Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

services.exe Malware??????


  • This topic is locked This topic is locked
18 replies to this topic

#1 Raker

Raker

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 10 September 2011 - 06:26 PM

I have a dell latitiude D830 running WinXp Pro Service pack 3, symantec end point protection and windows firewalla that i believe is infected with services.exe. I found two instances of this running via task manager. One appears to be legit windows and the other appears to be malware based off of some articles I read. I can open task manager with control alt delete but it takes maybe an hour to actually open. I can open task manager via Run then "taskmgr" then it opens right away. When I started the pc and logged in, Symantec would show a end point protection alert with something called tlgwpg.exe in the file name (sorry I do not know exactly what it said). It said it was C:\Documents and Settings\mkershaw\Application Data\tlgwpg.exe . When I browse to that location I see nothing called tlgwpg.exe instead I see services.exe with a blue icon with a yellow X thru it. I can not use any pdf reader applications (adobe,foxit..). My screen shot This started about 3 days ago and has progressively gotten more symptomatic. Please any assistance would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:23 AM

Posted 10 September 2011 - 08:04 PM

Hello and welcome.

Please run these,post logs and lets see if we find something.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware


Next run ATF and SAS:

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Raker

Raker
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 10 September 2011 - 09:54 PM

can't download ATF cleaner. It says "This ID does not exist".

#4 Raker

Raker
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 11 September 2011 - 10:26 AM

I was able to download ATF Cleaner from another site and run it per your instrucitions. Computer startup is pretty slow and shutdown is really slow. Still can not open task manager via control, alt, delete. When I press control, Alt, delete I get the prompt to open task manager but when I click the button it does not open. I have to start it from the run command. I still can not install Foxit reader or Adobe. It always hangs in the middle of setup.
Here are the log files for MBAM, Super AntiSpyware, and also the tamper log from Symantec.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7692

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/10/2011 9:30:45 PM
mbam-log-2011-09-10 (21-30-45).txt

Scan type: Quick scan
Objects scanned: 192767
Time elapsed: 12 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\mkershaw\local settings\Temp\install-0.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\mkershaw\local settings\temporary internet files\Content.IE5\SDCFFC89\p1[1].dat (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\mkershaw\application data\services.exe (Worm.Brontok) -> Quarantined and deleted successfully.





SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/11/2011 at 01:57 AM

Application Version : 5.0.1118

Core Rules Database Version : 7673
Trace Rules Database Version: 5485

Scan type : Complete Scan
Total Scan Time : 01:54:44

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 318
Memory threats detected : 0
Registry items scanned : 37377
Registry threats detected : 1
File items scanned : 53041
File threats detected : 132

Adware.Tracking Cookie
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BMXFQMAN ]
.battletracker.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.battletracker.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.battletracker.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
bf2tracker.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.bf2tracker.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.bf2tracker.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.bf2tracker.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
sdesapio-conversiontracker.appspot.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
sdesapio-conversiontracker.appspot.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
sdesapio-conversiontracker.appspot.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
sdesapio-conversiontracker.appspot.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.anrtx.tacoda.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.eaeacom.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.mediabrandsww.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CRMKCBHY.DEFAULT\COOKIES.SQLITE ]

System.BrokenFileAssociation
HKCR\.exe



Computer User Action Taken Object Type Event Actor Target Target Process Date and Time
MKERSHAWLPT4 mkershaw Logged Memory Allocation F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1724) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1724) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Write F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1724) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1724) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Create F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1724) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1724) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Resume F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1724) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1724) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Allocation F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 340) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 340) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1748) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1748) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Memory Write F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 340) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 340) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1748) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1748) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Thread Resume F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 340) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 340) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1748) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1748) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Thread Create F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 340) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 340) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1748) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1748) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Memory Allocation F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 912) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 912) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 336) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 336) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Memory Write F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 912) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 912) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 336) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 336) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Thread Resume F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 912) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 912) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 336) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 336) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Thread Create F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 912) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 912) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 336) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 336) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Memory Allocation F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3616) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3616) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2028) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2028) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Memory Write F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3616) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3616) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2028) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2028) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2028) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2028) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Thread Create F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3616) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3616) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2028) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2028) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Thread Resume F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3616) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3616) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2172) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2172) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Memory Allocation F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3852) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3852) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2172) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2172) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Memory Write F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3852) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3852) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2172) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2172) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Thread Resume F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3852) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3852) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2172) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2172) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Thread Create F:\RECYCLER\894133bf.exe (PID 3028) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3852) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3852) 9/7/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2944) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2944) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2944) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2944) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1752) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1752) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2944) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2944) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1752) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1752) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3084) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2944) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2944) 9/8/2011 8:27
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1752) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1752) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1752) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1752) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1744) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1744) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 304) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 304) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1744) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1744) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 304) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 304) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1744) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1744) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 304) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 304) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1744) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1744) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 304) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 304) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 300) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 300) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 300) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 300) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1188) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1188) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 300) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 300) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1188) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1188) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 300) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 300) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1188) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1188) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 976) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 976) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 1972) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 1972) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 976) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 976) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1188) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1188) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 976) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 976) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 1972) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 1972) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 976) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 976) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 1972) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 1972) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3608) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3608) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 1972) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 1972) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3608) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3608) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3608) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3608) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3008) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3008) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3608) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3608) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3008) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3008) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3852) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3852) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3008) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3008) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3852) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3852) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 888) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3008) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3008) 9/7/2011 20:25
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3852) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3852) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3652) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3852) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3852) 9/8/2011 13:02
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1768) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1768) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1768) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1768) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1768) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1768) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1768) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1768) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 380) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 380) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 380) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 380) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1832) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1832) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 380) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 380) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1832) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1832) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 380) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 380) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1832) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1832) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 976) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 976) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1832) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1832) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 976) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 976) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 452) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 452) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 976) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 976) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 452) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 452) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 976) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 976) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 452) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 452) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3528) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3528) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3528) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3528) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 452) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 452) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3528) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3528) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 312) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 312) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3528) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3528) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 312) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 312) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3724) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3724) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 312) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 312) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3724) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3724) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 312) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 312) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3724) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3724) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3704) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3704) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 744) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3724) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3724) 9/8/2011 13:26
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3704) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3704) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3704) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3704) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3704) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3704) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 4056) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 4056) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 4056) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 4056) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 4056) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 4056) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2124) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 4056) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 4056) 9/9/2011 9:56
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1840) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1840) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1840) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1840) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1840) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1840) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1840) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1840) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 440) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 440) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 440) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 440) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 440) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 440) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 440) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 440) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1096) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1096) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1096) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1096) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1096) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1096) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1096) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1096) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3636) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3636) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3636) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3636) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3636) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3636) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3636) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3636) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3864) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3864) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3864) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3864) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3864) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3864) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1064) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3864) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3864) 9/9/2011 11:16
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1748) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1748) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1748) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1748) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1748) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1748) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1748) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1748) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 340) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 340) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 340) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 340) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 340) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 340) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 176) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 176) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 340) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 340) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 176) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 176) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 176) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 176) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 176) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 176) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3640) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3640) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3640) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3640) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3640) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3640) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3640) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3640) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3836) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3836) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3836) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3836) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3836) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3836) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 284) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3836) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3836) 9/9/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1744) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1744) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1744) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1744) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1744) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1744) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1744) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1744) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 392) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 392) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 392) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 392) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 392) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 392) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 392) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 392) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 884) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 884) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 884) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 884) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 884) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 884) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 884) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 884) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3232) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3232) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3232) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3232) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3232) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3232) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3232) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3232) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3760) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3760) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3760) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3760) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3760) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3760) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2440) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3760) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3760) 9/9/2011 18:30
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1800) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1800) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1712) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1712) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1800) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1800) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1712) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1712) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1800) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1800) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1712) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1712) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 352) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 352) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1712) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1712) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1800) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1800) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 352) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 352) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 352) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 352) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 352) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 352) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 352) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 352) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 352) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 352) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 352) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 352) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 352) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 352) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 236) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 236) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 948) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 948) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 236) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 236) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 948) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 948) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 236) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 236) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 948) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 948) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 236) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 236) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2900) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2900) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2804) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2804) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 948) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 948) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2804) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2804) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2900) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2900) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2804) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2804) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2900) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2900) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2804) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2804) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2160) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2160) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3276) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3276) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2160) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2160) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3276) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3276) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2160) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2160) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3276) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3276) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2160) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2160) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3468) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3276) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3276) 9/10/2011 9:38
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 984) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2900) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2900) 9/9/2011 21:01
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1724) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1724) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1792) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1792) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1724) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1724) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1724) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1724) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1792) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1792) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1724) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1724) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1792) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1792) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 396) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 396) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1792) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1792) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 396) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 396) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 344) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 344) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 396) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 396) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 344) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 344) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 396) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 396) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 344) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 344) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 892) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 892) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 344) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 344) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 856) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 856) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 856) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 856) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 892) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 892) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 856) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 856) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 892) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 892) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 856) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 856) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 892) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 892) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2940) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2940) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2444) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2444) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2940) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2940) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2444) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2444) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2940) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2940) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2444) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2444) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2940) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2940) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2444) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 2444) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3620) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3620) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2664) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2664) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3620) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3620) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2664) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2664) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3620) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3620) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2664) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2664) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2540) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3620) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3620) 9/9/2011 21:18
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2092) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2664) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2664) 9/10/2011 10:50
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1884) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1884) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1884) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1884) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1884) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1884) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1884) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1884) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 536) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 536) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 536) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 536) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 536) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 536) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 536) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 536) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 708) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 708) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 708) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 708) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 708) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 708) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 708) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 708) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3684) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3684) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3684) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3684) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3684) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3684) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3684) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3684) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2456) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2456) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1828) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1828) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2456) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2456) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1828) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1828) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2456) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2456) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1828) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1828) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 3868) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2456) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2456) 9/10/2011 11:41
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1828) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1828) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1800) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1800) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 452) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 452) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1800) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1800) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 452) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 452) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1800) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1800) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 452) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 452) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1800) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1800) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 408) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 408) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 452) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 452) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 408) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 408) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2232) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2232) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 408) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 408) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2232) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2232) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 408) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 408) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2232) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2232) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1828) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1828) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2232) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2232) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1828) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1828) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3936) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3936) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1828) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1828) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3936) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3936) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1828) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 1828) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3936) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3936) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3892) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3892) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3936) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3936) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3892) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3892) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 1048) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 1048) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3892) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3892) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3892) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3892) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 1048) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 1048) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3128) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3128) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 1048) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 1048) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3128) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3128) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 380) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 1048) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 1048) 9/11/2011 2:09
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3128) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3128) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2080) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3128) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3128) 9/10/2011 12:47
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1908) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1908) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Thread Suspend C:\WINDOWS\system32\dumprep.exe (PID 3916) C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe (PID 2548) C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe (PID 2548) 9/11/2011 10:41
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1908) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1908) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\WINDOWS\system32\dumprep.exe (PID 3916) C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe (PID 2548) C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe (PID 2548) 9/11/2011 10:41
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1908) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1908) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 540) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 540) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1908) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1908) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 540) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 540) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 540) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 540) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 540) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 540) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 304) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 304) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 304) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 304) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 304) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 304) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 304) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 304) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 4064) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 4064) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 4064) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 4064) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 4064) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 4064) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 4064) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 4064) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2504) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2504) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2504) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2504) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2504) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2504) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 2476) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2504) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 2504) 9/10/2011 13:16
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1892) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1892) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1892) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1892) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1892) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1892) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 608) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 608) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1892) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1892) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 608) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 608) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 608) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 608) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 608) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 608) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2200) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2200) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2200) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2200) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2200) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2200) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 1168) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 1168) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2200) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 2200) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 1168) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 1168) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 1168) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 1168) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 1168) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 1168) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3340) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3340) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3340) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3340) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3340) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3340) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 1540) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3340) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3340) 9/10/2011 21:44
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1812) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1812) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1812) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1812) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1812) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1812) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1812) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (PID 1812) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 408) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 408) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 408) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 408) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 408) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 408) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 408) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (PID 408) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 692) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 692) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 692) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 692) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 692) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 692) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 692) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (PID 692) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3228) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3228) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3228) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3228) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3228) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3228) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3228) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (PID 3228) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Memory Allocation C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3816) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3816) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Memory Write C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3816) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3816) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Thread Create C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3816) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3816) 9/10/2011 23:40
MKERSHAWLPT4 mkershaw Logged Thread Resume C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe (PID 176) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3816) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (PID 3816) 9/10/2011 23:40

