:\WINDOWS\system32\kerohsec.dll
Hidden: file C:\WINDOWS\system32\srvikmov\49D9A2842110D441C827C89FFFAD54451CBA335C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7CE139583E5F081C00E08DC274369C4F4D12581D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DA9F8A478B1361C9877F6B9AFF21FD583C2D76D3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\EF00966CD9670D1DACEE6E1B89198746E27382E0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\81D6735A65AB9B613221CB08FC7B6B0BDAB484D8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\088CCBAD2A5284A2DE2BB334D667AFC8D41F3841.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CC40B8C569ACE5CE9C897886D0157812A6468FEC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D004D6E359F446E5F93AED43FA24289035603F83.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D15989DE3BEEDF1D75797A249FBC6C5F8F49C274.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BA7BC9AC911B66A092E374995F886A71C014545A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\EAD2990340B74626CABA2575F2D1A9EC5BC7D73A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9D30D12DEBA4A9B75F719579D9707F0A4ED0F458.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3923E5316AC490D203C07C05AB302485DEF49297.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B4E80ED467841039B5D7C3D44358AB959F6EFBF6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A855FE727D1F38A38AF91E9CDF0C739E280F55F0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B1146C194E39ED668092A971BC343265E4E3D614.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6523A3B5E59CD56C3A4FEC7167CE470AA26E9280.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5178530CB5D9B37CF4BA8928A4889F278E12CFB4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\09B5A8EE617B47379EF201E44DB01CF1AEDD3B90.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1E3758914608D3CB948677535CB2DDDC45A573CF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D695F60DB37B5F4A548D4379582581A1C176C412.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E8C3762A824DF2FF490CE1A15288A75ADE8D07F7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D081835C314DFE53E16B1DDB77A8EE732F417D43.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B986C1CD97AB8FC071F50E66E0CC6EB61A787922.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B6777291D2B2ADD52EA7673C64DD17ACC40FE58B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\482A5135EFA4C585BAE5E668E25923E627FBF4A8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\216F01B29420468E25B6CECEDC6258BC6C333D82.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4D7EE0430917C5E96E03851CD53F9C5AEAA8905A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0352E7C114B28A9385D78A66C87BAF8A8F1880A1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F73241C0ECD2C13BC7AC34A47094D98AD1B62680.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8EEB32AB1EF0563D453B487F4B31F407546030F7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\142172625E64BC9705B9D1DA8F3F2E1F03655CF5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\93A579986C44E0C32A04F6008A604FA1D03ED711.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9A542B26B430D115A0C49C28807D2CABDD4072FE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1232507D1EB346D4184471A5460229E06B9CC728.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DF1181E6437B4DBBF65BEFFB77DF342592A151A9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\05D3BEB992EA4B6C6ED10728587B4E5363B676C2.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7BAE19C08B1C7DAB1AB9D245343CC0F41AA18710.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5278CAF44604B03FE65D717C834E3D89EBB82CD0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7E20BDC4ABEB53081831890E2051382610D381D9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\370467CC1CBB9E265371BC3FB643C1B75F1A2AB8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6832AAF933BF64BEE6D9E2BF7F35EAE80D5A98E5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2ED9E3E70A3F7EAE18563FD362D4FDC63A0FF7C6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\40F33F197F10D09B1514118D112AFE9F9B2FE763.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3B764B0682FAAE9FC205110D82CBD38B051B9C69.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\51D630A6BE6253DA527B7A10F55BEC38ADD6E289.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1F27E01D2FF525DB7A7E0CD1F81716BDCF8E99AB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A30876DD9B48D16CB0427992954DAF7FACD20789.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\35DAE660AF90FC1DF0F960AE90882AA985AD715F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CA3624E67A067FB8505BF4084334B7889386E737.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9DA237C2EF363E56284E128CCD85EE95FDC45817.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6F87533874D39C28C7975A5144CD46E3ECCC5C78.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\25B2F9F1C88CFCE7F20112679269FDD65E0E5CA3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2EC43C4B45BCF6430F705DD295122FCA2F1366A4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C25DB3AABCEDE269A1171D0ED6D5C952FC79E925.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\13F0AB5AB14B8011EDF5030B4E139B5709F370AE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0148282F5729A429236B31DDBA7764E6F6709A17.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\29D98084B1A889107FBEED8E089808916B300BF7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\79692EF4288779F2490B421822D155B5DD6C3BF9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C6902B38DFA6812EA967D072FCD34445D2D54718.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\074F67D3634376F66C3632B45171F510C480321E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8136ADEBED7BE10A5D2158656692889759D3C646.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9FCCDBC44E4940B6F912610E1B9574DFB8B5D007.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7C2FEEAE898F85B41C9FCF6D85F5F861B1A72BFD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0EEC181413BCA2002979E836DA52CC80E7B95615.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4862530D2A1E157D0C76B7C71377F28211AD1D29.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\409012BB73B91712ABE2C588FA7A537DE7857787.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B346386C8EC5260E1988D3AF527C75F56C9FFD7E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E50A5FAED9525231787E6E89082CD92DFD75CA06.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B337B78EF9277C959607BE749C8DDF2C7E996036.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1533B08234D02117F9B62C947BB00C36C8E2C84A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E7F36D9A997CF52FCEFE1C5FA3881D6DEF44414E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5867E857FD6074F35068CE06002F51ECC9552D21.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3E946F0F30C60A82DE6DAFC7D32360844AED05B7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1D05290F6F677BB854574E86D2E54DF55EE0C61F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\814584BF6C2140E7E9C417EBDE3488EC74B2F4B7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1F58965846DBE894FCF36057CD93014C83701C91.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8869A5CF16D01872D091957AD1703574F0CA5AED.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3BB983B62CD4701DF6E83FD0856B73088876988B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6DD4F1A8EB0384B53DFBAD31739AD3237DB42F58.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\86A7584CDCE12AB1C8E3A24690C2738725A68E6D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0D728912833117260BAC63A58D823E320033FCB9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2E351FB262BD687A21A9A5B3CE8849C3CB291A75.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\899C67E80D734A6C4DE13764D3793C85DA01228E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DF8F61B9D93B442D67B57A8853CE693AF3F952FF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5BC23FC0DE2F45E3DFF63236E7A287B6C10F2DAF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E5A7E097622CC042652136132B89FAA4000CDE94.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3D5E74FF0054C39D7EFD8E9A7CDAF4E048351AA1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\30C3DD20CB491086FEF92BF67728F01F49B326CE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D75A65B263890A210966E954BAF2F8E561A84FF4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\38D7419B634F3A980B5C137D850EAE9496D4B7E1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F47E0949F59514A0B1E17DDC8B975B284ADD038E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FB90E7F26CC6A514F8C7871C00FB77680E25187B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\00FF246F3B376A5023EDD56E6231B1D93D44232F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3285ABEA10E06B8FF4CC17AE9CF39787A9B1A648.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\88DC23A5C8AC474B208778B9C5C79478327643C6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B69527C211AEA3FD16A8C99F9AAEDA0EE5B97F0A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\32B4517C054DCE35F7D7FB4394A81B9FED1108A7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\16A82FCEE35B426A256E1D0758B1F5FAB0ED6855.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7884F1E97AF2051FAE25E4B325F1804B33B0581B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\174B22C990F2FD86F9E6794815E01644D4A8D10F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0284A39273367EE110614F897F4A518EB2AC192C.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\B8PP940Z\2=0;a3=0;a4=0;a5=0;a6=0;a7=0;a9=0;a11=0;a13=0;a15=0;a18=0;spon=0;sens=0;m=0;mage=0;area=nm_homepage;gcat=;gid=0;2omk=;tier=high;sz=728x90;tile=1;ord=200361379[1]
Hidden: file C:\WINDOWS\system32\srvikmov\1BC4EABF7DD32399442B5C0D9B228EB6A533CEEF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\93EDBB124727247B7748C3BD158A8588BB698CB1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9A12D4001A1F7111BC1F1AA8BCDABA6C46CC42C1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\ABFE712A90E4A3C34190B90C63A90043EBC07D05.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D25FA276D2A8D6DDC70CE888EDAFC6AC3F24D9BF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\851159438152C1657D28F04D5683F0C7BC5B48FC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6B487BDEF7AD4F9E55458BDA27E2BDB00FC654EA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B0E2062F5C3E507367DA2830ED569A69675ED231.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CB5B917C4A915B26825D90F6A15B8A0990DC2731.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C1518527277349C8114E5A794EEF40C44CB57AA8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\010EF09D9809D2627C169D92E3AB3EE7FCB33A62.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\32A48E0B928C24E0EAF0A39925CB0E49BE172731.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6F449C05CF921B05DCCBB784BAE04B484D9633E3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4B02C15E9E46B49884C5CE3489570F61F7149B77.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D4105B45C604CD79B50929F4431C7EDED223EA42.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\36AC94F391AA6C5027D47508E7D409C83A8F53D2.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\48CD6A603E209ECC6ECE9C97C755D7DD2B52E21B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D52A14D2718345F79BDFEAE9D48D434013FD93D4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\39C042A500A7C5C742FEC86E94F89E077218CA61.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\96143380A658E6202DFD85F0D8E69C7FA6B30472.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E7DB59CCC267BF402B4CF8096B5F33F12CA6BC1C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D0B61079D66F581A6856AF2E498884F251FC5981.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\Q4KRMISG\AAJnAQAAAAAAAIAAwAAAAAAFih1DiMBAAAAAQAAAGQzZWY0MDU0LTg3MzYtMTFkZS05YjU4LTAwMWU2ODQ5ZWZkOQB8rioAAAA=YXA-AA==,,http%3A%2F%2Fwww-news-today[1].com%2F,;ord=1250078042
Hidden: file C:\WINDOWS\system32\srvikmov\82B2D43B23B28C5DF7BD1F79363596DF4F971881.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DE359BE6A5EF67B08CA39456194BD7723CC1F132.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F7CEAE4291D1B0031D2412239CC7897407B78E65.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9FE76A02EA61A038F97E2C2F11ACB6EAC2248F8D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\82E7A3479AB1379DEA2410A06A6898631342FCFF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6B25AEFD7DD14E944ADE6B6D38DB8669D6900DD1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7EFB77B7466DB0A729FDE65ABBB627C045A1780C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\476D49222FF3194CB2DD289953C2B0625BD1B087.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F46A3E8D7E31D34BAB094D5556E486A35114D300.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\97FDA016C817A4BB879DBF8030BCF110EB91B134.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3506CB47612AC1E679051E36420CDF3BFEBDE4D2.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\71513CE3AAA0BDD0DB950BA8880A522BACCEDBF8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\43F6249D87D6F08D05787B2B5D0C9CC841F49FE9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\88343FF2A80E9B5D44447C2BCDD522AEA4332FE5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DF578FBC9A33BE5CBB708C758FB53B787EC2A418.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FD2CDF229B7E81B20605C01F8DE23808F57C9E53.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\552777A1D648F08E2431699C63DFA841E0587355.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BC7B35E293AEC970497750BAD5C022D47EE1B2F0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FFB7D08CF4741D62FBB13DF4A8EC4627A47592F1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7D3DC9C8BBBA83DA906721FBCE8D574122F7B55B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B523A795850DAADB9E9D9FE42A9A600B43F49533.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5DC1A375D197B77BA05B2B6CA6311219EAFD2A93.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A4A530DDFD6C34BCA2E6EFB868021DC920FD0C25.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\337C26FD5FFCEE793D8EE046223602E7DFBCC7D7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5DC0457CE20B54A74FB628ECE33F8A4DB320C2FE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E0B1BB63951625218A7679C6F196EF0FFB815FF5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\52A9A4B3676B6371777589427069D696E4AD7B1D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DBADA7C48A99610C8ABDFFD291680E66C3D76035.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\98E58BF4CB85FB1108E8E49BDF0AB287E0351103.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8898050F8220DCA230C6CDAB566E2303DCA74BD7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C4851511EE8251D9C1BBA2642EE7258F422B54BE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\41099E863864F37341AD1FF9A99B95E23AEC20A8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\243CF35F546761F74D4B8B414FA9B92D4A14E403.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C63DB28CB9B1AC174FAA7C79FA7ED60484BEEF1F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BF59490E9077E9373FDD5C70938D3AD64C8786FF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D9B725C3D4DDC6C711151B2127711E1D62140E42.