Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Virus.Kies Analysis Report
Threat Submitted On: 4/5/2008 5:53:45 PM
Threat Analysed On: 4/5/2008 10:53:45 PM
Threat Updated On: 1/27/2011 2:16:34 PM
Type : Virus
Symptoms of Kies
  • Attaches with an existing program and copies itself to other programs upon execution.
  • May pose severe threats to the user-data and the system-performance.
Information
Alias : Virus.Win32.Kies.b
Md5 Hash : [f62c997b13650d455fc61744ba04ae14]
File Size : (90114 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: newshortcut1_ced30fdd7b9a4bc3b02586b27b0993f8_1.exe
Path : %windir%\installer\{8dd1701b-eeb5-4687-b442-2e5333d831ee}

Md5Hash :99d24f1f5c108feea8f3509dc3666728 ( 40960 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
3b6fc5e39ecb2d6eed3ea25d2c221f73 ( 332577 bytes)
3d2589d79ce2381dc12bc8af1d1974e0 ( 1553185 bytes)
4232c9d4b89e4225f7d986eb789aac21 ( 392923 bytes)
606b75e87b4172f1e2a2b56acd8dcc49 ( 192512 bytes)
6fb702ff2f278b982d35dc28cfea7072 ( 392924 bytes)
7ebfd6fb7f2296819b078477801b47bc ( 392923 bytes)
96d294ca4e67fb2c04475b9760ab82d9 ( 192514 bytes)
c302deeff4f9ba4c361e29bc8aa12c48 ( 392934 bytes)
f1970ceacb212d2656fd8f3a3e42ec6b ( 45856 bytes)
f62c997b13650d455fc61744ba04ae14 ( 90114 bytes)
Also creates the following files on user's System which are also created by Genuine Software :-
Note:
These file(s) can be kept as they are also created by genuine Software.
File : newsid.exe
Path : %homepath%\desktop

Md5Hash :73e708d1126e7af86a4ef820c24d80e4 ( 228152 bytes)
File : dw20.exe
Path : %programfiles%\common files\microsoft shared\dw

Md5Hash :78453c62ec9ea61524f4a3b0877731e3 ( 631488 bytes)
File : dwtrig20.exe
Path : %programfiles%\common files\microsoft shared\dw

Md5Hash :34125f1ca24b978df64ad98a1a0121e6 ( 36040 bytes)
File : dir2file.exe
Path : %programfiles%\dir2file

Md5Hash :e8bf4f790ab6a3f46dee58747c2507be ( 60928 bytes)
File : wab.exe
Path : %programfiles%\outlook express

Md5Hash :a7b050f20f8008e7bcda4a5359c2063f ( 46080 bytes)
File : mplayer2.exe
Path : %programfiles%\windows media player

Md5Hash :96641889eea85edefa239af098fee8ad ( 4639 bytes)
File : wmsetsdk.exe
Path : %programfiles%\windows media player

Md5Hash :34db1c54fe858aaccade53a3441d6b4c ( 819200 bytes)
File : dialer.exe
Path : %programfiles%\windows nt

Md5Hash :26976f1218f15406e4d9a0c9d1654ead ( 539136 bytes)
File : hypertrm.exe
Path : %programfiles%\windows nt

Md5Hash :9dbb82fb602aa42b131c55c5d136dc9c ( 28160 bytes)
File : adlb.exe
Path : %windir%

Md5Hash :31b1a11dfb7ba9a5deecba9eb4dc8a0e ( 124416 bytes)
File : atmarp.exe
Path : %windir%

Md5Hash :0667c624a720fea5f800d6e36d496cbd ( 16384 bytes)
File : atmlane.exe
Path : %windir%

Md5Hash :32e33182776a6ed2b41b3e7f0a92957c ( 13312 bytes)
File : autoexnt.exe
Path : %windir%

Md5Hash :c9df8579a21ebb606df3a5eb496e9854 ( 7168 bytes)
File : cdburn.exe
Path : %windir%

Md5Hash :73c2b4e066d87d0d2a8861af20e5d911 ( 13824 bytes)
File : cepsetup.exe
Path : %windir%

Md5Hash :17aa1f33eaf3f360b1f625fec47cff8a ( 155360 bytes)
File : chklnks.exe
Path : %windir%

Md5Hash :830b937cf766136c216e40f1c9fc6340 ( 364032 bytes)
File : chknic.exe
Path : %windir%