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:23 AM

Posted 11 September 2011 - 04:22 PM

That Tlgwgp.exe file definately appears to be malware, Why its not being removed by Symantec I do not know.
First I must say this..

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.



If cleaning is still an option....
Lets check for rootkits as it may be why.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


>>>
Please download the Brontok Disinfection Tool and follow the instructions posted by Sophos.

When done, please download the Brontok Worm Removal Tool by sUBs and save it to your Desktop.
Disconnect the computer from the Internet and close all other programs.
Double-click CleanX-II.exe and follow the prompts.
The tool will begin scanning your machine. Because this worm names it's files randomly, there are a series of cross-checks/verification processes to ensure that the tool does not remove legitimate files. Depending on the size of your drives, this scan may take several minutes. Please be patient during this period & allow it to complete it's task.
Once the scan is complete it will provide a text log of the results. If the log shows any files remaining in the bottom portion under "POST RUN ANALYSIS" run the entire scan a second time


>>>

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in [color=blue]safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Raker

Raker
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 13 September 2011 - 06:07 AM

It took me an hour to realize that the links you provided were good. This malware is blocking access to those security sites. I was able to download the latest symantec deffinitions and the programs you had listed from another computer.

Here are the log (I included the symantec scan because it found another virus).

2011/09/11 18:53:01.0046 3932 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/09/11 18:53:01.0078 3932 ================================================================================
2011/09/11 18:53:01.0078 3932 SystemInfo:
2011/09/11 18:53:01.0078 3932
2011/09/11 18:53:01.0078 3932 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/11 18:53:01.0078 3932 Product type: Workstation
2011/09/11 18:53:01.0078 3932 ComputerName: MKERSHAWLPT4
2011/09/11 18:53:01.0078 3932 UserName: mkershaw
2011/09/11 18:53:01.0078 3932 Windows directory: C:\WINDOWS
2011/09/11 18:53:01.0078 3932 System windows directory: C:\WINDOWS
2011/09/11 18:53:01.0078 3932 Processor architecture: Intel x86
2011/09/11 18:53:01.0078 3932 Number of processors: 2
2011/09/11 18:53:01.0078 3932 Page size: 0x1000
2011/09/11 18:53:01.0078 3932 Boot type: Normal boot
2011/09/11 18:53:01.0078 3932 ================================================================================
2011/09/11 18:53:01.0796 3932 Initialize success
2011/09/11 18:53:51.0515 0896 ================================================================================
2011/09/11 18:53:51.0515 0896 Scan started
2011/09/11 18:53:51.0515 0896 Mode: Manual;
2011/09/11 18:53:51.0515 0896 ================================================================================
2011/09/11 18:53:53.0406 0896 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/11 18:53:53.0984 0896 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/11 18:53:54.0953 0896 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/11 18:53:55.0687 0896 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/11 18:53:58.0203 0896 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/09/11 18:53:58.0609 0896 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/09/11 18:53:59.0046 0896 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/11 18:54:00.0515 0896 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/11 18:54:00.0953 0896 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/11 18:54:01.0718 0896 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/11 18:54:02.0250 0896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/11 18:54:02.0781 0896 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/09/11 18:54:02.0921 0896 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
2011/09/11 18:54:03.0765 0896 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/09/11 18:54:04.0609 0896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/11 18:54:05.0515 0896 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/11 18:54:06.0281 0896 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/11 18:54:06.0703 0896 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/11 18:54:07.0125 0896 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/11 18:54:07.0906 0896 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/11 18:54:08.0671 0896 COH_Mon (a02dc932f3806d29b39ef3114ce00405) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2011/09/11 18:54:09.0031 0896 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/11 18:54:09.0468 0896 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2011/09/11 18:54:10.0531 0896 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/11 18:54:11.0359 0896 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/11 18:54:12.0328 0896 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/11 18:54:12.0828 0896 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/11 18:54:13.0265 0896 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/11 18:54:14.0109 0896 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/11 18:54:14.0484 0896 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/09/11 18:54:14.0750 0896 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/09/11 18:54:15.0281 0896 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/11 18:54:15.0750 0896 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/11 18:54:16.0156 0896 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/11 18:54:16.0515 0896 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/11 18:54:17.0046 0896 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/11 18:54:17.0703 0896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/11 18:54:18.0187 0896 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/11 18:54:18.0703 0896 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/11 18:54:19.0234 0896 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINDOWS\system32\Drivers\oz776.sys
2011/09/11 18:54:19.0750 0896 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/11 18:54:20.0156 0896 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/11 18:54:21.0015 0896 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/11 18:54:21.0500 0896 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/11 18:54:21.0953 0896 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/11 18:54:22.0562 0896 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/09/11 18:54:23.0734 0896 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/09/11 18:54:25.0046 0896 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/11 18:54:26.0859 0896 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/11 18:54:31.0390 0896 ialm (37eb2dc75d8f6451ae55071610dc24e1) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/09/11 18:54:35.0953 0896 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/11 18:54:37.0062 0896 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/11 18:54:37.0515 0896 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/11 18:54:38.0046 0896 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/11 18:54:38.0531 0896 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/11 18:54:39.0078 0896 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/11 18:54:39.0656 0896 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/11 18:54:40.0125 0896 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/11 18:54:40.0609 0896 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/11 18:54:41.0046 0896 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/11 18:54:41.0515 0896 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/11 18:54:42.0062 0896 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/11 18:54:42.0640 0896 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/11 18:54:43.0609 0896 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/09/11 18:54:44.0125 0896 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/11 18:54:44.0562 0896 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/11 18:54:45.0000 0896 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/11 18:54:45.0453 0896 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/11 18:54:45.0890 0896 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/11 18:54:46.0359 0896 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/11 18:54:47.0296 0896 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/11 18:54:48.0125 0896 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/11 18:54:48.0843 0896 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/11 18:54:49.0296 0896 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/11 18:54:49.0734 0896 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/11 18:54:50.0171 0896 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/11 18:54:50.0609 0896 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/11 18:54:51.0109 0896 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/11 18:54:51.0375 0896 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110904.002\NAVENG.SYS
2011/09/11 18:54:52.0515 0896 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110904.002\NAVEX15.SYS
2011/09/11 18:54:53.0062 0896 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/11 18:54:53.0640 0896 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/11 18:54:54.0062 0896 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/11 18:54:54.0531 0896 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/11 18:54:55.0078 0896 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/11 18:54:55.0531 0896 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/11 18:54:56.0062 0896 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/11 18:54:56.0703 0896 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/11 18:54:57.0187 0896 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/11 18:54:57.0953 0896 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/11 18:54:58.0781 0896 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/11 18:54:59.0265 0896 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/11 18:54:59.0734 0896 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/11 18:55:00.0203 0896 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/11 18:55:00.0734 0896 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/11 18:55:01.0203 0896 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/11 18:55:01.0640 0896 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/11 18:55:02.0093 0896 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/11 18:55:03.0062 0896 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/11 18:55:03.0578 0896 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/11 18:55:06.0593 0896 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/11 18:55:07.0062 0896 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/11 18:55:07.0515 0896 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/11 18:55:10.0015 0896 qrkis (3b68696914e467bbe827d2552b5b85ef) C:\WINDOWS\system32\DRIVERS\qrkis.sys
2011/09/11 18:55:10.0515 0896 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/11 18:55:10.0953 0896 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/11 18:55:11.0437 0896 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/11 18:55:11.0875 0896 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/11 18:55:12.0437 0896 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/11 18:55:12.0953 0896 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/11 18:55:13.0484 0896 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/11 18:55:14.0171 0896 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/11 18:55:14.0734 0896 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/11 18:55:15.0281 0896 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/09/11 18:55:15.0781 0896 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/09/11 18:55:16.0234 0896 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/09/11 18:55:16.0390 0896 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/09/11 18:55:16.0531 0896 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/09/11 18:55:16.0984 0896 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/11 18:55:17.0484 0896 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/11 18:55:17.0953 0896 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/11 18:55:18.0437 0896 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/11 18:55:19.0937 0896 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/09/11 18:55:20.0375 0896 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/11 18:55:20.0875 0896 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/11 18:55:21.0515 0896 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2011/09/11 18:55:22.0125 0896 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2011/09/11 18:55:22.0796 0896 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2011/09/11 18:55:23.0437 0896 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/11 18:55:24.0843 0896 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/09/11 18:55:25.0265 0896 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/09/11 18:55:25.0687 0896 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/11 18:55:26.0093 0896 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/11 18:55:27.0187 0896 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/09/11 18:55:27.0546 0896 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/09/11 18:55:27.0984 0896 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/09/11 18:55:29.0000 0896 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/11 18:55:29.0468 0896 SysPlant (8adc033c77b2b006ea59beb2c8c6a38b) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
2011/09/11 18:55:30.0078 0896 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/11 18:55:30.0640 0896 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/11 18:55:31.0031 0896 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/11 18:55:31.0453 0896 Teefer2 (1d3c046a9106de97ddc8276958700bf4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
2011/09/11 18:55:31.0812 0896 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/11 18:55:32.0546 0896 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/09/11 18:55:33.0000 0896 Tosrfcom (4742f0bad28268ab093ed6f4ea857997) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/09/11 18:55:33.0421 0896 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/11 18:55:34.0343 0896 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/11 18:55:34.0968 0896 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/11 18:55:35.0421 0896 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/11 18:55:35.0812 0896 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/11 18:55:36.0203 0896 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/11 18:55:36.0593 0896 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/11 18:55:37.0015 0896 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/11 18:55:37.0421 0896 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/11 18:55:37.0812 0896 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/11 18:55:38.0187 0896 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/09/11 18:55:38.0796 0896 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/11 18:55:39.0562 0896 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/11 18:55:39.0968 0896 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/11 18:55:40.0390 0896 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/09/11 18:55:41.0031 0896 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/09/11 18:55:41.0812 0896 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/11 18:55:42.0625 0896 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/11 18:55:43.0359 0896 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/11 18:55:43.0781 0896 WPS (d48d0b1b5fdc074373c624af3b573412) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2011/09/11 18:55:44.0250 0896 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
2011/09/11 18:55:44.0609 0896 ================================================================================
2011/09/11 18:55:44.0609 0896 Scan finished
2011/09/11 18:55:44.0609 0896 ================================================================================