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DFDCA4C7D7A010558A429278145DDB12158C862D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B8717E5B5FA51585193483458A22A07A1FB1788B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9F02139F745A70DE450BDBDA21F68347A64E5747.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B8DA315EC27CD62C03475C823AFF07CBAD82A438.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\160D0912D37C0CD62C7011D4384C2B3459FFF0C4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\271244B5113BBAAA3E49927099730F666BDE9757.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\42686A913FAF035D0BC947E5DDB641BE18CC3345.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FF33002B0BFEAC8D0679CC102AD2A09E33A85312.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\298F26546C80EB532BF2B3668EF3D1DECD1BB57D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\11D975A7D64EA00ADCF953485DC1C2CB38853D23.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FBACE0FD029BAFDF5E35231910A13CF67582C4D9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9AA1C1AE615BDE1FC573B76A976E52A9079861DE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\AEDF1F7DE1606BA0FDC0D551E07B8B6F8B3CF77F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\87FA052BA44042B9D2216917DF79757B75B624AF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9DCF955A233688FF10CB72AB0CBEEDFBCA51F95D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4DFAF989314CA7E4BCE66F02592BC49E12E8B08D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\74CB7D3B17B440C00ADB3299AA4B11C1C50E93E8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\92106361EE2AE9AC838A5CD071C18C243B4089F9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\616575880F09D28A1BFEFDB3C7DC7A9014525FAA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\878F1ADC41B609BD538C25B264CAE48385F1F25F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\968EBA4EEC469FDB2C2D2F1DF8271C83D64FE367.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A46ED94EBAFE4A2ACCA54922FAD560E765780086.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9C107C4E8A596FA98DE977DE25717CA6808C7C01.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A797FD17C00A0084D5A3FF99E025B6C43D00BE12.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\77A2F203305C501FBE243893D1A87A64EEE900F3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A7EDC3F333BD035B949E59D896C6D379CFFFB1F8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\203EBD6043D1BC3AD577F397B999DC642C1F7FDF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CC9EA58229BB17BE1EC58084479B394A9EA72D67.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A3DC9F1736842A7B4D0A3FA2A2762A143FAE8B6F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B66A962352174DCBC38AEEBA1E071D2654F01055.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\EF46995D78697009ED868EC92B2A4D825A13010F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9B12185C99B270C2CF14F6C4AC81907F32DACE44.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\875F1DD4D20DAF939252B25E30AC07BD244364C2.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\037A6F30AF75834FEE7D54B4E60FC6D2A8677FE8.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\RL19GU87\AAAAAAAQDgUAAAAAAAIAAwAAAAAAXe2EDiMBAAAAAAAAADNiZjk1ZDg2LTg3MzktMTFkZS05NDkzLTAwMWU2ODU3MzNhZACQ4CoAAAA=,,http%3A%2F%2Fbollywoodondemand[1].com%2F,;ord=1250079075
Hidden: file C:\WINDOWS\system32\srvikmov\6691C2500C5EC6A3C1E684A0E95A4ACB7A5310BB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C2CAB258235046F4026B54EBDA14983D5258602F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\40770402244889A07D74B3A7238DB0605B23A0D4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B7B44282800B585131EB86A8FA033E9A7B100CE9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\27694F47A85E44F75C14D6BB26C7C77F6AF1AEE4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E9D0265F28C4CD8E8EFEA2DEADBDD9D664F80A7E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3C0C6546343622516FD14FADA7B4F15043E29CE8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\616E4E45CAC59E3F5B615A5ECA696D0667F83097.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4250478E6ECF10A9F0558B14EBFE2D3FCE19DC8B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FFCD3BF7800B48D49A0EAB739D3EDCB6389370F7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F4F91F0F6F97F1368336682FB7CBAA01E16244C5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\977D4380A59DE388FC1DF1450F2B89CB4854C861.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6798E1A4A5742A385F1BBFEC55E06F0E8EB57294.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A4382788BBA7EA16A60A7FB0841A1F4506F438B7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\75DC098E71C67AFEE726180A52B7999E0C5F044C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\EC49665572951582AA25DF3870179D4DC5AD180A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7DA4644CE9838C21A40635A8E5E91CE6F57F8B0E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\91588F622F89DDC1011C21063B1101FF85B57FCE.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\5FQHXOHE\AAJnAQAAAAAAAIAAwAAAAAAdpt.DiMBAAAAAQAAADZjMmEwM2U0LTg3MzgtMTFkZS1hN2YxLTAwMzA0ODYzNDg1MgAAAAAAAAA=YXA-AA==,,http%3A%2F%2Fwww-news-today[1].com%2F,;ord=1250078727
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\R2L1FMCN\AAJnAQAAAAAAAIAAwAAAAAAZiqBDiMBAAAAAQAAAGE5MDk3ZGJjLTg3MzgtMTFkZS05MTk3LTAwMzA0ODYzNDhiNAAAAAAAAAA=YXA-AA==,,http%3A%2F%2Fwww-news-today[1].com%2F,;ord=1250078829
Hidden: file C:\WINDOWS\system32\srvikmov\1FC7CDCE4ABBB43FFCB6FD13103809F39ADA84EA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2606FB7101249AB2CB4B252473131A933946B298.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6D5DC1121C3AC32FC1973505C1770B6CC98BD35A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\134BBCF20150C290E47FFAFDB0D40CCB57F7327A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\24B53948B34CAA572C8AD5218A0BD6428E5DC2B9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\28F8A5D7C1B5D81C18C10D124546EB90EADE7045.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\469C359FD6D849F4103263C161CCEB92A8FB0D08.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E52628251C0C25A2EC8E834B1389D505E6ABE626.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6591CE14DA553BFA9EC3DF94EA24401A07C3E8E1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F6177627991FD2A1CC3E789BAC6B2D478D86532C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\085D2AA88242C7D8D9EA8CAFAA65950836B3ECC9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\35C778889C1FB6B8929109C91A8A8F504F214A8E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8E6EA8799F65196D0AE2707E8CEB984D437B6002.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A9F686F47DE8BBD63FC0F88862898C2ABF7F37E9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9784C4389E624ED2405A02D04044915713BB8CFA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3D308B637CEF2D95805C514353BAFE79993C28A0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C10F3B3332D708EDEEFAEF4B394CA41A96D9C1E9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\AB2897E3CDC738BC2CF126F9DBA8C613876E6493.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\42746721BD0A83DAEA186A4A589F45CA441CBC00.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0802D6C4DDA6B6F72490A7E22541C4F73A480064.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C1840168E3D542F1F21CD7E70B38AF7EC8E729DB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D1F98A5AB0C17D0D8AD416E4C913CC7977A66ED1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\20EE67722A126F0FF244A445A17AFB2C63426261.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\EC0F66113B17A44B4BC9EFA29D27BEA6E7CE9935.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FCE436D42DDAC5B09F931EF3D7353786CEC87DA8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E8E28E436D9BAF7916D1C928201C7682FF5876A8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D9903E7AE514161A01E798AE3C895972BEF36E6B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3ACA321C1D23952E7B9AB7A28D2FB3FB10A07F14.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\799CF9B52F363864413B23DAC4661ED87434FC25.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\85D90425C17ED7E2744E153469967A4E6E326169.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\28629D58A8F97F9F391ED826EE46AA898E0D913E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C20EF4CD3D341B47F74C2134CCB815E529EB6F50.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C73C9390FF49454EC7E2D39FDF224F9F7D7527F0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\665E783285236B0683B2AF95405D9611A41E5821.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B0666958B379D95393337E49323B90FEEE6832A3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8B8E91BECA86D2AFB3F329B931EE4E328C2F700B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\124F6B53F217F5C438A243C968AAEB0E4C8F1531.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D86620339DF4606A06BF82442BDA67464B5E345B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\27479F6F2860E61E624991B60659E3C23672AFC1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DA057BFA98EAF361E8C60054CD7E2B0379DEDC75.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\03D050C94E843B7A3253D747D5EEE3EE369E20E9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0DEF879249BABEF767074E58D696277B22254A24.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2B98B964482900CFB210EEB23D07BEA7739C2B2C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B54B0A37FA0F01858DE7DC125C7192AF7EA4C1FC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\37700EFD78551D14F933B2B31DD5C2E9E8C9F091.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\EE9UCO9S\ADodQQAAAAAAAIAAwAAAAAAJnyJDiMBAAAAAQAAAGVlMDJkNDMwLTg3MzktMTFkZS1iZjRkLTAwMWIyNDkzNWU5OAB24yoAAAA=QWNIAA==,,http%3A%2F%2Fwww-news-today[1].com%2F,;ord=1250079374
Hidden: file C:\WINDOWS\system32\srvikmov\9725489693E1C7BC2724F5A3B80C85024126C095.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3022F175282F2CB6C478A3DF1703342D23E906C0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5E6F66DB6593200A202C80C36AC0B1888B531461.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\58CE3B9FFF1CE3F18F05A6699146C4F5B2F995D6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\64A9DE52E4EDC4A8FC991C689D86E2B4EEB628A6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0F7AF56E119C680E272032A263E8442A1BF47FDE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\814F686445D016118BE812E40815FC624E605DE6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\38D3DC308D7DB6D90628E5ECFDDB7DA5680C7969.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DD0A01D96DCAF514452FF2FBD766F23B9E26FC9E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4D3920CCEE8B2C96A8955846410C15244FF525BD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E2E85A611A22D3F65BCDF23E5F42C4F71809335B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\21B9E8F5E707FA4818163C79B44B71B258691585.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1D930EB4BDC2B0AC28DDC2E35ABA22259FBE5861.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2C119304210DCB8A58D68B8E03877034CE539EAE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\16361B0EDCA0921D5AFB124D62787869E2B18104.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D3E4B59F35F54915F5F7FAA9CBA1B3F7E4D724D7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\279B49C035134C033FE903ED12BA8996794F1A01.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\587C10331FCAC6C4D0C2EA783E35C9E8FC0FF152.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F2D2AAED2CF8797A73801CE482A4096C20387C1D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1001E891FBDDC8301D62973CD100B5D73C5D06C6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D276B1A19CDB8EECDDC099DA8EBFF6AA083B13BA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8594F43AEF0FA9C905A8B190D94727ACB9072AB1.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\6AUMLVF8\AAJnAQAAAAAAAIAAwAAAAAAm8KGDiMBAAAAAQAAADgzOTMyNGJhLTg3MzktMTFkZS1iMTRmLTAwMzA0ODYzMjgzNAAAAAAAAAA=YXA-AA==,,http%3A%2F%2Fwww-news-today[1].com%2F,;ord=1250079195
Hidden: file C:\WINDOWS\system32\srvikmov\240467C11671C4D6CDF1D94BD974346CBE35760A.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\ROKWIFYI\AAAAAAIAAwAAAAAArvSgDiMBAAAAAQAAADgyZDcxZTYwLTg3M2QtMTFkZS1hM2RkLTAwMWIyNDkzNjFmYQAAAAAAAAA=ibBOAA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1250080912
Hidden: file C:\WINDOWS\system32\srvikmov\FDAA63A2C70E25A913B0C3B80521E69B5AD30EB0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\17CC6028BD4C1846B058785B5CEF25CFD4598E17.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\61AD6A03C5E4C4B220A15673D751D5917CBF1466.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5271700544D15515DCAF2D89F75A7EE60B350420.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3993461981CCBA062008143C0AA5C693E69399C6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7D55DA3FD71B2F7A18FB9201A7AB0647BEB9EBB7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\AC516149FF4D0168B9257187B73AA865774E6EC6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5AD31C3778380985094AE65695E4CB9CA7EBB924.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6861E55EEA75ED7FCF8A5CBB42366F509116ED23.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\160C74D5A6900B43B567E999B511D0A7876634B5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\83A637FA44E1CAD3446BC96DECCA1FF52E382E9C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F06D8853789C3758DBDA025DD755A0FE63982BD1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A8642E93EAE683AAFF804F7938F7E980BCAB616D.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\R2L1FMCN\OTg4LTg3MzktMTFkZS05MWExLTAwMWU2ODQ5ZjRiOQAAAAAAAAA=,,http%3A%2F%2Fserved.antventure.com%2Fcreatives%2Fanswer.com%2Fdietfitness%2F160600ad[1].html,;ord=1250079386
Hidden: file C:\WINDOWS\system32\srvikmov\19AA6A40F6615DD8F94B59728F6BF04B3EBCEA0E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FBC0322F1410DD7EA7B9D2EF3A3383BAE5BE75F9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9A04FF23AE9AF6041DD0BBB9A7943C71E323CCE0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\16E0BA2F02AFC8008B0DE8CCF804A35139143898.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\29658F0EC78ACC8E5AE5EA26E2AED7BEE407F505.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FACFE7C5ACBF1550629B8FF5F015B4D4C443BED4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\064EC53B62EBBE895430668BF6374021E8770C71.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\33CEF6BC86CEAAB873FDB90D1F7E2CD039698DD3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0744708822B0624D1BE597BA88843CFB2E9C89CA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9F9E14597D84F1F0240EB1F317FC0E1055697AD0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\04717DBF7F7D88448F10BEB8C936C83F6695DC55.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5B5713C016D20B9DDABC9A7D4CC14DB3C3BFDEE9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\32A17783FA0FED150B3B916CB8D6314F4D2F0A84.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7881BF27273889DF8FB3D221A1913283C7C0D73B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8975745EC78F147666D4A5912AD67559E34A7CC8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\537CE5F1A19F4D96290EA761297D7070C6B6BF5E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DFAB8C748FEA9D8B7C4F111386D6A806424BE58A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\634A4FC672EFC8305770458CFC2013A91974545B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6B3436488A122111DCFC334857447981909DCCFD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\94B170CF6AEEA7EE87FD24000E4DFA70DD96C50C.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\YZC5MPWR\AAA6jgMAAAAAAAIAAwAAAAAAra-ODiMBAAAAAAAAAAAAAJYEKSw7AAAAIFMPnyoAAABgYqNjAAAAABhTD58qAAAAAAAAAAAAAAA=,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1250079715