Md5Hash :18cf7881bd7bf366dc9d5135b392844a ( 28672 bytes)
File : cleanspl.exe
Path : %windir%

Md5Hash :855dade8121c5e736e057fad59020631 ( 93696 bytes)
File : clearmem.exe
Path : %windir%

Md5Hash :fd81847ac17025c92a14f56b2f616f80 ( 9728 bytes)
File : clusterrecovery.exe
Path : %windir%

Md5Hash :b5df0716938cdad14aec62b42395d9d1 ( 155648 bytes)
File : compress.exe
Path : %windir%

Md5Hash :a911550b51f759a723f40db3157572f7 ( 39936 bytes)
File : confdisk.exe
Path : %windir%

Md5Hash :d7aaceab6b132d693c3547bae48f4051 ( 40448 bytes)
File : consume.exe
Path : %windir%

Md5Hash :c06274a62a7c955b557c54b405f64e81 ( 9728 bytes)
File : creatfil.exe
Path : %windir%

Md5Hash :d8717c502687f32b8e0c8f91f7f57446 ( 5632 bytes)
File : csccmd.exe
Path : %windir%

Md5Hash :4e8ead4317f15dda1f803829380d730c ( 45568 bytes)
File : custreasonedit.exe
Path : %windir%

Md5Hash :bf60a2569037fe69ad483b2b974f5bde ( 29184 bytes)
File : delprof.exe
Path : %windir%

Md5Hash :4603c95db698789c976531f6a55331ba ( 54784 bytes)
File : dh.exe
Path : %windir%

Md5Hash :ba346fe2e0a62473e2ff24e383a05a10 ( 64000 bytes)
File : diskraid.exe
Path : %windir%

Md5Hash :f8dc8bed9bfd9d5b69c3fb3f7799568f ( 200192 bytes)
File : diskuse.exe
Path : %windir%

Md5Hash :a32c922804b8cd549e3af9b0e517945a ( 16896 bytes)
File : dnsdiag.exe
Path : %windir%

Md5Hash :9386228d95346353f55b785551d4eaf1 ( 44544 bytes)
File : dvdburn.exe
Path : %windir%

Md5Hash :9ce413cfaa86f25cd104d0c961155f5f ( 15360 bytes)
File : empty.exe
Path : %windir%

Md5Hash :523d5c39f9d8d2375c3df68251fa2249 ( 9728 bytes)
File : eventcombmt.exe
Path : %windir%

Md5Hash :3b9b7b2945e658481ad14467bdda2bfa ( 115712 bytes)
File : fcsetup.exe
Path : %windir%

Md5Hash :e911ef1135bd960c221e5b8dacc58d41 ( 204288 bytes)
File : getcm.exe
Path : %windir%

Md5Hash :b36ad4196c2d17c99b35eeecb414d1b3 ( 14336 bytes)
File : gpmonitor.exe
Path : %windir%

Md5Hash :dc24c6958388ad9f3092a275d43ede3f ( 1119232 bytes)
File : gpotool.exe
Path : %windir%

Md5Hash :78fa311729f226aaa93689d96b84a8bf ( 180736 bytes)
File : tour.exe
Path : %windir%\help\tours\mmtour

Md5Hash :003ef211efc118fae3b7aa9117a6c9d2 ( 3374640 bytes)
File : hlscan.exe
Path : %windir%

Md5Hash :5f107b4c67152032bbe61668f99191f0 ( 22528 bytes)
File : ifilttst.exe
Path : %windir%

Md5Hash :1d16253865ea2de6e244648688ea36b6 ( 52736 bytes)
File : ifmember.exe
Path : %windir%

Md5Hash :e0c1e9864509555b0d58acbe5a6fd485 ( 5632 bytes)
File : iniman.exe
Path : %windir%

Md5Hash :3a469965829bbeef87c9121c9a4a721f ( 16384 bytes)
File : arpproducticon.exe
Path : %windir%\installer\{3b410500-1802-488e-9ef1-4b11992e0440}

Md5Hash :19fc89a1827f2062adc75f5aa08db3ee ( 25214 bytes)
File : instcm.exe
Path : %windir%

Md5Hash :b61248423e5f16c538e24a79ec038fd1 ( 8704 bytes)
File : instexnt.exe
Path : %windir%

Md5Hash :0593a843c0b641706f6eed68e127bca2 ( 27648 bytes)
File : instsrv.exe
Path : %windir%