RESOLVE Version 1.07
Copyright © 2004, Sophos Plc, www.sophos.com

System disinfection for W32/Brontok

Data Version 1.03

System scan started at 20:33 on 11 September 2011

Checking for W32/Brontok in memory

Checking for registry keys affected by W32/Brontok

Reset registry value HKCU\software\microsoft\windows\currentversion\explorer\advanced\ShowSuperHidden

Checking for files affected by W32/Brontok

Scanning C:

Error opening file C:\Documents and Settings\All Users\Application Data\Dell\QuickSet\QSLLPSVCShare

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\898cd2e42db8ba30f1186317901b0387_e6b22dab-a113-4e96-8f56-601044a088cf

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps1

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps2

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00010005.ci

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.fid

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.hsh

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiCL0001.000

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP10000.000

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP20000.000

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiPT0000.000

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSL0001.000

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSP0000.000

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiST0000.000

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiVP0000.000

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\INDEX.000

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk1

Error opening file C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk2

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SavSubEng\submissions.idx

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log

Error opening file C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log

Error opening file C:\Documents and Settings\LocalService\Cookies\index.dat

Error opening file C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

Error opening file C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

Error opening file C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat

Error opening file C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat

Error opening file C:\Documents and Settings\LocalService\NTUSER.DAT

Error opening file C:\Documents and Settings\LocalService\ntuser.dat.LOG

Error opening file C:\Documents and Settings\mkershaw\Application Data\$_hpcst$.hpc

Error opening file C:\Documents and Settings\mkershaw\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-9-11-2011( 18-26-8 ).SDB

Error opening file C:\Documents and Settings\mkershaw\Cookies\index.dat

Error opening file C:\Documents and Settings\mkershaw\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

Error opening file C:\Documents and Settings\mkershaw\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

Error opening file C:\Documents and Settings\mkershaw\Local Settings\History\History.IE5\index.dat

Error opening file C:\Documents and Settings\mkershaw\Local Settings\Temp\WCESLog.log

Error opening file C:\Documents and Settings\mkershaw\Local Settings\Temporary Internet Files\Content.IE5\index.dat

Error opening file C:\Documents and Settings\mkershaw\NTUSER.DAT

Error opening file C:\Documents and Settings\mkershaw\ntuser.dat.LOG

Error opening file C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

Error opening file C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

Error opening file C:\Documents and Settings\NetworkService\NTUSER.DAT

Error opening file C:\Documents and Settings\NetworkService\ntuser.dat.LOG

Error opening file C:\pagefile.sys

Error opening file C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT

Error opening file C:\Program Files\Symantec\Symantec Endpoint Protection\AVMan.log

Error opening file C:\Program Files\Symantec\Symantec Endpoint Protection\GUP.log

Error opening file C:\Program Files\Symantec\Symantec Endpoint Protection\LUMan.log

Error opening file C:\Program Files\Symantec\Symantec Endpoint Protection\NacMan.log

Error opening file C:\Program Files\Symantec\Symantec Endpoint Protection\processlog.log

Error opening file C:\Program Files\Symantec\Symantec Endpoint Protection\rawlog.log

Error opening file C:\Program Files\Symantec\Symantec Endpoint Protection\seclog.log

Error opening file C:\Program Files\Symantec\Symantec Endpoint Protection\syslog.log

Error opening file C:\Program Files\Symantec\Symantec Endpoint Protection\tralog.log

Error opening file C:\resolve.log

Error opening file C:\WINDOWS\CSC\00000001

Error opening file C:\WINDOWS\Debug\Netlogon.log

Error opening file C:\WINDOWS\Debug\PASSWD.LOG

Error opening file C:\WINDOWS\SchedLgU.Txt

Error opening file C:\WINDOWS\SoftwareDistribution\ReportingEvents.log

Error opening file C:\WINDOWS\Sti_Trace.log

Error opening file C:\WINDOWS\system32\CatRoot2\edb.log

Error opening file C:\WINDOWS\system32\CatRoot2\tmp.edb

Error opening file C:\WINDOWS\system32\config\AppEvent.Evt

Error opening file C:\WINDOWS\system32\config\default

Error opening file C:\WINDOWS\system32\config\default.LOG

Error opening file C:\WINDOWS\system32\config\Internet.evt

Error opening file C:\WINDOWS\system32\config\SAM

Error opening file C:\WINDOWS\system32\config\SAM.LOG

Error opening file C:\WINDOWS\system32\config\SecEvent.Evt

Error opening file C:\WINDOWS\system32\config\SECURITY

Error opening file C:\WINDOWS\system32\config\SECURITY.LOG

Error opening file C:\WINDOWS\system32\config\software

Error opening file C:\WINDOWS\system32\config\software.LOG

Error opening file C:\WINDOWS\system32\config\SysEvent.Evt

Error opening file C:\WINDOWS\system32\config\system

Error opening file C:\WINDOWS\system32\config\system.LOG

Error opening file C:\WINDOWS\system32\h323log.txt

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

Error opening file C:\WINDOWS\Temp\HPSLPS003.log

Error opening file C:\WINDOWS\wiadebug.log

Error opening file C:\WINDOWS\wiaservc.log

Error opening file C:\WINDOWS\WindowsUpdate.log


Scanning C:\WINDOWS

Error opening file C:\WINDOWS\CSC\00000001

Error opening file C:\WINDOWS\Debug\Netlogon.log

Error opening file C:\WINDOWS\Debug\PASSWD.LOG

Error opening file C:\WINDOWS\SchedLgU.Txt

Error opening file C:\WINDOWS\SoftwareDistribution\ReportingEvents.log

Error opening file C:\WINDOWS\Sti_Trace.log

Error opening file C:\WINDOWS\system32\CatRoot2\edb.log

Error opening file C:\WINDOWS\system32\CatRoot2\tmp.edb

Error opening file C:\WINDOWS\system32\config\AppEvent.Evt

Error opening file C:\WINDOWS\system32\config\default

Error opening file C:\WINDOWS\system32\config\default.LOG

Error opening file C:\WINDOWS\system32\config\Internet.evt

Error opening file C:\WINDOWS\system32\config\SAM

Error opening file C:\WINDOWS\system32\config\SAM.LOG

Error opening file C:\WINDOWS\system32\config\SecEvent.Evt

Error opening file C:\WINDOWS\system32\config\SECURITY

Error opening file C:\WINDOWS\system32\config\SECURITY.LOG

Error opening file C:\WINDOWS\system32\config\software

Error opening file C:\WINDOWS\system32\config\software.LOG

Error opening file C:\WINDOWS\system32\config\SysEvent.Evt

Error opening file C:\WINDOWS\system32\config\system

Error opening file C:\WINDOWS\system32\config\system.LOG

Error opening file C:\WINDOWS\system32\h323log.txt

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

Error opening file C:\WINDOWS\Temp\HPSLPS003.log

Error opening file C:\WINDOWS\wiadebug.log

Error opening file C:\WINDOWS\wiaservc.log

Error opening file C:\WINDOWS\WindowsUpdate.log


Checking for registry keys affected by W32/Brontok


System scan finished at 06:23 on 12 September 2011

Processes found : 0
Processes terminated or disinfected : 0
Registry keys affected : 1
Registry keys changed : 1
Files found : 0
Files deleted : 0