Hidden: file C:\WINDOWS\system32\srvikmov\5503DC10667C8D929F69AC2EB333BD6BFA402595.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\TA3CF4HV\ycw3AAAAoPFspSoAAABgIiBDAAAAALgWQKYqAAAAGAIgtSsAAAA=,,http%3A%2F%2Fserved.antventure.com%2Fcreatives%2Fanswer.com%2Fdietfitness%2F300250ad[1].html,;ord=1250079738
Hidden: file C:\WINDOWS\system32\srvikmov\F33016B4474750C6BEDD4291B52F213EBA12BDBA.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\6AUMLVF8\news;adlocation=site_below_header;campaign=;page=category;kw=blinkx;pid=10;sz=728x90,728x91;dclu5=9b2b59d2985c88c;source=site;t=1;tile=1;ord=1132124478935637[1].2
Hidden: file C:\WINDOWS\system32\srvikmov\1692977540C76D53E6296A29C746CC7DB74CC953.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A2A3278369D69C83538CED8C5AA281BA72AD4762.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8133FB0B004FDED1B6CB955813AECD334EFC8E97.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6A2D2EF95CAD9A5A1EC6F5FA4F1176FB889E8EDA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6A94E32C6AC632F1B489FB30A105301CE15BA231.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7B4F67D4CF8824C7A87DBBEB5DC131696992E307.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3300013F9DF7D511F5171D65F97AA74BBBDCA283.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\32AA189BD91E6BEF325241AFD058965B40BFB574.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\610DA6321F11F2514742436322C1509A21342C3F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A1C5FCC4DBE941DBBBE2B3195148CEF249F021E9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\62448BA1F6ED284124F6BEADD8B8389F62A51881.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\73F49A5BF49A667A893BA8141640F190F06697CE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\39E73AF8687F46F2E970D4FF4467A92B18EBDDC0.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\R2L1FMCN\AAAAAAAQDgUAAAAAAAIAAwAAAAAATOyTDiMBAAAAAAAAADg1YmY5ZDUyLTg3M2ItMTFkZS05ZjFlLTAwMWIyNDc4NGEwNgBEbgAAAAA=,,http%3A%2F%2Fbollywoodondemand[1].com%2F,;ord=1250080058
Hidden: file C:\WINDOWS\system32\srvikmov\E1C7F432CE2C3BDE8BAB07F645BDDEED198167FA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6EFA89108838712450FC9F6A04CC39E5A877DC9D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FF7A3CB98654DE28A26DE6AD7AEFD133A06A5E2B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\233C0BAF837FCD333536F2E9858B0F22BEA85725.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3F5AC650741C8022F399AD3DA373825E09F27769.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\22106099D91AE6FE2B3488939BF779E0223894D7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3B0E703C7F82F54CE7E4D692FFDA443E971FDDF3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4A1103FD4EF0F3E3A1377B9C5A57B86523482820.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DA15F5B2D7E3608F239231D3E2595C83DCF596DC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DFDE703BF95E7101355D5E77CFBD72943A6304BF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\266C29070AA98C493577A08B332FC69B0F34921A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\72FBB17714D951E1F5514B9199E75A153C99DA11.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8DC877A3D431D5DF196549B6E84592FE3BA4A5F7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5BCDEBE07B3CBD812C4B9A3BCA165D266C59FA86.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E3D3BBDF7CEDD3460A84CFC846EE8ED078F7FBCC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1524B1E774826670C8319E5BB9C55A070D0A5643.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E875813A73FE91BEDD5CF6C0461E0AB2735A5B91.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C8982FC027EFF69D9DA30D0CA9DA804B3CD68D4A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\98B3B9DA0E56B936D1BF8BB2C33DB62B72B7781E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\90F553060261C5EECBE77FBA70642BFCF7F965EA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6168F753ED8D91D32674877D30A4024A39D183DA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0231FC8102882826186F9E69BB1D8A590305E3CC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\726882B4E1D22858D6E75094DAE429B46AE062AC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\63094D6A3B0C7AC0257638FA8CF364A259659726.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BC4967E7CCCAD59F4508763673DB123B86FF6FC0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4B1FC077B92C2B08DF1EC4066E32845236EC49B1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6509D06DE25844C91740EA6D74D99007F6EE3D86.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\379C517DD5FC395C7CABEF517DA649ACE0977C5E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\00160290A5C152D3941B06C6E3E8CD82B0C56115.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BB4BD4BAC0205DBFB40277B55125DFB5A18E6012.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\88C496BE1A59E82A889A9E8E862D970B450CBA41.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4CB05FC5A81B6701041F44A8A078D75B19DBC8C5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3E22098789FC20A5AD9C1D9DAF31370A2920D9FB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\56D56EBDBA74F70FBDF61F7F80DF86D1FAE8956F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\422DBAD238B5450039F98C12C4929D04B9B12228.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\37C82B19242DB39FBABF1FF49AC7A67DA11907E5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C1DC340AF34AC6A2A94421B37C4F5297566C85FF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A0E1368727507B6D7ED0D473204E8CAC0F527E44.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1C1DFB90B8472F71A1BED556DE45F1C877C48DA0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A73453E0DD1AC61176E653D5EDD662AB2F898233.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\AA40964FA15EF5F78BDA33AE739C81BFFC456360.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1B1FD633BB98BB43763841B5F3B44E992925218C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9C03D64F562D8D2C492622E5C00B2A62DB668D92.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B0DE5FFBEA227A0FA0B52C871D91816BEDD7FEC7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2369332B2BBDA7470D28ACC3D8AFFC71BAE4CBF5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9998568004B85B1AD822147555555DCC99BC0341.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E2368CB7CE48F437FFCF2972CBF3302519A0B27B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5B8FF70B7325BDF208681FAF458CB39ED22F1398.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4BAECED98E76B27D255CDF91C49E1F91C8E95EEA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C49BB0B16F24074E0BC840AB03858EAB8F7C3B49.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6025050C4A65C2C0DACFF561EF3A70A307836D9F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A5B90DD3E6B4301CE6DA492C5CBB4A84401E662B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0023FF315F8F3236036371E8F212505FFE30B528.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1616C19F5B5AFBCA3456E328E0E3E6B225C84A04.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F975A8DEEAD45ECA9910B69539707EA959BA7A97.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\04FCEF03D9E5E3E90A3854B892D49DFAC5FBB2DE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8669C2FBB4F2E3B197C8C1F475EE9F7225D76E64.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\96FD55B657AFB8EE05BDB5398D7E019F236CC52A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1C5A283AB71382A5D1625CEC83DD5640559C9FC3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B417C9D08D8CFB4BB39000AF843D563484222459.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9687963403308485686E74C432E3B0ECCB02DDB6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\68BF6ACD6692C8BED2ED87AA92292D498C2C5E76.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\86DF1C1E5C2064916366BDA79B7C8AD33136F6E5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\162D42524B9622EEEE3B2C2B3FF54F0241F3B18B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3ECABBB9D0D5F59435F3C8AF417C1440EE49EF4B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\38419355394A63A64305E4A45A04556307CAD7FB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8E45FED633F4159AB013E91B67C11ED6F47C8AE1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1CC1CC59CE9DDDAB6C911F1368ED46E9574F9EBC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\63E78578AECD9B1B736D30A34417B90307674507.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2437363D7DF04741DBD72F4ED923651CE808A2B9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\18F905E22371FB5EB37D7F6E753F2A9F2E6D32B4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\EEF140651B3E08D425FB775576AC4400E1471449.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4B9958B3BC65D63EE69B89161205AFB1037A17C5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9244FC8B00D2589B60B06C9ACA7419C4AAA24D19.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1AB0824E4EFA6788DD10676C59685C991564D825.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8E548A43A36D75C8B620A0E161D8D43924C71292.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\59EB2C21D109C46D2FA1BB365F0CB842DDBD7800.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1EBAF3F576FC82881B3AFD83D963CA3699CDC59D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3B25BBA46E32245A6C7A2BCD1723005D4A20350E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\AF31767D15991D235A1BF26AED61D41C57AFCB2E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\90AD6038924B3D879B4EABEE26E0ACD49E98DD65.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7F652D13AD8F19C0D35B325FC991D1D48E3FBE6C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\09EFCD6B296259D035C17C5D9ECBE0E39A560ECA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BF5C1B9DA469B7B308F909BA2CFE20EB8CDBD4B4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\721B48A05A351312C220D55BCF0B17CF174B6677.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\FXRN3DFH\AAInAQAAAAAAAIAAwAAAAAAWembDiMBAAAAAQAAAGJkY2M4NjE0LTg3M2MtMTFkZS1iYjk3LTAwMzA0ODYzMjgxMgAAAAAAAAA=ibBOAA==,,http%3A%2F%2Fwww-news-today[1].com%2F,;ord=1250080581
Hidden: file C:\WINDOWS\system32\srvikmov\9F0B816356E258868DD8BF48474B4CCB0001543E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\896D2C0C69516E9897B4AFFA2450E1D6C2440D1E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\34231B5F03ED0F1FAAFB800F63CBCC938CED9174.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B7EBFE97A440FEDD904A94FF0A804CBD6A0B17ED.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\094FAA3E5E5D27273CC38C9F91BACF38E00DB058.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\711A2884C49303D7CCA203E029F581FCFBFC17F9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\82EA71A34D92482B64F48AB153038289285BA2C1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4F0CCFFA36B3CA978A5DF7660CF2C2784E0C9938.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5E75182F5E26DDB8F9204A63FF784516472BAA01.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C13242FDC4E4A0D7478AC057625C73980F8E45BC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4284A1B9154D63E72E03E3C7235DF4F78E3A8CCD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\55FA6807A29563A6A00FA04FD9C52DF86C870A86.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8B272FEBAD276E8190C9722AECB9C6BA0D40F737.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\16AF18F132460B281E091E7CDD3C0E3A2A40FC99.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4E2B2EDA0F43939F47B0726FF89E0F0D69A27E16.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6B8C32BB2F6EBEEB2E5DF3D2237AE70B624690F9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C1F856B7E941C802E6B8DF480128ED3A1213690B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3E20EF2A57FFE901B62AD0DE4C29EB182EFF2CAD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D7E8E23C3BDE45146E77C1340A0C2FF043728E98.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\762995CEC02324F54D538985FF44DF3D81A55A72.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B083695718B7558D21EBA840ED01A209940C2C36.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6CBED42E838FF9D5E59E6D2F4B69450AA456917B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\15F69695C2664202415992C49F0F874B82801D94.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F0607868AA15713B5191B372D791483624A95BB5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5BC8B7B0F36931319E0E845F3369A0848992E7EF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6CBE55B7B48442CB3C3994A8C3DF24C060E1CA3A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5365A5960FFFB522A805010F72232AEBB901E94D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5CC03669E4835B247689DFB46446B998EA92D76A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B6BCD53E81460DB651E96A404B697D73097BB262.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\693765EB4B6679DE39111F245B1F87740FF10619.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\XJO23B53\AAAAAAIAAwAAAAAA2uaeDiMBAAAAAQAAADMyOWIwNDJhLTg3M2QtMTFkZS05ZTdlLTAwMWIyNDc4NGE3MAAAAAAAAAA=3dhFAA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1250080777