Md5Hash :9f7acaad365af0d1a3cd9261e3208b9b ( 32256 bytes)
File : intfiltr.exe
Path : %windir%

Md5Hash :3834bd22dead01da8ed6a0563e8402c9 ( 35328 bytes)
File : kerbtray.exe
Path : %windir%

Md5Hash :7a85c23084379296c06bc1f45661e5f4 ( 39936 bytes)
File : klist.exe
Path : %windir%

Md5Hash :a6a4786d55f0a1b5087180a0d6742a6f ( 29184 bytes)
File : krt.exe
Path : %windir%

Md5Hash :17a0a91f01f79dee8e8ee9e2ae13274a ( 84992 bytes)
File : linkd.exe
Path : %windir%

Md5Hash :e933e9ff2404ee623a97b171d6d7b036 ( 11264 bytes)
File : linkspeed.exe
Path : %windir%

Md5Hash :959be919d174d501974354f60408b157 ( 35840 bytes)
File : lockoutstatus.exe
Path : %windir%

Md5Hash :3072e09d6d79e393a197391f3826dd82 ( 52224 bytes)
File : logtime.exe
Path : %windir%

Md5Hash :fa7949218b96c4b3c72dfa98f99a0252 ( 4608 bytes)
File : lsreport.exe
Path : %windir%

Md5Hash :16553adcdfd065ba24cad2f4d9eec68f ( 12800 bytes)
File : lsview.exe
Path : %windir%

Md5Hash :cff499c54931056610e9a8487f83f1d0 ( 113664 bytes)
File : mcast.exe
Path : %windir%

Md5Hash :5e8994df4dbf1dbb4b4a7e98ed7458c4 ( 9728 bytes)
File : memmonitor.exe
Path : %windir%

Md5Hash :1063f9206614cb9511ed8825c95034b3 ( 14336 bytes)
File : memtriage.exe
Path : %windir%

Md5Hash :290afbcf1fef688b323b83ebc0b42f5d ( 68608 bytes)
File : mibcc.exe
Path : %windir%

Md5Hash :1faa386774867d2cb3ff9688e9d26d79 ( 174080 bytes)
File : netfxsbs10.exe
Path : %windir%\microsoft.net\framework

Md5Hash :40791462e00720fa1396da0c9fe6a7d4 ( 72704 bytes)
File : aspnet_regiis.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :066d63076431974d3221bd53ee08a393 ( 20480 bytes)
File : aspnet_state.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :e1a1206a4fb19b675e947b29ccd25fba ( 32768 bytes)
File : aspnet_wp.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :7aae202cb87768c0837cc03acaf0c839 ( 32768 bytes)
File : caspol.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :ffb325b1c6bb0774d8b11a897bec359e ( 94208 bytes)
File : configwizards.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :f3880570ef4adf91795ddb8574764d51 ( 49152 bytes)
File : csc.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :99eb84256bfa43c3a2a32341edb8189e ( 49152 bytes)
File : cvtres.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :4ccc82b2ee8ed6d744cc635325b18eda ( 28672 bytes)
File : gacutil.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :3b5ee29a8c6b8e96823b350774853145 ( 81920 bytes)
File : ieexec.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :2a6efff1efe42d279d74851edde33872 ( 7680 bytes)
File : ilasm.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :ada2d313f81c471e0c3e7c4cc0f3ed55 ( 196608 bytes)
File : installutil.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :eb934876df98326f113edbc7c8bffef3 ( 15872 bytes)
File : jsc.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :2eb7ee901edc9d38fe1af56998868d49 ( 40960 bytes)
File : migpol.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :6341b8be090c334814415ce8708a5388 ( 49152 bytes)
File : migpolwin.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :7c83196df784540e2f471ed73fd597f4 ( 49152 bytes)
File : netfxupdate.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :d872daefe322a9ccd5f2b6899e3e2c02 ( 106496 bytes)
File : ngen.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :fda9049ac48b83a1521aa1ef419b19aa ( 73728 bytes)
File : regasm.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :6877d6e67eb1ef1bb8f156c547365741 ( 28672 bytes)
File : regsvcs.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :dff482facfb1eb74718d305ca7fa82a9 ( 12288 bytes)
File : hotfix.exe
Path : %windir%\microsoft.net\framework\v1.1.4322\updates

Md5Hash :5857576039a96258d275afe57d78ca55 ( 53248 bytes)
File : vbc.exe
Path : %windir%\microsoft.net\framework\v1.1.4322