#######################################################################

Brontok Worm Removal Tool - (Version - 06.09.17B)
by sUBs

#######################################################################

Current date: Mon 09/12/2011 Current time: 19:05:32.95

=== PRE RUN ANALYSIS ===================================


=== POST RUN ANALYSIS ==================================



NOTE
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
19:07:01.73

======================================================





GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-12 20:39:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST9500420ASG rev.0002SDM1
Running: 32mzuy1p.exe; Driver: C:\DOCUME~1\mkershaw\LOCALS~1\Temp\kwroqkow.sys


---- System - GMER 1.0.15 ----

SSDT 89CF6E80 ZwAlertResumeThread
SSDT 89A829E0 ZwAlertThread
SSDT 895CDBD8 ZwAllocateVirtualMemory
SSDT 89A75220 ZwConnectPort
SSDT 89726A58 ZwCreateMutant
SSDT 8976ED98 ZwCreateThread
SSDT 897409D8 ZwFreeVirtualMemory
SSDT 89BA63C8 ZwImpersonateAnonymousToken
SSDT 89BD77B0 ZwImpersonateThread
SSDT 89740938 ZwMapViewOfSection
SSDT 89DD2C08 ZwOpenEvent
SSDT 899BF330 ZwOpenProcessToken
SSDT 895CE378 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xBA24D8B0]
SSDT 8977BA28 ZwResumeThread
SSDT 897716E0 ZwSetContextThread
SSDT 895C5910 ZwSetInformationProcess
SSDT 896EC618 ZwSetInformationThread
SSDT 899B6340 ZwSuspendProcess
SSDT 89C614A0 ZwSuspendThread
SSDT 89837050 ZwTerminateProcess
SSDT 89D48608 ZwTerminateThread
SSDT 89791E50 ZwUnmapViewOfSection
SSDT 895CDB48 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F74 80504810 2 Bytes [10, 59]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F77 80504813 5 Bytes [89, 18, C6, 6E, 89]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[108] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BF6390
.text C:\WINDOWS\system32\svchost.exe[108] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00BF6640
.text C:\WINDOWS\system32\svchost.exe[108] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00BF53D0
.text C:\WINDOWS\system32\svchost.exe[108] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00BF5300
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF11C0
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF1290
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00BF2570
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00BF1000
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00BF10A0
.text C:\WINDOWS\system32\svchost.exe[108] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00BF2510
.text C:\WINDOWS\system32\svchost.exe[108] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00BF1D10
.text C:\WINDOWS\system32\svchost.exe[108] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BF7250
.text C:\WINDOWS\system32\svchost.exe[108] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00BF20A0
.text C:\WINDOWS\system32\svchost.exe[108] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 00BF23A0
.text C:\WINDOWS\system32\svchost.exe[108] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00BF2160
.text C:\Program Files\DellTPad\ApMsgFwd.exe[128] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A36390
.text C:\Program Files\DellTPad\ApMsgFwd.exe[128] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A36640
.text C:\Program Files\DellTPad\ApMsgFwd.exe[128] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A353D0
.text C:\Program Files\DellTPad\ApMsgFwd.exe[128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A35300
.text C:\Program Files\DellTPad\ApMsgFwd.exe[128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A311C0
.text C:\Program Files\DellTPad\ApMsgFwd.exe[128] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A31290
.text C:\Program Files\DellTPad\ApMsgFwd.exe[128] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A32570
.text C:\Program Files\DellTPad\ApMsgFwd.exe[128] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A31000
.text C:\Program Files\DellTPad\ApMsgFwd.exe[128] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00A310A0
.text C:\Program Files\DellTPad\ApMsgFwd.exe[128] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00A32510
.text C:\Program Files\DellTPad\ApMsgFwd.exe[128] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00A31D10
.text C:\Program Files\DellTPad\ApMsgFwd.exe[128] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A37250
.text C:\Program Files\DellTPad\ApMsgFwd.exe[128] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00A320A0
.text C:\Program Files\DellTPad\ApMsgFwd.exe[128] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 00A323A0
.text C:\Program Files\DellTPad\ApMsgFwd.exe[128] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00A32160
.text C:\WINDOWS\system32\cisvc.exe[164] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01166390
.text C:\WINDOWS\system32\cisvc.exe[164] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01166640
.text C:\WINDOWS\system32\cisvc.exe[164] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 011653D0
.text C:\WINDOWS\system32\cisvc.exe[164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01165300
.text C:\WINDOWS\system32\cisvc.exe[164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011611C0
.text C:\WINDOWS\system32\cisvc.exe[164] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01161290
.text C:\WINDOWS\system32\cisvc.exe[164] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01162570
.text C:\WINDOWS\system32\cisvc.exe[164] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01161000
.text C:\WINDOWS\system32\cisvc.exe[164] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 011610A0
.text C:\WINDOWS\system32\cisvc.exe[164] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01162510
.text C:\WINDOWS\system32\cisvc.exe[164] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01161D10
.text C:\WINDOWS\system32\cisvc.exe[164] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01167250
.text C:\WINDOWS\system32\cisvc.exe[164] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 011620A0
.text C:\WINDOWS\system32\cisvc.exe[164] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 011623A0
.text C:\WINDOWS\system32\cisvc.exe[164] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 01162160
.text C:\WINDOWS\system32\svchost.exe[232] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B56390
.text C:\WINDOWS\system32\svchost.exe[232] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B56640
.text C:\WINDOWS\system32\svchost.exe[232] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B553D0
.text C:\WINDOWS\system32\svchost.exe[232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B55300
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B511C0
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B51290
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B52570
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B51000
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B510A0
.text C:\WINDOWS\system32\svchost.exe[232] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B52510
.text C:\WINDOWS\system32\svchost.exe[232] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00B51D10
.text C:\WINDOWS\system32\svchost.exe[232] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B57250
.text C:\WINDOWS\system32\svchost.exe[232] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00B520A0
.text C:\WINDOWS\system32\svchost.exe[232] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 00B523A0
.text C:\WINDOWS\system32\svchost.exe[232] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00B52160
.text C:\WINDOWS\System32\svchost.exe[288] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 006E6390
.text C:\WINDOWS\System32\svchost.exe[288] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 006E6640
.text C:\WINDOWS\System32\svchost.exe[288] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 006E53D0
.text C:\WINDOWS\System32\svchost.exe[288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 006E5300
.text C:\WINDOWS\System32\svchost.exe[288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006E11C0
.text C:\WINDOWS\System32\svchost.exe[288] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006E1290
.text C:\WINDOWS\System32\svchost.exe[288] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 006E2570
.text C:\WINDOWS\System32\svchost.exe[288] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 006E1000
.text C:\WINDOWS\System32\svchost.exe[288] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 006E10A0
.text C:\WINDOWS\System32\svchost.exe[288] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 006E2510
.text C:\WINDOWS\System32\svchost.exe[288] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 006E1D10
.text C:\WINDOWS\System32\svchost.exe[288] WS2_32.dll!send 71AB4C27 5 Bytes JMP 006E7250
.text C:\WINDOWS\System32\svchost.exe[288] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 006E20A0
.text C:\WINDOWS\System32\svchost.exe[288] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 006E23A0
.text C:\WINDOWS\System32\svchost.exe[288] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 006E2160
.text C:\WINDOWS\system32\cidaemon.exe[340] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009B6390
.text C:\WINDOWS\system32\cidaemon.exe[340] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009B6640
.text C:\WINDOWS\system32\cidaemon.exe[340] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009B53D0
.text C:\WINDOWS\system32\cidaemon.exe[340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009B5300
.text C:\WINDOWS\system32\cidaemon.exe[340] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009B11C0
.text C:\WINDOWS\system32\cidaemon.exe[340] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009B1290
.text C:\WINDOWS\system32\cidaemon.exe[340] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 009B2570
.text C:\WINDOWS\system32\cidaemon.exe[340] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 009B1000
.text C:\WINDOWS\system32\cidaemon.exe[340] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009B10A0
.text C:\WINDOWS\system32\cidaemon.exe[340] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 009B2510
.text C:\WINDOWS\system32\cidaemon.exe[340] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 009B1D10
.text C:\WINDOWS\system32\cidaemon.exe[340] WS2_32.dll!send 71AB4C27 5 Bytes JMP 009B7250
.text C:\WINDOWS\system32\cidaemon.exe[340] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 009B20A0
.text C:\WINDOWS\system32\cidaemon.exe[340] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 009B23A0
.text C:\WINDOWS\system32\cidaemon.exe[340] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 009B2160
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[408] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 008F6390
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[408] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 008F6640
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[408] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 008F53D0
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008F5300
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[408] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008F11C0
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[408] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008F1290
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[408] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 008F2570
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[408] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 008F1000
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[408] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 008F10A0
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[408] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 008F2510
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[408] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 008F1D10
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[408] WS2_32.dll!send 71AB4C27 5 Bytes JMP 008F7250
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[408] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 008F20A0
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[408] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 008F23A0
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[408] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 008F2160
.text C:\WINDOWS\system32\svchost.exe[428] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01926390
.text C:\WINDOWS\system32\svchost.exe[428] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01926640
.text C:\WINDOWS\system32\svchost.exe[428] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 019253D0
.text C:\WINDOWS\system32\svchost.exe[428] ntdll.dll!LdrLoadDll 7C91632D 3 Bytes JMP 01925300
.text C:\WINDOWS\system32\svchost.exe[428] ntdll.dll!LdrLoadDll + 4 7C916331 1 Byte [85]
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 019211C0
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01921290
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01922570
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01921000
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 019210A0
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01922510
.text C:\WINDOWS\system32\svchost.exe[428] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01921D10
.text C:\WINDOWS\system32\svchost.exe[428] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01927250
.text C:\WINDOWS\system32\svchost.exe[428] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 019220A0
.text C:\WINDOWS\system32\svchost.exe[428] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 019223A0
.text C:\WINDOWS\system32\svchost.exe[428] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 01922160
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[448] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 024D6390
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[448] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 024D6640
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[448] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 024D53D0
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[448] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 024D5300
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[448] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 024D11C0
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[448] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 024D1290
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[448] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 024D2570
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[448] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 024D1000
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[448] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 024D10A0
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[448] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 024D2510
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[448] ws2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 024D1D10
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[448] ws2_32.dll!send 71AB4C27 5 Bytes JMP 024D7250
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[448] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 024D20A0
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[448] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 024D23A0
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[448] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 024D2160
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[496] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01456390
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[496] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01456640
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[496] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 014553D0
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01455300
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[496] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 014511C0
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[496] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01451290
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[496] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01452570
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[496] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01451000
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[496] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 014510A0
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[496] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01452510
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[496] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01451D10
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[496] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01457250
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[496] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 014520A0
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[496] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 014523A0
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[496] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 01452160
.text C:\WINDOWS\system32\svchost.exe[572] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BB6390
.text C:\WINDOWS\system32\svchost.exe[572] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00BB6640
.text C:\WINDOWS\system32\svchost.exe[572] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00BB53D0
.text C:\WINDOWS\system32\svchost.exe[572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00BB5300
.text C:\WINDOWS\system32\svchost.exe[572] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB11C0
.text C:\WINDOWS\system32\svchost.exe[572] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB1290
.text C:\WINDOWS\system32\svchost.exe[572] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00BB2570
.text C:\WINDOWS\system32\svchost.exe[572] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00BB1000
.text C:\WINDOWS\system32\svchost.exe[572] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00BB10A0
.text C:\WINDOWS\system32\svchost.exe[572] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00BB2510
.text C:\WINDOWS\system32\svchost.exe[572] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00BB1D10
.text C:\WINDOWS\system32\svchost.exe[572] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BB7250
.text C:\WINDOWS\system32\svchost.exe[572] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00BB20A0
.text C:\WINDOWS\system32\svchost.exe[572] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 00BB23A0
.text C:\WINDOWS\system32\svchost.exe[572] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00BB2160
.text C:\WINDOWS\System32\svchost.exe[592] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 006E6390