Hidden: file C:\WINDOWS\system32\srvikmov\AF209EF736BB2FA29A7AC75544EF32EA8424E29C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7F0F533AB453F8B5291EFC920640EF54802C07C9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\ADE5A84C0D52194A3FA760BB76D83C84335515CC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0329F1DFCD835F05300979E803CBD5DBBBAD7B1D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D235ECE13E169BCC1C5F333B21B699370923B6CC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7C7BDE493101EFFFC21E49D412618E98F407C94C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\82DD495FF57424A4C635C9A44E148B89B46EBEC7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2302E34CC60E98C28D865F9A9CD6DB4B7DC20550.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\489AD2378423061B5AB40BCB24FB5CDBF41637C7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\51D199C8D49FFB408276D1F73F89784DAB411DF8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0F518069FAB4B5FCA5306380D20F3E9326C0637D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F9B5D3F4625FE1EE30434A663120172630E149FE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E34CAC98654C4454DFA0EC34164E99486B9D54BC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DAFF33CEB13D69F4BC7CC47D4EC6D480E539AFCC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\EA06F1B804D30DC99EC3181B17E9757AA5C3448B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A288E21E3E63F8965EA27CEF3488256007B80C94.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C89D9D04043433D41F022E1DD50A184242A52CFC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6605942725A7794ADE0A1DD77D763CFD09C949A1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9441185AC9C10B69704C44DE50AD6394143FF678.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A0781D451CB13C2731A24D9B1AE4AEA3EC83E6DD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C2DDB721D0CB480437A9D5BA0ED89F0F0FDDC3EC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F6D6EE506246C7555B477C2E0D1A20500B95D807.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\56A1B0DF8BED1DB45815DE698EF528C9A33A7E42.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\305EEF43FAEC6166D2DEB78EB709EFCCABC68113.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B4EE90D21F3AA2D9027D52EC2FD97C02D39E696D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B8F39656465BBF9D29393CFFDEE7A7958690AC83.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\95B8861AD8B5440E4EDD99164ED649F1E85ED55F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\655526F4B3EB0F7C8655972CCAE3F343523A613D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A8C4024D60113BD1CBC09822D962B0D9FEAD744F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B2E8948E65D67A76B4670F38F8BF089EBA4C05DE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\44AF643144556940F2D45A0304D371CEF0B02FD6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E2676446716F9AE20464EA92BD87BBA5B96955C7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CC82A4522DB5B6B12963A8FDC22F7DAC8299EDC9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4E94839F67B33E227347AA81195CF3813A4E62D2.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8CDBE6A96CEFAF739AD5BD06D4E5562319D8930F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1F1F40ECF14A850FE9A88AFB117DA8B0B58ADD8C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\479304CA88C0563583F64816077A1AFA181EB426.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\179486063B855E81E25A064281CE0F5D7860EBB3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0B85F1B6124D31CBB2A436DE26BE1C568E7313D0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A88F5EA32B732DCBEF08B38985B32D57C04CAE3D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7372658C480E33EFCDDF8B764CA55D9CDFD9B6CE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4138499F723FC8E34303C599BCBF1483A6815EBB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D09AB7AD075B6DF696B0402AB1D1FD3AD6C0C2A4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8914F125E4E009E4AE50C18487686C97A9C91E6B.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\RL19GU87\AAKnAQAAAAAAAIAAwAAAAAAp8agDiMBAAAAAQAAADdiZDE0MjRlLTg3M2QtMTFkZS1iOWY2LTAwMWIyNDkzNjI1ZQAAAAAAAAA=.Q5KAA==,,http%3A%2F%2Fwww-news-today[1].com%2F,;ord=1250080900
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\PHMXV8BB\AAAAAAIAAwAAAAAALHCgDiMBAAAAAQAAADZlOWYxOTQ4LTg3M2QtMTFkZS05MzQwLTAwMjM3ZDA2MDQ4MwAAAAAAAAA=9RtPAA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1250080878
Hidden: file C:\WINDOWS\system32\srvikmov\DC316A12F1B358374907BE344150FA61AD60BF16.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3BBA5E348E3A1DFAF7347EF93E3262077C703F01.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FD2E119ED67500D440A2D66A029FF1DB64B06DDF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\60440DFC8C77D68C2CE198821254ED83DD08D5D7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F4C3F5442912C36918639E41130C51E5AE41B10D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D923803733E4D7AF6931A37FA3416EC8F6746037.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F72A4B43BE1C766C8EDA878029B9CF0A816733FB.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\PHMXV8BB\AAAAAAAQDgUAAAAAAAIAAwAAAAAAop6jDiMBAAAAAAAAAGVhZTVmNjY2LTg3M2QtMTFkZS1iOTJmLTAwMjM3ZDA2MzMyMwBhUwAAAAA=,,http%3A%2F%2Fbollywoodondemand[1].com%2F,;ord=1250081087
Hidden: file C:\WINDOWS\system32\srvikmov\C6DE2E4FC973A0A105828AAEE5BBB7C46C9A7013.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\91703FA461E13CD7FA6D4DFA3F275F790D149D67.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0B7A76C37232A79CC43540E6E09C7766564AC7F0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6A1A420FA3451ABF30F384639890B7626FF30560.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\764AD903DC1AE919CB3EEDCD4B02345F76F55A6B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\84FCC923B9F374A249B647A746255D5696D0CE4C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A184A9794FB9BB28046E98DDF812D3C0566A4B0A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\98C103F2A5EE53C50918EC9BFE38005B547038A0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\AF05093D1394572551A526488F2F4D156E26871B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0996EFDDE8BE0534AA47786642234D6B07B32B7A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A46CCA63870EDA6664E212C2F1A2F2C190A9004C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A93C52E3BD0C67FB6E4D08A1E1A3814F55440D3E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5E5AEF292B887D0AC497E5C152D3B323469E0177.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\48D297247322C8F3608356702C85F9ED76F5D340.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\62A8E2131ECE76443B8EA335E18C36BD7041B4A3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FA3CD18F1FF1874BAC94A56B5BD61378FDF71861.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A89CE61675318A151E92579D86AE122B8C304E74.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E44721C3C6A0767D967DF72F1F7AD47CB3458960.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4BAAA215C37C6682DF70E931173071A4838DD020.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8B5D87938F94BBEB4976C6D2097686DBF6552F63.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F7A122D12CC1EE6FDC79A7BCC99F0D7B21C2F160.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\611173455464BCB14ED2CDFBB2EA7EEC24DAACA1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BBB46795AB106C0DC549A418153F8E6848B56426.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4F4F92C3797E37499FC40DAA9558049AD8E5C629.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\27633BD995ED554EC5529CE49C690168AE952BE3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6F5848DCEFD37955416CE1964A15E24B12BDF7B5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\31F1E34532A24C4A021286D18F25F013BA843B5A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\868B8EB9F724411712B1C58BD61817AFC0711C35.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\07AD48626DBF7417FDB53849A9F64878D26412DD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\502DBEEA22AD57C5A7A26491F2AD08EC59CC07B0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2D2990CF031D06277F2F974EF3F802039036DB75.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E56D28C6BFEE34084AC66784A555A1352D736A14.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5507B6221B77C94046D58C7DE2E8BFB2AD73FFB6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DB8BB78CD7E2E5449A5E6B49DD78F3356649CC71.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0FED1396227A98911CD23EB1130B215E00852AA6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\70492621935DBE353AA9DD1F8842290A7FF7DAEC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CFFFDB15DE32655938BE032D712D79785E7E6B6E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\48751D069300B7A5FB44499565E534B503BACBE4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7099072296780433EE5C20333E826EBE369BD864.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\7FAD594362DDE858A00E2DF802C62F14E6251AB0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\EB5CF74BA2EA536107C6A839E8D0CD80082D64A2.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\67B7CC599B02F71F41D0D92AAF0FD3F71B5E9203.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\50FCB1FAE3BC8504F11F990D48A769A6F721589F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\46641DA97B29BB62AEC6B5FC7A34216A7D6F9EDF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\44FAF731C03F7832AE6F58CC277BE76663206C47.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3959888ACC4201A973E77D8F715DCD78625C40CA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8A31CAA5F20699307DE265226BA4E374AB44A764.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E572328D458A1170EDA895E208BCAE4449B4C4A1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6B0ADCE2E16C0DB4FA1078034270D8C64176C0BD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E7D684E051FEAC51E858BDFC29B1F4EEAB383A74.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A1297B0861BB4D9E7F27C5F0783125D0B0F442D5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4BE8C0D7A765841C7DCC5594D206FC6B46C157E0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\01DEB2C18C941DC195C7B1F6ADB769BA1D82D5ED.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3D3EE5C3890A711A317452F4C8B732257362C1D1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\00CA1DD05F34DA25CA4C399B6C3FD45E72CD5141.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\I813L01N\AAAAAAACb-AQAAAAAAAIAAwAAAAAAYsGlDiMBAAAAAAAAADNlNTM2MzEwLTg3M2UtMTFkZS04MDA0LTAwMWIyNDc4Mzk5NgAAAAAAAAA=,,http%3A%2F%2Fad.media-servers[1].net%2F,;ord=1250081227
Hidden: file C:\WINDOWS\system32\srvikmov\BDDBF633E76EA7AEFB34668CE279DA818445CDC1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D273B1E1D651698325BB273555418CFDF6B922CD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A40ABAC6AA365DA91BF1F16EBCE85F5875F40170.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9283FBD7AF27664EDC602A5D029011939D619C04.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\78AF39E188F36FC086C98963EF9214B75737D23A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CA059CA92D0F35F234D1E76DCE5739C05FD43A0F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1588C2857119165F9246062800F76363C83DFD3E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C91E65D7DE590C7F02945A93064B64DCE154CCC9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2747F13F9A1EBD8B127B8AE2631365045A9D3DCD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\90EF9A69649A3D445A0C1D5861AE7BC7E92AE6AE.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\985F10AB16C48FB98A149A50506BDCF9B76AFD95.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FF374CA9C436D53EB8BCE7682C46222C4E5DB1B9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\690491FCF5431CDC6E8EA17B904460FB081472E5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\32E0323B9B7498D84E7F40FD11D8961FFA5EC31A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\85757A3705A9FACFE5D7B482CEB06F2C2575C490.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8A6288526A3B2EA73C879DB3947BE458873B6FCD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D2A49E086DF8E656E4F40DB7EBCF38B2FB503817.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\265E10F13A03EA777CD22BC9AE2A446CBA75AE98.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\24D64C240B423F56F007167E25617276F7008632.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4F4ADB3FAF5D096A9618D60B2DAF6A848D3BD16C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DE25582FC85428384DF151C94D8E5EC523772241.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3F7B3F9626D991849E294132779AE558E1C7EA10.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C6D494D60001927C49C364C5E65580BB0AAAECAF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9E39B6A2DB05FC1E71314F8CA47CC61D812B1AB1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\39AF23BD57336C5BF1A7D4D00F8AB16437C5F72F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\14D23E354CB5308ACA1B67AFAAEDA2F72864F07B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\065273D281660A66BEA8A41F4CD6508E022DE384.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D3D25E39CFECDD20BA2629362FFD6A6C3D10758A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1CF0BD8C47395B00B88304B9BF58244C1A018D34.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2F77166C9B354D2A45D41A34A891355BA034D235.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D577DA21A18051EB922B8DCE8161FB9E33350A17.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\390C74A1DBCAEEF9D4E33182B46EFDECFDD8AD7A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\035A0412882EEAE0606C05BFF75DDE880B36A6B6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C7A7D9BB4B2A4C841D74D735B951F8CCDB0688FA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8C3FEE2F5D8FBDB7069371979CE51B3A49D737F3.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\RL19GU87\AAA6jgMAAAAAAAIAAwAAAAAAqcCmDiMBAAAAAAAAAAAAAJYEaXI7AAAA0FNRnyoAAABgMsNhAAAAAMhTUZ8qAAAAAAAAAAAAAAA=,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1250081292
Hidden: file C:\WINDOWS\system32\matipcat32.dll
Hidden: file C:\WINDOWS\system32\srvikmov\1E913F04791EE194DC67FB90E181AABDD7728C29.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E9DDD2C80E514B6ABD685AE1EFE63F54CF8C3DC8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C3BB8FB760368827077E6DAAB43B35229A7ED943.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E80E174C108F74B9E054D610E59FA5E585787C1E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C9EA1C86F1F7CEBCF4C62EE90FB8D152568040A3.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\RL19GU87\AAA6jgMAAAAAAAIAAwAAAAAA1VKpDiMBAAAAAAAAAAAAAJYEuT06AAAAgFJxnyoAAABgwmJdAAAAAHhScZ8qAAAAAAAAAAAAAAA=,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1250081460
Hidden: file C:\WINDOWS\system32\srvikmov\64403E70AD6C024518F4DD1BB4DD62EC43BA26C4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\EF8B6364E1328F9C7AAC64F0924263BE13B12C0F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\22646B9CA53D10B29893B36E5D2156FDDCE00A2C.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\B8PP940Z\nment;adlocation=site_below_header;campaign=;page=category;kw=blinkx;pid=11;sz=728x90,728x91;dclu5=ad5b79bb1dc4ddf;source=site;t=1;tile=1;ord=2907235150159956[1]
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\Q4KRMISG\ment;adlocation=site_below_player;campaign=;page=category;kw=blinkx;pid=11;sz=468x62,300x251;dclu5=ad5b79bb1dc4ddf;source=site;t=1;tile=2;ord=2907235150159956[1]
Hidden: file C:\WINDOWS\system32\srvikmov\81FD394200416087C3B22DBABD590865011CB7BD.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\FXRN3DFH\news;adlocation=site_below_player;campaign=;page=category;kw=blinkx;pid=10;sz=468x62,300x251;dclu5=532fa68b432d38b;source=site;t=1;tile=2;ord=6888621804315938[1]
Hidden: file C:\WINDOWS\system32\srvikmov\BF1B83E35ABC907B0729B5434B2BA5EFF0A3BCA8.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\55TDNSGT\s=0;page=category;playlisteverythree=false;playtimes=0;pid=10;kw=blinkx;fc_utarget_ok=true;t=1;sz=125x30,234x60,300x250,980x610,468x60,728x90;tile=2;~cs=q[1].gif
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\PHMXV8BB\al;adlocation=site_below_header;campaign=;page=searchresults;kw=blinkx;pid=;sz=728x90,728x91;dclu5=532fa68b432d38b;source=site;t=1;tile=1;ord=3919344855376597[1]
Hidden: file C:\WINDOWS\system32\srvikmov\84603F24316604B535EE3A2925D8400EEE5F30A5.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A2DAE4F459FB507DCED15E46A4EA15B65A1867D9.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\XJO23B53\l;adlocation=site_below_player;campaign=;page=searchresults;kw=blinkx;pid=;sz=468x62,300x251;dclu5=532fa68b432d38b;source=site;t=1;tile=2;ord=3919344855376597[1]