Md5Hash :5a6c2162c43691c46825c1f17a9abb9a ( 737280 bytes)
File : applaunch.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :78902e074a7ed514e0f5dca584cd05a5 ( 55488 bytes)
File : aspnet_compiler.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :63438cdc30a381e5210363a633ed7641 ( 36864 bytes)
File : aspnet_regbrowsers.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :a394c927a7ad7befdf7136144232a13a ( 13824 bytes)
File : aspnet_regiis.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :c5374920376898a45ad321f1c307b851 ( 26824 bytes)
File : aspnet_regsql.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :c4791081bc8a81011c4135cc396ece39 ( 106496 bytes)
File : aspnet_state.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :d33c507942299753868204cc7642fa27 ( 29896 bytes)
File : aspnet_wp.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :586677e260d59c0aef4787749bd22e22 ( 29888 bytes)
File : caspol.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :623b8878de07d50d463dcdf318a302ad ( 106496 bytes)
File : csc.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :681df5edb7579bdd0961e72cfab46d26 ( 76984 bytes)
File : cvtres.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :d312a154a5f5e54bbbcf12a22b1b2058 ( 31936 bytes)
File : ieexec.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :f4d3d94bf925c109fa8cc4e4a9eee5b9 ( 9728 bytes)
File : ilasm.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :cb833510f082f435b165b470f13cd3c3 ( 224952 bytes)
File : installutil.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :b8e11f6acc40c8310d187d71f4d9946a ( 28672 bytes)
File : jsc.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :12c5db2e072c77c63e2f186497a02d54 ( 40960 bytes)
File : install.exe
Path : %windir%\microsoft.net\framework\v2.0.50727\microsoft .net framework 2.0

Md5Hash :ff977f9cde2cdb16fa62a7d4d250f8cb ( 609472 bytes)
File : msbuild.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :9a7212f381e5186f6e9f75a50fc5cd3b ( 69632 bytes)
File : mscorsvw.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :3c4d595e7f9b747325aef28b4adcaae5 ( 66240 bytes)
File : ngen.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :55b57dccd3f2e03564931108e89b5456 ( 96440 bytes)
File : regasm.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :e70f996e6dba04bdfde5af016a5ae478 ( 53248 bytes)
File : regsvcs.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :fa7425e5d237910a5e898d5d5cd53324 ( 32768 bytes)
File : regtlibv12.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :16baff53f5892b3b2134bfb2df4c0133 ( 59072 bytes)
File : vbc.exe
Path : %windir%\microsoft.net\framework\v2.0.50727

Md5Hash :2c1e2bc0384ba3c12534e92223cb039f ( 1140920 bytes)
File : moveuser.exe
Path : %windir%

Md5Hash :6d1473d77345b8af94809c53af688511 ( 8192 bytes)
File : mqcast.exe
Path : %windir%

Md5Hash :c2400d748401e048ddbdd42f72d54536 ( 31232 bytes)
File : mqcatch.exe
Path : %windir%

Md5Hash :d1389db60164af8b3b5e18db1c565ce4 ( 34816 bytes)
File : muisetup.exe
Path : %windir%\mui

Md5Hash :bd7a16c651b1f5fe6bc7aa6801eae805 ( 90624 bytes)
File : newsid.exe
Path : %windir%

Md5Hash :73e708d1126e7af86a4ef820c24d80e4 ( 228152 bytes)
File : nlsinfo.exe
Path : %windir%

Md5Hash :b67d4b731ac626b2a372f5192b386d34 ( 20992 bytes)
File : notepad.exe
Path : %windir%

Md5Hash :388b8fbc36a8558587afc90fb23a3b99 ( 69120 bytes)
File : now.exe
Path : %windir%

Md5Hash :d9ca8a8c446a3bf8f1344001d1d67022 ( 32256 bytes)
File : ntimer.exe
Path : %windir%

Md5Hash :63f11497c436ba6ce6092363c95bdb09 ( 33792 bytes)
File : ntrights.exe
Path : %windir%

Md5Hash :416c43aeb17252ee33048bd1f277d2a5 ( 32256 bytes)
File : oh.exe
Path : %windir%

Md5Hash :4ba6222c4df9ca43627a8afe8868854a ( 25088 bytes)
File : oleview.exe
Path : %windir%