.text C:\WINDOWS\System32\svchost.exe[592] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 006E6640
.text C:\WINDOWS\System32\svchost.exe[592] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 006E53D0
.text C:\WINDOWS\System32\svchost.exe[592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 006E5300
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006E11C0
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006E1290
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 006E2570
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 006E1000
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 006E10A0
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 006E2510
.text C:\WINDOWS\System32\svchost.exe[592] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 006E1D10
.text C:\WINDOWS\System32\svchost.exe[592] WS2_32.dll!send 71AB4C27 5 Bytes JMP 006E7250
.text C:\WINDOWS\System32\svchost.exe[592] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 006E20A0
.text C:\WINDOWS\System32\svchost.exe[592] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 006E23A0
.text C:\WINDOWS\System32\svchost.exe[592] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 006E2160
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[636] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DD6390
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[636] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00DD6640
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[636] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00DD53D0
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00DD5300
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[636] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DD11C0
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[636] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DD1290
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[636] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00DD2570
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[636] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00DD1000
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[636] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00DD10A0
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[636] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00DD2510
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[636] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00DD1D10
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[636] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DD7250
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[636] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00DD20A0
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[636] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 00DD23A0
.text C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe[636] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00DD2160
.text C:\WINDOWS\system32\hkcmd.exe[800] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01056390
.text C:\WINDOWS\system32\hkcmd.exe[800] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01056640
.text C:\WINDOWS\system32\hkcmd.exe[800] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 010553D0
.text C:\WINDOWS\system32\hkcmd.exe[800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01055300
.text C:\WINDOWS\system32\hkcmd.exe[800] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010511C0
.text C:\WINDOWS\system32\hkcmd.exe[800] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01051290
.text C:\WINDOWS\system32\hkcmd.exe[800] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01052570
.text C:\WINDOWS\system32\hkcmd.exe[800] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01051000
.text C:\WINDOWS\system32\hkcmd.exe[800] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 010510A0
.text C:\WINDOWS\system32\hkcmd.exe[800] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01052510
.text C:\WINDOWS\system32\hkcmd.exe[800] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01051D10
.text C:\WINDOWS\system32\hkcmd.exe[800] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01057250
.text C:\WINDOWS\system32\hkcmd.exe[800] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 010520A0
.text C:\WINDOWS\system32\hkcmd.exe[800] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 010523A0
.text C:\WINDOWS\system32\hkcmd.exe[800] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 01052160
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[960] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 012B6390
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[960] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 012B6640
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[960] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 012B53D0
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[960] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012B5300
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[960] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012B11C0
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[960] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 012B1290
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[960] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 012B2570
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[960] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 012B1000
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[960] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 012B10A0
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[960] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 012B2510
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[960] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 012B1D10
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[960] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012B7250
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[960] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 012B20A0
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[960] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 012B23A0
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[960] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 012B2160
.text C:\Program Files\Tether\TBService.exe[1052] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00636390
.text C:\Program Files\Tether\TBService.exe[1052] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00636640
.text C:\Program Files\Tether\TBService.exe[1052] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 006353D0
.text C:\Program Files\Tether\TBService.exe[1052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00635300
.text C:\Program Files\Tether\TBService.exe[1052] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006311C0
.text C:\Program Files\Tether\TBService.exe[1052] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00631290
.text C:\Program Files\Tether\TBService.exe[1052] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00632570
.text C:\Program Files\Tether\TBService.exe[1052] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00631000
.text C:\Program Files\Tether\TBService.exe[1052] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 006310A0
.text C:\Program Files\Tether\TBService.exe[1052] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00632510
.text C:\Program Files\Tether\TBService.exe[1052] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00631D10
.text C:\Program Files\Tether\TBService.exe[1052] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00637250
.text C:\Program Files\Tether\TBService.exe[1052] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 006320A0
.text C:\Program Files\Tether\TBService.exe[1052] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 006323A0
.text C:\Program Files\Tether\TBService.exe[1052] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00632160
.text C:\WINDOWS\system32\csrss.exe[1304] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 013F6390
.text C:\WINDOWS\system32\csrss.exe[1304] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 013F6640
.text C:\WINDOWS\system32\csrss.exe[1304] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 013F53D0
.text C:\WINDOWS\system32\csrss.exe[1304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 013F5300
.text C:\WINDOWS\system32\csrss.exe[1304] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 013F11C0
.text C:\WINDOWS\system32\csrss.exe[1304] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 013F1290
.text C:\WINDOWS\system32\csrss.exe[1304] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 013F2570
.text C:\WINDOWS\system32\csrss.exe[1304] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 013F1000
.text C:\WINDOWS\system32\csrss.exe[1304] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 013F10A0
.text C:\WINDOWS\system32\csrss.exe[1304] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 013F2510
.text C:\WINDOWS\system32\csrss.exe[1304] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 013F1D10
.text C:\WINDOWS\system32\csrss.exe[1304] WS2_32.dll!send 71AB4C27 5 Bytes JMP 013F7250
.text C:\WINDOWS\system32\csrss.exe[1304] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 013F20A0
.text C:\WINDOWS\system32\csrss.exe[1304] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 013F23A0
.text C:\WINDOWS\system32\csrss.exe[1304] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 013F2160
.text C:\WINDOWS\system32\winlogon.exe[1336] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01856390
.text C:\WINDOWS\system32\winlogon.exe[1336] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01856640
.text C:\WINDOWS\system32\winlogon.exe[1336] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 018553D0
.text C:\WINDOWS\system32\winlogon.exe[1336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01855300
.text C:\WINDOWS\system32\winlogon.exe[1336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 018511C0
.text C:\WINDOWS\system32\winlogon.exe[1336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01851290
.text C:\WINDOWS\system32\winlogon.exe[1336] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01852570
.text C:\WINDOWS\system32\winlogon.exe[1336] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01851000
.text C:\WINDOWS\system32\winlogon.exe[1336] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 018510A0
.text C:\WINDOWS\system32\winlogon.exe[1336] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01852510
.text C:\WINDOWS\system32\winlogon.exe[1336] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01851D10
.text C:\WINDOWS\system32\winlogon.exe[1336] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01857250
.text C:\WINDOWS\system32\winlogon.exe[1336] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 018520A0
.text C:\WINDOWS\system32\winlogon.exe[1336] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 018523A0
.text C:\WINDOWS\system32\winlogon.exe[1336] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 01852160
.text C:\WINDOWS\system32\services.exe[1400] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D16390
.text C:\WINDOWS\system32\services.exe[1400] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D16640
.text C:\WINDOWS\system32\services.exe[1400] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D153D0
.text C:\WINDOWS\system32\services.exe[1400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D15300
.text C:\WINDOWS\system32\services.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D111C0
.text C:\WINDOWS\system32\services.exe[1400] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D11290
.text C:\WINDOWS\system32\services.exe[1400] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00D12570
.text C:\WINDOWS\system32\services.exe[1400] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00D11000
.text C:\WINDOWS\system32\services.exe[1400] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00D110A0
.text C:\WINDOWS\system32\services.exe[1400] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00D12510
.text C:\WINDOWS\system32\services.exe[1400] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00D11D10
.text C:\WINDOWS\system32\services.exe[1400] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D17250
.text C:\WINDOWS\system32\services.exe[1400] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00D120A0
.text C:\WINDOWS\system32\services.exe[1400] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 00D123A0
.text C:\WINDOWS\system32\services.exe[1400] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00D12160
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00F86390
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00F86640
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00F853D0
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00F85300
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F811C0
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F81290
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00F82570
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00F81000
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00F810A0
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00F82510
.text C:\WINDOWS\system32\svchost.exe[1576] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00F81D10
.text C:\WINDOWS\system32\svchost.exe[1576] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F87250
.text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00F820A0
.text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 00F823A0
.text C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00F82160
.text C:\WINDOWS\system32\spoolsv.exe[1620] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 018A6390
.text C:\WINDOWS\system32\spoolsv.exe[1620] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 018A6640
.text C:\WINDOWS\system32\spoolsv.exe[1620] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 018A53D0
.text C:\WINDOWS\system32\spoolsv.exe[1620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 018A5300
.text C:\WINDOWS\system32\spoolsv.exe[1620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 018A11C0
.text C:\WINDOWS\system32\spoolsv.exe[1620] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 018A1290
.text C:\WINDOWS\system32\spoolsv.exe[1620] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 018A2570
.text C:\WINDOWS\system32\spoolsv.exe[1620] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 018A1000
.text C:\WINDOWS\system32\spoolsv.exe[1620] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 018A10A0
.text C:\WINDOWS\system32\spoolsv.exe[1620] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 018A2510
.text C:\WINDOWS\system32\spoolsv.exe[1620] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 018A1D10
.text C:\WINDOWS\system32\spoolsv.exe[1620] WS2_32.dll!send 71AB4C27 5 Bytes JMP 018A7250
.text C:\WINDOWS\system32\spoolsv.exe[1620] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 018A20A0
.text C:\WINDOWS\system32\spoolsv.exe[1620] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 018A23A0
.text C:\WINDOWS\system32\spoolsv.exe[1620] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 018A2160
.text C:\WINDOWS\system32\svchost.exe[1688] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C76390
.text C:\WINDOWS\system32\svchost.exe[1688] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C76640
.text C:\WINDOWS\system32\svchost.exe[1688] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C753D0
.text C:\WINDOWS\system32\svchost.exe[1688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C75300
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C711C0
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C71290
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C72570
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C71000
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00C710A0
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00C72510
.text C:\WINDOWS\system32\svchost.exe[1688] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00C71D10
.text C:\WINDOWS\system32\svchost.exe[1688] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C77250
.text C:\WINDOWS\system32\svchost.exe[1688] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00C720A0
.text C:\WINDOWS\system32\svchost.exe[1688] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 00C723A0
.text C:\WINDOWS\system32\svchost.exe[1688] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00C72160
.text C:\WINDOWS\System32\svchost.exe[1728] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03166390
.text C:\WINDOWS\System32\svchost.exe[1728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 03166640
.text C:\WINDOWS\System32\svchost.exe[1728] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 031653D0
.text C:\WINDOWS\System32\svchost.exe[1728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 03165300
.text C:\WINDOWS\System32\svchost.exe[1728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 031611C0
.text C:\WINDOWS\System32\svchost.exe[1728] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03161290
.text C:\WINDOWS\System32\svchost.exe[1728] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 03162570
.text C:\WINDOWS\System32\svchost.exe[1728] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 03161000
.text C:\WINDOWS\System32\svchost.exe[1728] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 031610A0
.text C:\WINDOWS\System32\svchost.exe[1728] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 03162510
.text C:\WINDOWS\System32\svchost.exe[1728] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 03161D10
.text C:\WINDOWS\System32\svchost.exe[1728] WS2_32.dll!send 71AB4C27 5 Bytes JMP 03167250
.text C:\WINDOWS\System32\svchost.exe[1728] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 031620A0
.text C:\WINDOWS\System32\svchost.exe[1728] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 031623A0
.text C:\WINDOWS\System32\svchost.exe[1728] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 03162160
.text C:\WINDOWS\System32\SCardSvr.exe[1804] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007B6390
.text C:\WINDOWS\System32\SCardSvr.exe[1804] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 007B6640
.text C:\WINDOWS\System32\SCardSvr.exe[1804] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007B53D0
.text C:\WINDOWS\System32\SCardSvr.exe[1804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007B5300
.text C:\WINDOWS\System32\SCardSvr.exe[1804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007B11C0
.text C:\WINDOWS\System32\SCardSvr.exe[1804] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007B1290
.text C:\WINDOWS\System32\SCardSvr.exe[1804] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 007B2570
.text C:\WINDOWS\System32\SCardSvr.exe[1804] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 007B1000