Hidden: file C:\WINDOWS\system32\srvikmov\9B9181EF2054F6A744CCED6301370895A20B55D8.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CB5D5734251F10167F100419CF5D7FAC7F40DC2C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C7006F1F61A76F8927415D04FCCD9B76903B9FFB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E76E164BFAD9F2C76AF03349D90D0A4175D5DB88.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2A5DE971C955FA4AC8C3B6AA05757D07DEA3334D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5A8F512A58AFC185644B97DB8A809DDD31F23B8D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\22AB7B306C2D23881F22F1CFA0BCA60F7B8BE613.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E22562C25BA06BE24470B85AD1D1D132E17C092B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5821F4AFA6ACF2E3C24AE00D2C890F73330F1F8C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\EF03C458CA3A2E05C00C5B3E33B3B36D6BDE69B1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\71FCA2CE3AB15C084EC5D09AB1B03AE298D4E63D.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\Q4KRMISG\AABRAwQAAAAAAAIAAwAAAAAAvderDiMBAAAAAAAAAAAzjpYEab88AAAAgPKjnioAAABgssNmAAAAAHjyo54qAAAAAAAAAAAAAAA=,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1250081626
Hidden: file C:\WINDOWS\system32\srvikmov\1AF7D724DD948063FB7D1DA9A43EEFECC8B2F661.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\90F016BCED5953547A1EF655E681E41E1DE2F0AA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\19AF37543DC939075C4B500178BE4ECA4843A0AB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\35CAE9DE2C5D346C2B2AFC8138469A9106457502.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B5F237E6B60E4CF25904ACB9731DACA30D63F192.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CDFE96BD30EA8F8DD8207B189F8584152621E417.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D13E650BED94C544A0CEC435E225AD8A0C98248F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D39CE9EE3A69179E4DFC7F60F2091ABD464937E2.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6DB761EA1BF71FC7D7406A9CC1CA5DC9B80C976D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\416A3CABC19D651D5774528440DF664BF1E2EE16.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\98C6FEEBF90A2B1901F7249ED2E250626A5F638A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\283405CBC20256D50DBFA5F6F8B2FF3D3D9B47DB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\809ABA942311F0EB7F1E6EAE3196005EA445EBED.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F5D1E9F69F416B1A4634482C39623EE8D9847017.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1A3437A1089C030B6C97E051BB6F07730D7BFC71.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\79D71747144CAE9D21FE2EDC5C931DC29D0B80C2.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\6FCA2ED7A1C5A4D6010CF5ECF5086BA00B2C548D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4C541D59EFA232EDF0D46CD2C20F394B258AF9B3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5B3237416D6D007AFBD769962DB082DBF7273718.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BA5B1F47C8BC49CF10F7E0D80D795E82C53276A4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1DA8FE66B792752BFF14F0A0BE53F45A72B282E7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FCE2585CB04E506372482532B3469E9A03C3595D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\99CABC9607F1A97467094807AA00CFA2EC29BE42.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\2490EB577F0EC830FEF1D7214A3327896E78BD7B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F1DF58FEB2CCB874F3D4EB6704119BE69B0C4354.vmp
Hidden: file C:\WINDOWS\system32\SKYNETmnukdbuw.dat
Hidden: file C:\WINDOWS\system32\srvikmov\54B8A519E5776EB288B7E534FDA8C0A3638F6E64.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A25C6AE1013C1D6CDCDED6AC3F683BB07A98D0BD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E4605CBE47EBE901072823680490A3ED906926BD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\93503DE0562B67C3797BBB70E96109F4557BC655.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\I813L01N\nment;adlocation=site_below_header;campaign=;page=category;kw=blinkx;pid=11;sz=728x90,728x91;dclu5=b281472b4579e14;source=site;t=1;tile=1;ord=3570893233058041[1]
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\RL19GU87\c;adlocation=site_below_header;campaign=;page=searchresults;kw=blinkx;pid=;sz=728x90,728x91;dclu5=532fa68b432d38b;source=site;t=2;tile=1;ord=1465711146300724[1].5
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\55TDNSGT\;adlocation=site_below_player;campaign=;page=searchresults;kw=blinkx;pid=;sz=468x62,300x251;dclu5=532fa68b432d38b;source=site;t=2;tile=2;ord=1465711146300724[1].5
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\ROKWIFYI\music;adlocation=site_above_results;campaign=;page=searchresults;kw=blinkx;pid=;sz=300x250;dclu5=532fa68b432d38b;source=site;t=2;tile=3;ord=1465711146300724[1].5
Hidden: file C:\WINDOWS\system32\srvikmov\0B79AE3879841DCBDD1705EEA5DF9DC09692ADD9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B67AA635866AD40C44DBE8108254BBA1DB60E7A4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\505424D59D80F739C1043086EF40DFACD52DA7E9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\390FE731AE171152EA302DEDED5DC92B38A8F4A0.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\6AUMLVF8\;page=searchresults;playlisteverythree=false;playtimes=0;pid=;kw=blinkx;fc_utarget_ok=true;t=2;sz=125x30,234x60,300x250,980x610,468x60,728x90;tile=2;~cs=h[1].gif
Hidden: file C:\WINDOWS\system32\drivers\SKYNETsbpbvytv.sys
Hidden: file C:\WINDOWS\system32\SKYNETbdufhpof.dll
Hidden: file C:\WINDOWS\system32\srvikmov\DC755707B46CAE7359DF9482EB66EE0ADFFD7BD3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5086F04DB49B1AD8FF251CE1AF0809E5FE34FB46.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A489E778359F552E21F4EC00ACF19584562AA3A2.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\34AAA3D4F6298E9B0FDE9E12F72112762B8453D7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\46374D9003671C67AF4E9F26F5F8A9ADD011EC92.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D030D729E6B328388929A193C42D3D60F92DB68A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D9846A78ED2430195547FEB0A19319512B142E94.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\171366BE0FA6702A57B0077A8C88FF59AE3B7A12.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3DC4432A1CAB464A4A19C0B47B9F346B3F6B6F90.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\358701512ABD68ABD10DB3E425A6D711D764F6CA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A6F19D210312545ECD0B2E1214F75E022B09E164.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C006038CC051BB703D7FFA023CC80A1649909E84.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3A07A30449CB2C1F62195052D3CA4AA9B5ABF2B0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8E3845CCA405A4EF48B47662C55F5FAF2AFF07CF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8FDEB97B06695AF9832028169F36D8342C6907E3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5BEC8EA3D5C26369F72AE2DAE18A4AD9A6D9BCB9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C9A11102AAC295D13D6DC87C2D911E3820C92D40.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\41309DE273054EC245D9209501F62B7559A8AB6C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\529A229F1970BC83728AF827CAFB172EF5C40832.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9DDFC916CB19BE1B4BAA368C2625273C08C9575D.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BEA284C62CA0C98AEE1A07237ED67044AD6EE22F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5B4743A584D4A5EFB41CC6DC17481066FBB76A5C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\565EAC0455186955E55E6EDF8BD03F9077167469.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\9F2334AAADC8DCE4C0DA132AF13FC158E4777776.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\533CCA8960B9E64E3825536FA2FE64473101FEDA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8BAC9B03C9BE23EADD7315D701B93C7DE6FA4F75.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\AEB47BD7F4AAC4AD4D83987BB28D4F4552DC3F81.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\440FCA31AF37EAA5D17415C9B7458D46A4F54BF7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4C7AB7A76E61C3758D889F5778EE56AD94F69FE6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0184B45160F16CA353AE7190BD88466B383230C6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DAC17595C0D551E8412CA637D7CDF190A54484C1.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8F5D69AB03510051182E67E1126916F3882A68EA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\20C5C345DBB74C313F0D2988B2B055B4AF91B385.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\75EC79891EE766CEDC211964584D6B16078F68EC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\5FC7B4590A98446AA1F1C367C84B90C1AC28F087.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3FE6A8E45DEB81B373E68A2F0CDA3C1D24E209E4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\12303B3CF20F9618FAB4684288A65D37486ABAB3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\B3E2749807C38F1D43720DEC1A0D132C03B44356.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\DC5C185B93B302508D1C8D49C51AF8BE79E6FF99.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E32868890CDB5E762195D4C66898A55BC8E6B1EC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\ABDC86C5B0965BF946D271EFF66E799B476E90C6.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F4DEE94D40D48881F69BE4B565A9D84D2BDE0F5F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\BD0FCE1F4F0C492C847975D187F2155D3D205F9F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E5FC76FEC1E6C2F2A9C19EDD0E104097C78AF934.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\55TDNSGT\AAA6jgMAAAAAAAIAAwAAAAAAqmGtDiMBAAAAAAAAAAAzjpYEaRk7AAAAwBxjmioAAABg4qFUAAAAALgcY5oqAAAAAAAAAAAAAAA=,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1250081726
Hidden: file C:\WINDOWS\system32\srvikmov\174036C930945F970D1D57E1D0E3E8A8D0352E40.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\44D64F5E977B2C2AA56C0BA96CCBF196A485B30C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F39A4F35EEC01AC186CA718426531044441EB1F0.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F1708626647EB8B1B152516C74B487D2D5EE5A97.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\500F65148617AE64CAEFF8CE7FDC27E78D3DCED3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CB60B15ED3C74400C7DE4E40CC55D2A11D28F2A3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CA93907D3F466AE6FD28017661411DDA9CC815E0.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\0I9Z3424\AABRAwQAAAAAAAIAAwAAAAAAIMevDiMBAAAAAAAAAAAAAJYEacw7AAAAMGGkoyoAAABgQmRsAAAAANAW0NUrAAAAGALQICsAAAA=,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1250081883
Hidden: file C:\WINDOWS\system32\srvikmov\1339758D99099C8B3E5C74856B9D6A53D3B8C6EB.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FF1AC62F1A04C165DC114ECF9D4E4E87C416DB78.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\ROKWIFYI\AAInAQAAAAAAAIAAwAAAAAAfySwDiMBAAAAAQAAAGQ0MTMwOGRjLTg3M2YtMTFkZS05ZmRlLTAwMjM3ZDQzOGVkMQAAAAAAAAA=ibBOAA==,,http%3A%2F%2Fwww-news-today[1].com%2F,;ord=1250081907
Hidden: file C:\WINDOWS\system32\srvikmov\3F5D958CB1FF77747A1FDDAC314CE9BA6253DA71.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\R2L1FMCN\AAA6jgMAAAAAAAIAAwAAAAAA.lOwDiMBAAAAAAAAAAAAAJYEidM5AAAAkFUxnyoAAABgEoRqAAAAAIhVMZ8qAAAAAAAAAAAAAAA=,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1250081919
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\OGXBHYJV\AAA6jgMAAAAAAAIAAwAAAAAAJYOwDiMBAAAAAAAAAAAAAJYECc8wAAAAsFRBnyoAAABgQmFOAAAAAKhUQZ8qAAAAAAAAAAAAAAA=,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1250081932
Hidden: file C:\WINDOWS\system32\srvikmov\DF7C0E2FC2C861F51D5D10753EAD43F99A078520.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\8BC6252B11A63923F24F915D8A169E4062A1BD03.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\FXRN3DFH\AAKnAQAAAAAAAIAAwAAAAAAQIOzDiMBAAAAAQAAADU3Yjg1MDJhLTg3NDAtMTFkZS05ZGM4LTAwMWU2ODM3ZWIyNQAAAAAAAAA=.Q5KAA==,,http%3A%2F%2Fwww-news-today[1].com%2F,;ord=1250082128
Hidden: file C:\WINDOWS\system32\srvikmov\DEE7CCA4439ADD4559FEF8B7B66CD02D8915E302.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\48C8CC6DA4EF3B7272F9F32B2058313CA746ABA7.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\42A5EEBFE4DEC898122A1E29A02AAE2D184446FA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0E556972541CF26933ABC25BFAF5BE9734D4C6DC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\69EF092E7835F7A89F78C69F307CA76ADEF9A6B5.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\OGXBHYJV\ADodQQAAAAAAAIAAwAAAAAAJLG0DiMBAAAAAQAAADg1YzhkYzI4LTg3NDAtMTFkZS05ZTdkLTAwMWIyNDc4NDk4ZQAAAAAAAAA=QWNIAA==,,http%3A%2F%2Fwww-news-today[1].com%2F,;ord=1250082205
Hidden: file C:\WINDOWS\system32\srvikmov\6028560DE6B954C0BB3FC8B15AE48239C04CECDA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\A96360071DF5AD7A5C9C01F37B36B460A9ADBA50.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F984E754EDE8607232A0FE17E6E7F1529176632F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\84787316FB2E8EF94C5C44D06ECD2923814430AC.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\433132F30E75E791E072BDC42D5C978207F21520.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\FB83413ADB3730F47D0049DD01CACAD50DA19440.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\D011BABA35FEB65DEDDE32EED7BCACF02C0820BF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\187CD6448CAA06CA4D1B9836591362C88B6DDADF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\3EBFE0D2BAD81AE0191E9AD5E74C0344B343895B.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\53C0A1FD5689D611156A52FF16EF39ACDCD58589.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E89174874FE663BE54AB4333CC3E83E149B4167C.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\OGXBHYJV\AAIAAwAAAAAAN423DiMBAAAAAAAAAAAAAJYEmaY2AAAAQFRhnyoAAABgAuJVAAAAABjSUZYqAAAAGNJRlioAAAA=,,http%3A%2F%2Fserved.antventure.com%2Fcreatives%2Fvizi%2F72890ad[1].html,
Hidden: file C:\WINDOWS\system32\srvikmov\32EDC36B631A78ABE9E5CD3E3634E17D351FD7D4.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\63CB07E688B7830D8C308FE10A2C788CC078DB77.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\1136250CBEB2405D15800DEEA33EA4DDE00044BF.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\76F23AF203D9B981BA04AE231434571E9742136F.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\E7D9514364CB84135C19223E31E70AEFAB2CBA9E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0BBFBC4807A27CC935DBA1FE05E5CBBA9C21A91E.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\0073A0366B978D6A78A41A3ED735A19A90CCC516.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\7E8XLCCJ\AAIAAwAAAAAAyka4DiMBAAAAAAAAAAAAAJYEOT8xAAAAMIEYrCoAAABgYqNjAAAAABgLwMArAAAAGAJAICsAAAA=,,http%3A%2F%2Fserved.antventure.com%2Fcreatives%2Fvizi%2F72890ad[1].html,
Hidden: file C:\WINDOWS\system32\srvikmov\E11C42C335F1769BF58BD859F596E225402A0563.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\44D86C27FF60F81271E6E9FBA0DFE8C02FACD24A.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\64A29E72AE34B1F61E077D0E6DCB03B4DE8144C3.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\334B6D15505958235ACDCEC9DA605D17022F066C.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\C6345477453E8FA6CA3ADBC60875D9091C2571B2.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\F46D66F78E7461CD02EDC4A5A5C574E420BFF3CD.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\CB1589E8CD0DC567F0EB01B6A286F3EF541B53A9.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\4123E2EBED4889152D90256D81F5380A6F5408BC.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\TA3CF4HV\1;fpa=1195231261-6178003-57212307;fpbn=1;fpb=521667369;ns=0;url=http%3A%2F%2Fwww.optiar.com%2F%3Fq%3Dblah;ref=http%3A%2F%2Fwww.fulldotfind.com%2Fpubac%2Fac[1].gif
Hidden: file C:\WINDOWS\system32\srvikmov\9CAD268DB725E97D524D0C06DBC5D2C63704A115.vmp
Stopped logging on 8/12/2009 at 13:07:57 PM


Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 8/12/2009 at 13:23:10 PM
User "C Coyne" on computer "CHRIS"
Windows version 5.1 SP 2.0 Service Pack 2 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\UAC
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETsqdruiro
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SKYNETsqdruiro
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UACd.sys
Stopped logging on 8/12/2009 at 13:26:17 PM


Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 8/12/2009 at 13:30:54 PM
User "C Coyne" on computer "CHRIS"
Windows version 5.1 SP 2.0 Service Pack 2 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\UAC
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETsqdruiro
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SKYNETsqdruiro
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UACd.sys
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\WINDOWS\system32\srvikmov\7FD1D62F5814E90D3FE587CCAB21A2FF224937BA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\44BF3A729F722C38476B9097A4DB5AF1DF1F55B1.vmp
Hidden: file C:\WINDOWS\system32\SKYNETjuanhgyr.dll
Hidden: file C:\WINDOWS\system32\tblevmid.dll
Hidden: file C:\WINDOWS\system32\UACayleeaopfo.dll
Hidden: file C:\WINDOWS\system32\SKYNEThobtghqb.dat
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\temp\UAC2bad.tmp
Hidden: file C:\WINDOWS\system32\drivers\UACmliiplnxxg.sys
Hidden: file C:\WINDOWS\system32\UACdobugqsdgy.dll
Hidden: file C:\WINDOWS\system32\uacinit.dll
Hidden: file C:\WINDOWS\system32\UACrwclfsjxfm.dat
Hidden: file C:\WINDOWS\system32\UACpevtaldawr.db
Hidden: file C:\WINDOWS\system32\UACiogaudgmbl.dll
Hidden: file C:\WINDOWS\system32\UACjtthedqndq.dll
Hidden: file C:\WINDOWS\Temp\UAC2570.tmp
Hidden: file C:\WINDOWS\system32\3dokcan.dll
Hidden: file C:\WINDOWS\system32\extiww32.dll
Hidden: file C:\WINDOWS\system32\imgorpop.dll
Hidden: file C:\WINDOWS\system32\errevmat.exe
Hidden: file C:\WINDOWS\system32\kerohsec.dll
Hidden: file C:\WINDOWS\system32\matipcat32.dll
Hidden: file C:\WINDOWS\system32\SKYNETmnukdbuw.dat
Hidden: file C:\WINDOWS\system32\drivers\SKYNETsbpbvytv.sys
Hidden: file C:\WINDOWS\system32\SKYNETbdufhpof.dll
Hidden: file C:\WINDOWS\system32\srvikmov\A51E21ED3750E65E7B2457F6018BF4F28899A00F.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\6AUMLVF8\.com%252Fmasscast%252F2%252Fdailymotion.us%252Fhome%252F75495%2540Top%253FDMLANG%253Den%2526DMTYPE%253Dprod%2526DMV3%253D1;ref=http%3A%2F%2Fwww.dailymotion[1].gif
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\OGXBHYJV\.com%252Fmasscast%252F2%252Fdailymotion.us%252Fhome%252F20919%2540Top%253FDMLANG%253Den%2526DMTYPE%253Dprod%2526DMV3%253D1;ref=http%3A%2F%2Fwww.dailymotion[1].gif
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\OGXBHYJV\.com%252Fmasscast%252F2%252Fdailymotion.us%252Fhome%252F67311%2540Top%253FDMLANG%253Den%2526DMTYPE%253Dprod%2526DMV3%253D1;ref=http%3A%2F%2Fwww.dailymotion[1].gif
Hidden: file C:\WINDOWS\system32\srvikmov\inadv32.ocx
Stopped logging on 8/12/2009 at 14:07:11 PM


Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 8/12/2009 at 14:14:08 PM
User "C Coyne" on computer "CHRIS"
Windows version 5.1 SP 2.0 Service Pack 2 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\UAC
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETsqdruiro
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SKYNETsqdruiro
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UACd.sys
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\WINDOWS\system32\srvikmov\7FD1D62F5814E90D3FE587CCAB21A2FF224937BA.vmp
Hidden: file C:\WINDOWS\system32\srvikmov\44BF3A729F722C38476B9097A4DB5AF1DF1F55B1.vmp
Hidden: file C:\WINDOWS\system32\SKYNETjuanhgyr.dll
Hidden: file C:\WINDOWS\system32\tblevmid.dll
Hidden: file C:\WINDOWS\system32\UACayleeaopfo.dll
Hidden: file C:\WINDOWS\system32\SKYNEThobtghqb.dat
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\temp\UAC2bad.tmp
Hidden: file C:\WINDOWS\system32\drivers\UACmliiplnxxg.sys
Hidden: file C:\WINDOWS\system32\UACdobugqsdgy.dll
Hidden: file C:\WINDOWS\system32\uacinit.dll
Hidden: file C:\WINDOWS\system32\UACrwclfsjxfm.dat
Hidden: file C:\WINDOWS\system32\UACpevtaldawr.db
Hidden: file C:\WINDOWS\system32\UACiogaudgmbl.dll
Hidden: file C:\WINDOWS\system32\UACjtthedqndq.dll
Hidden: file C:\WINDOWS\Temp\UAC2570.tmp
Hidden: file C:\WINDOWS\system32\3dokcan.dll
Hidden: file C:\WINDOWS\system32\extiww32.dll
Hidden: file C:\WINDOWS\system32\imgorpop.dll
Hidden: file C:\WINDOWS\system32\errevmat.exe
Hidden: file C:\WINDOWS\system32\kerohsec.dll
Hidden: file C:\WINDOWS\system32\matipcat32.dll
Hidden: file C:\WINDOWS\system32\SKYNETmnukdbuw.dat
Hidden: file C:\WINDOWS\system32\drivers\SKYNETsbpbvytv.sys
Hidden: file C:\WINDOWS\system32\SKYNETbdufhpof.dll
Hidden: file C:\WINDOWS\system32\srvikmov\A51E21ED3750E65E7B2457F6018BF4F28899A00F.vmp
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\6AUMLVF8\.com%252Fmasscast%252F2%252Fdailymotion.us%252Fhome%252F75495%2540Top%253FDMLANG%253Den%2526DMTYPE%253Dprod%2526DMV3%253D1;ref=http%3A%2F%2Fwww.dailymotion[1].gif
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\OGXBHYJV\.com%252Fmasscast%252F2%252Fdailymotion.us%252Fhome%252F20919%2540Top%253FDMLANG%253Den%2526DMTYPE%253Dprod%2526DMV3%253D1;ref=http%3A%2F%2Fwww.dailymotion[1].gif
Hidden: file C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\OGXBHYJV\.com%252Fmasscast%252F2%252Fdailymotion.us%252Fhome%252F67311%2540Top%253FDMLANG%253Den%2526DMTYPE%253Dprod%2526DMV3%253D1;ref=http%3A%2F%2Fwww.dailymotion[1].gif
Hidden: file C:\WINDOWS\system32\srvikmov\inadv32.ocx
Stopped logging on 8/12/2009 at 14:50:06 PM