Md5Hash :8e976f3348590ee163a661b3b003eed3 ( 146432 bytes)
File : pathman.exe
Path : %windir%

Md5Hash :8c5fb44e2e1484e004958e77e73ca16e ( 6656 bytes)
File : helpctr.exe
Path : %windir%\pchealth\helpctr\binaries

Md5Hash :3ba608f5b5eb81b972e047fcc1813bfe ( 768512 bytes)
File : uploadm.exe
Path : %windir%\pchealth\uploadlb\binaries

Md5Hash :0f98a6cabd2e04e01ada3f793c1a077d ( 150528 bytes)
File : permcopy.exe
Path : %windir%

Md5Hash :a00d394f6638e2df3d2c66b6da624cfc ( 4608 bytes)
File : perms.exe
Path : %windir%

Md5Hash :289eb1146ce469d8094ce0f483ae432b ( 15360 bytes)
File : pfmon.exe
Path : %windir%

Md5Hash :2d1877670ea6a05e18cbdb5a0198005d ( 14336 bytes)
File : pmon.exe
Path : %windir%

Md5Hash :d53f7916df2dca043aac7f66daf6b77c ( 10752 bytes)
File : printdriverinfo.exe
Path : %windir%

Md5Hash :302e09ac445578e389989b46f98b0629 ( 89088 bytes)
File : qgrep.exe
Path : %windir%

Md5Hash :86631df27e02cc356badf6fe42807f94 ( 16896 bytes)
File : qtcp.exe
Path : %windir%

Md5Hash :4f28c852cc2a97991d90293ae485bf58 ( 40960 bytes)
File : rassrvmon.exe
Path : %windir%

Md5Hash :e3fb785ec0e3fb3a2c827c8ee3daa008 ( 81408 bytes)
File : rcontrolad.exe
Path : %windir%

Md5Hash :1ccb4f6359ce53ad9bfc056fb7cc7ef1 ( 76288 bytes)
File : regini.exe
Path : %windir%

Md5Hash :2c0585d04fd61b22fad036ac17f6ede4 ( 36864 bytes)
File : uwdf.exe
Path : %windir%\registeredpackages\{981fb688-e76b-4246-987b-92083185b90a}

Md5Hash :31776e2f4809b2369ed901a45cda5b8a ( 47104 bytes)
File : wdfmgr.exe
Path : %windir%\registeredpackages\{981fb688-e76b-4246-987b-92083185b90a}

Md5Hash :ab0a7ca90d9e3d6a193905dc1715ded0 ( 38912 bytes)
File : logagent.exe
Path : %windir%\registeredpackages\{aac1d942-0b38-4e37-9e4e-5b96a9dd2170}$backup$\system

Md5Hash :4a4822d574cf543e471b4b112bfd51d4 ( 103936 bytes)
File : logagent.exe
Path : %windir%\registeredpackages\{aac1d942-0b38-4e37-9e4e-5b96a9dd2170}

Md5Hash :5f63e66181e9b66367873ce2f5d16d03 ( 96768 bytes)
File : regview.exe
Path : %windir%

Md5Hash :3feb98d42ca97df607be4ee1c3cd13cf ( 31744 bytes)
File : remapkey.exe
Path : %windir%

Md5Hash :c144a52ba736620e8276f5714ec2362f ( 348160 bytes)
File : reportgen.exe
Path : %windir%

Md5Hash :24ea61a35b62c56015cb5530e4c70dca ( 44544 bytes)
File : robocopy.exe
Path : %windir%

Md5Hash :c767edfc629cfca92d87e8509e3f1301 ( 127488 bytes)
File : robocopyu.exe
Path : %windir%

Md5Hash :592be1ad0ed83c36d5e68ca7a014a510 ( 79872 bytes)
File : rpccfg.exe
Path : %windir%

Md5Hash :948c921cb1d71f8681f0d28adf8ad042 ( 46592 bytes)
File : rpcdump.exe
Path : %windir%

Md5Hash :c764d4087681b50b247845d17a22c48c ( 14336 bytes)
File : rpcping.exe
Path : %windir%

Md5Hash :8397b65d4c07f9617fe608d716de6eb1 ( 33280 bytes)
File : rpingc.exe
Path : %windir%

Md5Hash :9a71310011c3a912000f13e608793595 ( 40448 bytes)
File : rpings.exe
Path : %windir%

Md5Hash :f4f08685ccf4e211951382da609671e3 ( 29696 bytes)
File : rqc.exe
Path : %windir%