.text C:\WINDOWS\System32\SCardSvr.exe[1804] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 007B10A0
.text C:\WINDOWS\System32\SCardSvr.exe[1804] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 007B2510
.text C:\WINDOWS\System32\SCardSvr.exe[1804] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 007B1D10
.text C:\WINDOWS\System32\SCardSvr.exe[1804] WS2_32.dll!send 71AB4C27 5 Bytes JMP 007B7250
.text C:\WINDOWS\System32\SCardSvr.exe[1804] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 007B20A0
.text C:\WINDOWS\System32\SCardSvr.exe[1804] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 007B23A0
.text C:\WINDOWS\System32\SCardSvr.exe[1804] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 007B2160
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1820] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 025E6390
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1820] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 025E6640
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1820] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 025E53D0
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 025E5300
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025E11C0
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1820] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 025E1290
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1820] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 025E2570
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1820] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 025E1000
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1820] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 025E10A0
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1820] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 025E2510
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1820] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 025E1D10
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1820] WS2_32.dll!send 71AB4C27 5 Bytes JMP 025E7250
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1820] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 025E20A0
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1820] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 025E23A0
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[1820] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 025E2160
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1896] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C96390
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1896] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C96640
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1896] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C953D0
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1896] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C95300
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1896] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C911C0
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1896] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C91290
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1896] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C92570
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1896] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C91000
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1896] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00C910A0
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1896] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00C92510
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1896] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00C91D10
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1896] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C97250
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1896] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00C920A0
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1896] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 00C923A0
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[1896] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00C92160
.text C:\WINDOWS\system32\svchost.exe[1916] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D76390
.text C:\WINDOWS\system32\svchost.exe[1916] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D76640
.text C:\WINDOWS\system32\svchost.exe[1916] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D753D0
.text C:\WINDOWS\system32\svchost.exe[1916] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D75300
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D711C0
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D71290
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00D72570
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00D71000
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00D710A0
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00D72510
.text C:\WINDOWS\system32\svchost.exe[1916] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00D720A0
.text C:\WINDOWS\system32\svchost.exe[1916] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 00D723A0
.text C:\WINDOWS\system32\svchost.exe[1916] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00D72160
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00D71D10
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D77250
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1980] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00656390
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1980] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00656640
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1980] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 006553D0
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00655300
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006511C0
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1980] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00651290
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1980] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00652570
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1980] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00651000
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1980] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 006510A0
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1980] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00652510
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1980] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00651D10
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1980] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00657250
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1980] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 006520A0
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1980] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 006523A0
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1980] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00652160
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007A6390
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 007A6640
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007A53D0
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007A5300
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007A11C0
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007A1290
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 007A2570
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 007A1000
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 007A10A0
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 007A2510
.text C:\WINDOWS\system32\svchost.exe[2012] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 007A1D10
.text C:\WINDOWS\system32\svchost.exe[2012] WS2_32.dll!send 71AB4C27 5 Bytes JMP 007A7250
.text C:\WINDOWS\system32\svchost.exe[2012] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 007A20A0
.text C:\WINDOWS\system32\svchost.exe[2012] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 007A23A0
.text C:\WINDOWS\system32\svchost.exe[2012] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 007A2160
.text C:\WINDOWS\system32\igfxpers.exe[2124] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01006390
.text C:\WINDOWS\system32\igfxpers.exe[2124] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01006640
.text C:\WINDOWS\system32\igfxpers.exe[2124] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 010053D0
.text C:\WINDOWS\system32\igfxpers.exe[2124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01005300
.text C:\WINDOWS\system32\igfxpers.exe[2124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010011C0
.text C:\WINDOWS\system32\igfxpers.exe[2124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01001290
.text C:\WINDOWS\system32\igfxpers.exe[2124] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01002570
.text C:\WINDOWS\system32\igfxpers.exe[2124] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01001000
.text C:\WINDOWS\system32\igfxpers.exe[2124] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 010010A0
.text C:\WINDOWS\system32\igfxpers.exe[2124] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01002510
.text C:\WINDOWS\system32\igfxpers.exe[2124] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01001D10
.text C:\WINDOWS\system32\igfxpers.exe[2124] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01007250
.text C:\WINDOWS\system32\igfxpers.exe[2124] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 010020A0
.text C:\WINDOWS\system32\igfxpers.exe[2124] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 010023A0
.text C:\WINDOWS\system32\igfxpers.exe[2124] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 01002160
.text C:\WINDOWS\system32\cidaemon.exe[2148] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A6390
.text C:\WINDOWS\system32\cidaemon.exe[2148] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A6640
.text C:\WINDOWS\system32\cidaemon.exe[2148] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000A53D0
.text C:\WINDOWS\system32\cidaemon.exe[2148] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A5300
.text C:\WINDOWS\system32\cidaemon.exe[2148] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0
.text C:\WINDOWS\system32\cidaemon.exe[2148] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 000A1290
.text C:\WINDOWS\system32\cidaemon.exe[2148] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 000A2570
.text C:\WINDOWS\system32\cidaemon.exe[2148] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 000A1000
.text C:\WINDOWS\system32\cidaemon.exe[2148] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 000A10A0
.text C:\WINDOWS\system32\cidaemon.exe[2148] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 000A2510
.text C:\WINDOWS\system32\cidaemon.exe[2148] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 000A1D10
.text C:\WINDOWS\system32\cidaemon.exe[2148] WS2_32.dll!send 71AB4C27 5 Bytes JMP 000A7250
.text C:\WINDOWS\system32\cidaemon.exe[2148] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 000A20A0
.text C:\WINDOWS\system32\cidaemon.exe[2148] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 000A23A0
.text C:\WINDOWS\system32\cidaemon.exe[2148] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 000A2160
.text C:\Program Files\DellTPad\Apoint.exe[2164] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C16390
.text C:\Program Files\DellTPad\Apoint.exe[2164] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C16640
.text C:\Program Files\DellTPad\Apoint.exe[2164] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C153D0
.text C:\Program Files\DellTPad\Apoint.exe[2164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C15300
.text C:\Program Files\DellTPad\Apoint.exe[2164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C111C0
.text C:\Program Files\DellTPad\Apoint.exe[2164] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C11290
.text C:\Program Files\DellTPad\Apoint.exe[2164] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C12570
.text C:\Program Files\DellTPad\Apoint.exe[2164] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C11000
.text C:\Program Files\DellTPad\Apoint.exe[2164] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00C110A0
.text C:\Program Files\DellTPad\Apoint.exe[2164] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00C12510
.text C:\Program Files\DellTPad\Apoint.exe[2164] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00C11D10
.text C:\Program Files\DellTPad\Apoint.exe[2164] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C17250
.text C:\Program Files\DellTPad\Apoint.exe[2164] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00C120A0
.text C:\Program Files\DellTPad\Apoint.exe[2164] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 00C123A0
.text C:\Program Files\DellTPad\Apoint.exe[2164] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00C12160
.text C:\WINDOWS\system32\igfxsrvc.exe[2276] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 011F6390
.text C:\WINDOWS\system32\igfxsrvc.exe[2276] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 011F6640
.text C:\WINDOWS\system32\igfxsrvc.exe[2276] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 011F53D0
.text C:\WINDOWS\system32\igfxsrvc.exe[2276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011F5300
.text C:\WINDOWS\system32\igfxsrvc.exe[2276] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011F11C0
.text C:\WINDOWS\system32\igfxsrvc.exe[2276] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011F1290
.text C:\WINDOWS\system32\igfxsrvc.exe[2276] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 011F2570
.text C:\WINDOWS\system32\igfxsrvc.exe[2276] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 011F1000
.text C:\WINDOWS\system32\igfxsrvc.exe[2276] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 011F10A0
.text C:\WINDOWS\system32\igfxsrvc.exe[2276] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 011F2510
.text C:\WINDOWS\system32\igfxsrvc.exe[2276] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 011F1D10
.text C:\WINDOWS\system32\igfxsrvc.exe[2276] WS2_32.dll!send 71AB4C27 5 Bytes JMP 011F7250
.text C:\WINDOWS\system32\igfxsrvc.exe[2276] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 011F20A0
.text C:\WINDOWS\system32\igfxsrvc.exe[2276] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 011F23A0
.text C:\WINDOWS\system32\igfxsrvc.exe[2276] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 011F2160
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2288] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 015F6390
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2288] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 015F6640
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2288] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 015F53D0
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 015F5300
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 015F11C0
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2288] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 015F1290
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2288] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 015F2570
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2288] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 015F1000
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2288] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 015F10A0
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2288] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 015F2510
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2288] ws2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 015F1D10
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2288] ws2_32.dll!send 71AB4C27 5 Bytes JMP 015F7250
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2288] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 015F20A0
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2288] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 015F23A0
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2288] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 015F2160
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2488] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00946390
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2488] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00946640
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2488] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009453D0
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00945300
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2488] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009411C0
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2488] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00941290
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2488] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00942570
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2488] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00941000
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2488] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009410A0
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2488] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00942510
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2488] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00941D10
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2488] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00947250
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2488] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 009420A0
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2488] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 009423A0
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2488] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00942160
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2604] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A86390
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2604] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A86640
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2604] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A853D0
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A85300
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A811C0
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2604] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A81290
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2604] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A82570
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2604] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A81000
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2604] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00A810A0
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2604] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00A82510