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:33 PM

Posted 12 August 2009 - 10:43 PM

Ok this may take several tries.
Rerun Sophos and Kill these.

C:\WINDOWS\system32\drivers\SKYNETsbpbvytv.sys
C:\WINDOWS\system32\drivers\UACmliiplnxxg.sys


Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 ComputerNutjob

ComputerNutjob

  • Banned
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 12 August 2009 - 11:15 PM

It would also be a good idea to give her an account with LIMITED PERMISSIONS. If she actually initiated the download, the computer would ask for the admin password. If the site initiated it, I'm not sure what would happen. Tell her this: If the software publisher cannot be verified, like Microsoft, or Nexon or Apple or Lavasoft or Alwil Software or something, that she SHOULD NOT DOWNLOAD IT. And don't, repeat, DON'T GO TO A SITE THAT ADVERTISES CODE, OR DOWNLOADS FOR ANOTHER DOWNLOAD OR PRODUCT. Unless that code/download is from the same company that made the original product, it is probably either a virus or a graphical surprise.


Surf Safe!


ComputerNutjob

Edited by ComputerNutjob, 12 August 2009 - 11:21 PM.


#6 ccyne

ccyne
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 13 August 2009 - 09:22 AM

Finished all the tasks....

here are the Logs


Malwarebytes' Anti-Malware 1.40
Database version: 2615
Windows 5.1.2600 Service Pack 2

8/13/2009 9:41:28 AM
mbam-log-2009-08-13 (09-41-28).txt

Scan type: Quick Scan
Objects scanned: 102275
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 23

Memory Processes Infected:
C:\Documents and Settings\C Coyne\Local Settings\temp\b.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\msc.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\C Coyne\Local Settings\temp\b.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACjtthedqndq.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xa.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\C Coyne\Local Settings\temp\32.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\C Coyne\Local Settings\temp\4A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\C Coyne\Local Settings\temp\c.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\C Coyne\Local Settings\temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\C Coyne\Local Settings\temp\e.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\C Coyne\Local Settings\temp\f.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\msb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SKYNEThobtghqb.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SKYNETmnukdbuw.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msc.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACdobugqsdgy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACiogaudgmbl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACrwclfsjxfm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SKYNETbdufhpof.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SKYNETjuanhgyr.dll (Trojan.Agent) -> Quarantined and deleted successfully.




Rootrepeal log

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/13 09:56
Program Version: Version 1.3.3.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA992000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BA2000 Size: 8192 File Visible: No Signed: -
Status: -

Name: qpuoejg.sys
Image Path: qpuoejg.sys
Address: 0xF763E000 Size: 61440 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8BBE000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\modemlog_hdaudio softv92 data fax modem with smartcp.txt
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\system32\3dokcan.dll
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\extiww32.dll
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\matipcat32.dll
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\errevmat.exe
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\tblevmid.dll
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\kerohsec.dll
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\imgorpop.dll
Status: Locked to the Windows API!

Path: c:\windows\temp\mcmsc_y9gel5lhmd1pide
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: \\?\C:\WINDOWS\system32\srvikmov\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\WINDOWS\system32\srvikmov\44BF3A729F722C38476B9097A4DB5AF1DF1F55B1.vmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\srvikmov\7FD1D62F5814E90D3FE587CCAB21A2FF224937BA.vmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\srvikmov\A51E21ED3750E65E7B2457F6018BF4F28899A00F.vmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\srvikmov\inadv32.ocx
Status: Invisible to the Windows API!

Hidden Services
-------------------
Service Name: SKYNETsqdruiro
Image Path: C:\WINDOWS\system32\drivers\SKYNETsbpbvytv.sys

Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACmliiplnxxg.sys

==EOF==

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:33 PM

Posted 13 August 2009 - 06:51 PM

Hi, got busy today..
i need you to rerun Rootrepeal .. This time select only the FILES box.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 ccyne

ccyne
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 13 August 2009 - 07:30 PM

No problem... I appreciate that you are here to help!

Here is the log

I did get an error box
said something like : rootrepeal error
Could not read our index B???( pretty bad when I can't read my own writing )



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/13 20:08
Program Version: Version 1.3.3.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\3dokcan.dll
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\extiww32.dll
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\matipcat32.dll
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\errevmat.exe
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\tblevmid.dll
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\kerohsec.dll
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\imgorpop.dll
Status: Locked to the Windows API!

Path: c:\windows\temp\mcafee_glv6kbacaoqs84e
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_ktxyy2x7kpijqk7
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: \\?\C:\WINDOWS\system32\srvikmov\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\WINDOWS\system32\srvikmov\44BF3A729F722C38476B9097A4DB5AF1DF1F55B1.vmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\srvikmov\7FD1D62F5814E90D3FE587CCAB21A2FF224937BA.vmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\srvikmov\A51E21ED3750E65E7B2457F6018BF4F28899A00F.vmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\srvikmov\inadv32.ocx
Status: Invisible to the Windows API!

==EOF==

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:33 PM

Posted 13 August 2009 - 07:41 PM

Hello you're welcome.. This file is perplexing me.. I am waiting for other info on it..
Can you do a search for this file..C:\WINDOWS\system32\srvikmov

If found...
Upload this file for a second opinion on what it actually is..

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

<filepath>suspect.file

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 ccyne

ccyne
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 13 August 2009 - 07:49 PM

It's a program I installed from spectorsoft to monitor my computer usage. Had someone doing something they shouldn't and I needed proof. I got what I needed and problem went away. I just never removed the program.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:33 PM

Posted 13 August 2009 - 08:08 PM

Ok then ,that's a relief..ow let's dio these to get rid of anything else.

Next run ATF and SAS:

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 ccyne

ccyne
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 14 August 2009 - 07:02 AM

Here is the log. Things seem to be working again as they should.

I am concerned about my AV software/firewall. It is The Mcaffe security center provided by Cox Highspeed. I regularly update the software but this is the second known time it has let an infection through and been hijacked. I use it because it's free ( well, paid for with my highspeed sevice). Is there anything I should do to provide better protection? Do you recommend uninstalling and reinstalling it, getting rid of it and trying something else?
I typically only run the security center. I don't keep MAMB or SAS active, should I?



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/14/2009 at 02:36 AM

Application Version : 4.27.1002

Core Rules Database Version : 4056
Trace Rules Database Version: 1996

Scan type : Complete Scan
Total Scan Time : 04:57:13

Memory items scanned : 249
Memory threats detected : 0
Registry items scanned : 7438
Registry threats detected : 0
File items scanned : 119497
File threats detected : 1

Adware.Vundo/Variant
C:\WINDOWS\SYSTEM32\3DOKCAN.DLL

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:33 PM

Posted 14 August 2009 - 08:47 PM

Hello, please do this next.Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.



Also , please take a moment to read quietman7's excellent prevention tips in post 17 here
Click>>Tips to protect yourself against malware and reduce the potential for re-infection:
If you still have some questions please ask.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 ccyne

ccyne
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 15 August 2009 - 10:07 AM

Thanks!!

Couple quick questions, Java I usually get one or two alerts eminating from the toolbar wanting me to upgrade. What is the best way to make sure I'm updating it properly. I've heard of nasties getting in through them. Also IE explorer keeps encountering an error and closing (prior to and still after this last infection). It has been an inconvinence at most but obviously somethings not right. My updates have always been set to automatic for windows and IE. Should I be doing these manually to make sure it's right?

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:33 PM

Posted 15 August 2009 - 10:19 AM

OK let's do this first.. Are your windows updates complete

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users