Md5Hash :6d46de3985305216f3312e6f559d8a09 ( 8192 bytes)
File : rqs.exe
Path : %windir%

Md5Hash :cefe14dbe28df706b24757fbc4b1a98f ( 20992 bytes)
File : setprinter.exe
Path : %windir%

Md5Hash :1301641dd8f2cbbee0580c0c36cdd00b ( 40960 bytes)
File : showacls.exe
Path : %windir%

Md5Hash :380e73aabc3f9147c5115a49083e7dd1 ( 15872 bytes)
File : showperf.exe
Path : %windir%

Md5Hash :630f0415d263daca4dd50e6993249516 ( 20480 bytes)
File : showpriv.exe
Path : %windir%

Md5Hash :2e20f00c37d102ccfa3772a4855234d2 ( 32768 bytes)
File : sleep.exe
Path : %windir%

Md5Hash :3966fbba168463fd59fbebaace710b1c ( 5120 bytes)
File : sonar.exe
Path : %windir%

Md5Hash :e4c49bd1b9de1bfdf7d4d0c8865ff4c4 ( 147456 bytes)
File : splinfo.exe
Path : %windir%

Md5Hash :0886bb53e8e7b944efafc75e89731863 ( 16896 bytes)
File : srvany.exe
Path : %windir%

Md5Hash :4635935fc972c582632bf45c26bfcb0e ( 8192 bytes)
File : srvcheck.exe
Path : %windir%

Md5Hash :d8a3b54d10be532c329194c54438687d ( 5120 bytes)
File : srvinfo.exe
Path : %windir%

Md5Hash :d0efc042ba4a6b207cf8f5b6760799d8 ( 39936 bytes)
File : srvmgr.exe
Path : %windir%

Md5Hash :322654983de869ab8916d4c5ffea5b17 ( 179200 bytes)
File : ssdformat.exe
Path : %windir%

Md5Hash :367a052bcd08685321e9ac25760b4378 ( 89088 bytes)
File : subinacl.exe
Path : %windir%

Md5Hash :84dfcd14edd9109535c676b774ba8b11 ( 248320 bytes)
File : actmovie.exe
Path : %windir%\system32

Md5Hash :a459aa940d845a972576ae48c7aab71b ( 4096 bytes)
File : arp.exe
Path : %windir%\system32

Md5Hash :33f9b0e02d9d93f920605d02fb53f3fd ( 19456 bytes)
File : asr_fmt.exe
Path : %windir%\system32

Md5Hash :366e6dfab584d9e91c28c514d9fe3aaf ( 30208 bytes)
File : asr_pfu.exe
Path : %windir%\system32

Md5Hash :07b0e978939b04ad6e69c1554fe214e3 ( 32768 bytes)
File : at.exe
Path : %windir%\system32

Md5Hash :9bdf13167fbef8da3a4e9a558b169e5e ( 25088 bytes)
File : attrib.exe
Path : %windir%\system32

Md5Hash :2ff66c854ff8d666356ef800426465e9 ( 11264 bytes)
File : auditusr.exe
Path : %windir%\system32

Md5Hash :7472458c7107464ad51f3b652dfbbd31 ( 14336 bytes)
File : autofmt.exe
Path : %windir%\system32

Md5Hash :daaa427046a60901a82448f75dec0beb ( 580608 bytes)
File : autolfn.exe
Path : %windir%\system32

Md5Hash :2e4d50d6fff72a013118b7f1bb01326d ( 11264 bytes)
File : blastcln.exe
Path : %windir%\system32

Md5Hash :31b6039d8f5a08e91740c5cd13e2ec88 ( 71680 bytes)
File : chkdsk.exe
Path : %windir%\system32

Md5Hash :5f7eaaf5d10e2a715d5e305ac992b2a7 ( 11776 bytes)
File : cisvc.exe
Path : %windir%\system32

Md5Hash :3192bd04d032a9c4a85a3278c268a13a ( 5632 bytes)
File : ckcnv.exe
Path : %windir%\system32

Md5Hash :602c3d1017c3a6ccaf44da5050de5817 ( 7680 bytes)
File : cliconfg.exe
Path : %windir%\system32

Md5Hash :99afe57f0484ed18bbafeecdb1c17f78 ( 20480 bytes)
File : clipbrd.exe
Path : %windir%\system32