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2604] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00A81D10
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2604] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A87250
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2604] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00A820A0
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2604] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 00A823A0
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2604] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00A82160
.text C:\Program Files\DellTPad\HidFind.exe[2728] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A16390
.text C:\Program Files\DellTPad\HidFind.exe[2728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A16640
.text C:\Program Files\DellTPad\HidFind.exe[2728] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A153D0
.text C:\Program Files\DellTPad\HidFind.exe[2728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A15300
.text C:\Program Files\DellTPad\HidFind.exe[2728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A111C0
.text C:\Program Files\DellTPad\HidFind.exe[2728] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A11290
.text C:\Program Files\DellTPad\HidFind.exe[2728] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A12570
.text C:\Program Files\DellTPad\HidFind.exe[2728] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A11000
.text C:\Program Files\DellTPad\HidFind.exe[2728] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00A110A0
.text C:\Program Files\DellTPad\HidFind.exe[2728] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00A12510
.text C:\Program Files\DellTPad\HidFind.exe[2728] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00A11D10
.text C:\Program Files\DellTPad\HidFind.exe[2728] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A17250
.text C:\Program Files\DellTPad\HidFind.exe[2728] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00A120A0
.text C:\Program Files\DellTPad\HidFind.exe[2728] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 00A123A0
.text C:\Program Files\DellTPad\HidFind.exe[2728] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00A12160
.text C:\WINDOWS\system32\ctfmon.exe[2756] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A36390
.text C:\WINDOWS\system32\ctfmon.exe[2756] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A36640
.text C:\WINDOWS\system32\ctfmon.exe[2756] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A353D0
.text C:\WINDOWS\system32\ctfmon.exe[2756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A35300
.text C:\WINDOWS\system32\ctfmon.exe[2756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A311C0
.text C:\WINDOWS\system32\ctfmon.exe[2756] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A31290
.text C:\WINDOWS\system32\ctfmon.exe[2756] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A32570
.text C:\WINDOWS\system32\ctfmon.exe[2756] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A31000
.text C:\WINDOWS\system32\ctfmon.exe[2756] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00A310A0
.text C:\WINDOWS\system32\ctfmon.exe[2756] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00A32510
.text C:\WINDOWS\system32\ctfmon.exe[2756] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00A31D10
.text C:\WINDOWS\system32\ctfmon.exe[2756] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A37250
.text C:\WINDOWS\system32\ctfmon.exe[2756] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00A320A0
.text C:\WINDOWS\system32\ctfmon.exe[2756] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 00A323A0
.text C:\WINDOWS\system32\ctfmon.exe[2756] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00A32160
.text C:\Program Files\DellTPad\Apntex.exe[2828] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B16390
.text C:\Program Files\DellTPad\Apntex.exe[2828] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B16640
.text C:\Program Files\DellTPad\Apntex.exe[2828] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B153D0
.text C:\Program Files\DellTPad\Apntex.exe[2828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B15300
.text C:\Program Files\DellTPad\Apntex.exe[2828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B111C0
.text C:\Program Files\DellTPad\Apntex.exe[2828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B11290
.text C:\Program Files\DellTPad\Apntex.exe[2828] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B12570
.text C:\Program Files\DellTPad\Apntex.exe[2828] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B11000
.text C:\Program Files\DellTPad\Apntex.exe[2828] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B110A0
.text C:\Program Files\DellTPad\Apntex.exe[2828] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B12510
.text C:\Program Files\DellTPad\Apntex.exe[2828] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00B11D10
.text C:\Program Files\DellTPad\Apntex.exe[2828] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B17250
.text C:\Program Files\DellTPad\Apntex.exe[2828] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00B120A0
.text C:\Program Files\DellTPad\Apntex.exe[2828] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 00B123A0
.text C:\Program Files\DellTPad\Apntex.exe[2828] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00B12160
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2884] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01326390
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2884] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01326640
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2884] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 013253D0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2884] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01325300
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013211C0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01321290
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2884] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01322570
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2884] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01321000
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2884] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 013210A0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2884] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01322510
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2884] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01321D10
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2884] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01327250
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2884] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 013220A0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2884] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 013223A0
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2884] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 01322160
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0B886390
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0B886640
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0B8853D0
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0B885300
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0B8811C0
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0B881290
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0B882570
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0B881000
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0B8810A0
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0B882510
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 0B881D10
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0B887250
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0B8820A0
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0B8823A0
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2920] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0B882160
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2948] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01576390
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2948] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01576640
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2948] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 015753D0
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01575300
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 015711C0
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2948] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01571290
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2948] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01572570
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2948] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01571000
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2948] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 015710A0
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2948] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01572510
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2948] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01571D10
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2948] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01577250
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2948] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 015720A0
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2948] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 015723A0
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2948] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 01572160
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00E96390
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E96640
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E953D0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E95300
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E911C0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E91290
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00E92570
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00E91000
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00E910A0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00E92510
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00E91D10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E97250
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00E920A0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 00E923A0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00E92160
.text C:\WINDOWS\System32\alg.exe[3480] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B16390
.text C:\WINDOWS\System32\alg.exe[3480] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B16640
.text C:\WINDOWS\System32\alg.exe[3480] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B153D0
.text C:\WINDOWS\System32\alg.exe[3480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B15300
.text C:\WINDOWS\System32\alg.exe[3480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B111C0
.text C:\WINDOWS\System32\alg.exe[3480] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B11290
.text C:\WINDOWS\System32\alg.exe[3480] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B12570
.text C:\WINDOWS\System32\alg.exe[3480] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B11000
.text C:\WINDOWS\System32\alg.exe[3480] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B110A0
.text C:\WINDOWS\System32\alg.exe[3480] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B12510
.text C:\WINDOWS\System32\alg.exe[3480] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00B11D10
.text C:\WINDOWS\System32\alg.exe[3480] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B17250
.text C:\WINDOWS\System32\alg.exe[3480] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00B120A0
.text C:\WINDOWS\System32\alg.exe[3480] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 00B123A0
.text C:\WINDOWS\System32\alg.exe[3480] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00B12160
.text C:\WINDOWS\Explorer.EXE[3620] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02366390
.text C:\WINDOWS\Explorer.EXE[3620] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02366640
.text C:\WINDOWS\Explorer.EXE[3620] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 023653D0
.text C:\WINDOWS\Explorer.EXE[3620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 02365300
.text C:\WINDOWS\Explorer.EXE[3620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 023611C0
.text C:\WINDOWS\Explorer.EXE[3620] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02361290
.text C:\WINDOWS\Explorer.EXE[3620] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 02362570
.text C:\WINDOWS\Explorer.EXE[3620] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 02361000
.text C:\WINDOWS\Explorer.EXE[3620] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 023610A0
.text C:\WINDOWS\Explorer.EXE[3620] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 02362510
.text C:\WINDOWS\Explorer.EXE[3620] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 023620A0
.text C:\WINDOWS\Explorer.EXE[3620] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 023623A0
.text C:\WINDOWS\Explorer.EXE[3620] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 02362160
.text C:\WINDOWS\Explorer.EXE[3620] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 02361D10
.text C:\WINDOWS\Explorer.EXE[3620] WS2_32.dll!send 71AB4C27 3 Bytes JMP 02367250
.text C:\WINDOWS\Explorer.EXE[3620] WS2_32.dll!send + 4 71AB4C2B 1 Byte [90]
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3656] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03086390
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3656] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 03086640
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3656] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 030853D0
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 03085300
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 030811C0
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03081290
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3656] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 03082570
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3656] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 03081000
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3656] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 030810A0
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3656] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 03082510
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3656] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 03081D10
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3656] WS2_32.dll!send 71AB4C27 5 Bytes JMP 03087250
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3656] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 030820A0
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3656] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 030823A0
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3656] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 03082160
.text C:\Documents and Settings\mkershaw\Desktop\32mzuy1p.exe[3708] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390
.text C:\Documents and Settings\mkershaw\Desktop\32mzuy1p.exe[3708] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640
.text C:\Documents and Settings\mkershaw\Desktop\32mzuy1p.exe[3708] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0
.text C:\Documents and Settings\mkershaw\Desktop\32mzuy1p.exe[3708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300
.text C:\Documents and Settings\mkershaw\Desktop\32mzuy1p.exe[3708] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0
.text C:\Documents and Settings\mkershaw\Desktop\32mzuy1p.exe[3708] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00161290
.text C:\Documents and Settings\mkershaw\Desktop\32mzuy1p.exe[3708] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00162570
.text C:\Documents and Settings\mkershaw\Desktop\32mzuy1p.exe[3708] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00161000
.text C:\Documents and Settings\mkershaw\Desktop\32mzuy1p.exe[3708] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 001610A0
.text C:\Documents and Settings\mkershaw\Desktop\32mzuy1p.exe[3708] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00162510
.text C:\Documents and Settings\mkershaw\Desktop\32mzuy1p.exe[3708] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10
.text C:\Documents and Settings\mkershaw\Desktop\32mzuy1p.exe[3708] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00167250
.text C:\Documents and Settings\mkershaw\Desktop\32mzuy1p.exe[3708] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 001620A0
.text C:\Documents and Settings\mkershaw\Desktop\32mzuy1p.exe[3708] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 001623A0
.text C:\Documents and Settings\mkershaw\Desktop\32mzuy1p.exe[3708] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00162160
.text C:\Program Files\Dell\QuickSet\quickset.exe[3900] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01AC6390
.text C:\Program Files\Dell\QuickSet\quickset.exe[3900] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01AC6640
.text C:\Program Files\Dell\QuickSet\quickset.exe[3900] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01AC53D0
.text C:\Program Files\Dell\QuickSet\quickset.exe[3900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01AC5300
.text C:\Program Files\Dell\QuickSet\quickset.exe[3900] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01AC11C0
.text C:\Program Files\Dell\QuickSet\quickset.exe[3900] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01AC1290
.text C:\Program Files\Dell\QuickSet\quickset.exe[3900] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01AC2570
.text C:\Program Files\Dell\QuickSet\quickset.exe[3900] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01AC1000
.text C:\Program Files\Dell\QuickSet\quickset.exe[3900] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01AC10A0
.text C:\Program Files\Dell\QuickSet\quickset.exe[3900] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01AC2510
.text C:\Program Files\Dell\QuickSet\quickset.exe[3900] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 01AC20A0
.text C:\Program Files\Dell\QuickSet\quickset.exe[3900] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 01AC23A0
.text C:\Program Files\Dell\QuickSet\quickset.exe[3900] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 01AC2160
.text C:\Program Files\Dell\QuickSet\quickset.exe[3900] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01AC1D10
.text C:\Program Files\Dell\QuickSet\quickset.exe[3900] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01AC7250