Md5Hash :8a75c6a8acbfcc21d6addf66de4c8363 ( 102912 bytes)
File : cmdl32.exe
Path : %windir%\system32

Md5Hash :c674e935bf5e96ffcc8e5378d6ed06b1 ( 47104 bytes)
File : cmmon32.exe
Path : %windir%\system32

Md5Hash :7671d26c046be6c8a53d83795bdec5fe ( 39936 bytes)
File : cmstp.exe
Path : %windir%\system32

Md5Hash :69b231148006e8b15ee839abbf8ca576 ( 63488 bytes)
File : comrepl.exe
Path : %windir%\system32\com

Md5Hash :42b1f1ce95a41d35af65ccf8925728a3 ( 9728 bytes)
File : comrereg.exe
Path : %windir%\system32\com

Md5Hash :908f0eda6a49625f9858e6b6c7c2a463 ( 5120 bytes)
Creates the following child process(s) on execution:

services.exe

Creates the Following MUTEX(s) on user's System:-
global\{90bedaed-4872-450a-27bc-cbdc0409377d}
raspbfile
Copies the Following Files to Given Location :-

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp4.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp6.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp8.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpa.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpc.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpe.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp10.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp12.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp14.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp16.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp18.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1a.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1c.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1f.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp21.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp24.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp26.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp28.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp2b.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp2d.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp30.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp32.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp34.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp37.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp39.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp3b.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp3d.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp3f.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp41.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp44.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp46.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp48.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp4a.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp4c.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp4e.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp50.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp52.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp55.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp58.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp5b.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp5e.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp61.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp64.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp66.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp68.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp6b.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp6d.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp70.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp72.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp75.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp78.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp7b.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp7e.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp81.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp84.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp86.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp89.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp8c.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp8f.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp92.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp95.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp98.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp9a.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp9c.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp9e.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpa1.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpa3.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpa6.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpa8.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpaa.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpad.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpb0.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpb3.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpb5.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpb7.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpb9.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpbc.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpbe.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpc0.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpc2.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpc5.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpc8.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpcb.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpce.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpd0.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpd3.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpd6.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpd8.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpdb.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpde.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpe1.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpe3.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpe6.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpe9.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpeb.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpee.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpf1.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpf4.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpf7.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpfa.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmpfd.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp100.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp103.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp106.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp108.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp10b.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp10e.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp111.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp114.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp117.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp11a.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp11d.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp120.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp123.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp126.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp129.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp12c.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp12f.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp132.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp135.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp138.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp13b.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp13e.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp141.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp144.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp147.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp14a.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp14d.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp150.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp153.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp156.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp159.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp15c.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp15f.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp162.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp164.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp166.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp169.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp16c.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp16f.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp172.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp175.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp178.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp17b.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp17e.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp181.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp183.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp185.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp187.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp18a.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp18c.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp18f.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp192.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp195.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp198.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp19a.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp19d.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp19f.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1a2.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1a5.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1a8.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1aa.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1ac.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1af.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1b2.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1b5.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1b8.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1bb.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1be.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1c1.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1c4.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1c7.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1c9.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1cb.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1cd.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1d0.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1d2.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1d5.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1d8.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1db.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1dd.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1df.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1e1.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1e4.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1e6.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1e8.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1eb.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1ed.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1ef.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1f1.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1f4.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1f7.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1fa.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp1fd.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp200.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp203.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp205.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp208.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp20a.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp20d.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp210.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp213.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp216.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp218.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp21b.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp21e.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp221.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp224.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp227.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp22a.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp22d.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp22f.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp232.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp235.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp237.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp23a.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp23c.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp23f.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp242.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp245.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp248.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp24b.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp24e.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp251.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp254.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp257.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp25a.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp25d.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp260.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp263.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp266.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp269.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp26c.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp26f.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp272.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp275.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp277.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp279.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp27c.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp27f.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp282.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp285.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp288.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp28b.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp28d.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp28f.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp291.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp293.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp295.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp297.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp299.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp29b.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp29e.tmp

Copies :%windir%\system32\syslog.exe

To : %systemdrive%\docume~1\antisp~1\locals~1\temp\tmp2a1.tmp

NOTE:

1. %windir% Refers to the windows root folder. By default it is 'C:\Windows'
2. %workingdir% Refers to the current directory in which user is working.
3. %homepath% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'
4. %programfiles% Refers to the program files folder. By default it is 'C:\Program Files'

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.