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\SYMTDI \Device\SymTDI wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Tlgwgp C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\Program Files\Movie Maker\wmm2res.dll,-63096 Capture and edit digital media on your computer and then share your saved movies by e-mail, the Internet, recordable CD, or on a DV video tape.

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\mkershaw\Application Data\Tlgwgp.exe 278528 bytes executable





Symantec Risk log


Filename Risk Action Risk Type Original Location Computer User Status Current Location Primary Action Secondary Action Logged By Action Description Date and Time
Cookie:mkershaw@atdmt.com/ Tracking Cookies Deleted Trackware Cookie:mkershaw@atdmt.com/ MKERSHAWLPT4 mkershaw Deleted Deleted Quarantine Leave alone (log only) Manual scan The file was deleted successfully. 9/10/2011 8:43
A0042390.exe Bloodhound.MalPE Quarantined Heuristics c:\System Volume Information\_restore{2318AAF4-1BB9-4282-AE7B-FB61233A462B}\RP167\ MKERSHAWLPT4 mkershaw Infected Quarantine Clean security risk Quarantine Manual scan The file was quarantined successfully. 9/13/2011 0:34
Cookie:mkershaw@ad.yieldmanager.com/ Tracking Cookies Deleted Trackware Cookie:mkershaw@ad.yieldmanager.com/ MKERSHAWLPT4 mkershaw Deleted Deleted Quarantine Leave alone (log only) Manual scan The file was deleted successfully. 9/12/2011 22:56

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:23 AM

Posted 13 September 2011 - 03:01 PM

How is iy now.. Lets see what remnants are left.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Raker

Raker
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 13 September 2011 - 06:29 PM

I can not connect to those links on the infected computer. Only on another none infected computer. The infected computer apears to block access to all of the security based websites so I can not run this online scanner. Any ideas on an alternative?


Edit to add: The infected computer also can not run windows update.

Edited by Raker, 13 September 2011 - 06:38 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:23 AM

Posted 13 September 2011 - 08:45 PM

The infected = the XP correct?



Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.



Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to Normal and run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware


NOTE:
If you cannot use the Internet,you will need access to another computer that has a connection.
From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program.
If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Raker

Raker
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 13 September 2011 - 08:54 PM

The infected = the XP correct?


Correct XP. I will try this in a few minutes.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:23 AM

Posted 13 September 2011 - 10:05 PM

OK,I'll look back.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Raker

Raker
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 15 September 2011 - 07:27 PM

Computer still running a little strange. Hard drive activity light lights up like christmas tree when first detecting any network (lan only right now). Computer still boots up very slowly, symantec tamper message still shows up on initial boot up, also see under process explorer sometime after booting up that "interupts" (hardware interupts and dpcs) takes about 40 to 50% cpu for several minutes (I do not know if that is normal or not just seems suspicious to me). I have not taken a screen shot of that yet. Task manager will not open via control alt delete


I ran rkill in safemode and it did not see anything.
Ran SAS in safe mode and it picked up tracking cookies.
Ran MALB and it detected something more signficant.
Here are the logs:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 09/13/2011 at 22:12:57.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 09/13/2011 at 22:13:07.





SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/14/2011 at 00:24 AM

Application Version : 5.0.1118

Core Rules Database Version : 7687
Trace Rules Database Version: 5499

Scan type : Complete Scan
Total Scan Time : 01:56:59

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 321
Memory threats detected : 0
Registry items scanned : 37425
Registry threats detected : 0
File items scanned : 53845
File threats detected : 14

Adware.Tracking Cookie
C:\Documents and Settings\mkershaw\Cookies\NWE391LG.txt
C:\Documents and Settings\mkershaw\Cookies\XS255R0A.txt
C:\Documents and Settings\mkershaw\Cookies\536PNH2C.txt
C:\Documents and Settings\mkershaw\Cookies\89V3QH50.txt
C:\Documents and Settings\mkershaw\Cookies\RZ64U81L.txt
C:\Documents and Settings\mkershaw\Cookies\MTK12N06.txt
C:\Documents and Settings\mkershaw\Cookies\CL7QE139.txt
C:\Documents and Settings\mkershaw\Cookies\OYTE0GYO.txt
C:\Documents and Settings\mkershaw\Cookies\IMP5KGEV.txt
C:\Documents and Settings\mkershaw\Cookies\PRP324J3.txt
C:\Documents and Settings\mkershaw\Cookies\3JL0AGGG.txt
C:\Documents and Settings\mkershaw\Cookies\KDYR18OG.txt
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VAX6HRUX.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\MKERSHAW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VAX6HRUX.DEFAULT\COOKIES.SQLITE ]



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7719

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/14/2011 11:27:54 PM
mbam-log-2011-09-14 (23-27-54).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 241585
Time elapsed: 2 hour(s), 31 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{2318aaf4-1bb9-4282-ae7b-fb61233a462b}\RP164\A0036080.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2318aaf4-1bb9-4282-ae7b-fb61233a462b}\RP164\A0038196.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:23 AM

Posted 15 September 2011 - 10:31 PM

We found Backdoor bots here too.. Can you run ESET on here now?
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Raker

Raker
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 17 September 2011 - 09:19 AM

I ran ESETS in safe mode and it found 3 entries:
Here is the log.

C:\Documents and Settings\mkershaw\Application Data\3.tmp a variant of Win32/Injector.JEH trojan cleaned by deleting - quarantined
C:\Documents and Settings\mkershaw\Desktop\cnet_FoxitReader502_0718_enu_Setup_exe.exe a variant of Win32/InstallCore.C application cleaned by deleting - quarantined
C:\Documents and Settings\mkershaw\My Documents\Downloads\cnet_FoxitReader502_0718_enu_Setup_exe.exe a variant of Win32/InstallCore.C application cleaned by deleting - quarantined

#15 Raker

Raker
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 17 September 2011 - 09:46 AM

I still can not browse to any security related sites. Here is what I got when I tried to go to symantec My link




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users