BleepingComputer.com: Ran Combofix as getting 404 errors

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 4 Pages +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • This topic is locked

Ran Combofix as getting 404 errors Would much appreciate your advice

#1 User is offline   angelfire4xx 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 26
  • Joined: 25-January 12
  • Gender:Male
  • Location:United Kingdom

Posted 25 January 2012 - 06:11 PM

Hi, I downloaded and ran Combofix as someone online was recommending it for a problem I have, which is that for several days I get only 'server not found' when trying to access any part of the Ezinearticles.com site with either Firefox or IE. The site is not down as I can get it on my Mac laptop, which uses the same wireless router.

I don't know if my PC is infected with something or not, but am worried. I did do a quick scan with Malwarebytes but nothing showed up.

Combofix log attached and your help much appreciated. I will be sure to donate to the site.
Linda

Attached File(s)


#2 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,549
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 29 January 2012 - 03:00 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK

    Do not re-enable these drivers until otherwise instructed.


Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply


Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

information and logs:

    In your next post I need the following

    • .logs from DDS
    • log from RKUnHooker
    • let me know of any problems you may have had


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is offline   angelfire4xx 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 26
  • Joined: 25-January 12
  • Gender:Male
  • Location:United Kingdom

Posted 29 January 2012 - 08:54 AM

Hi Gringo, I really appreciate your reply.

Here's what I tried on my own before your reply. Replaced Windows Firewall with ZoneAlarm. Did a rootkit scan with Avast, it found the malware items below, which I put in the chest
Win32 Morphex [Cryp]
Java: Jade-C [Heur]
Java: CVE-2010-0094-C [Expl]

Problem was not solved. Deleted old Java program versions and installed up to date version. Then ran System Mechanic for a general cleanup and rebooted.

Below are the DDS logs you requested. I disabled Avast and tried several times to tun the RKUnHooker scan but the program closed itself before completing the scan. Also it crashed if I tried to use the 'quick report' function. Hoping you can help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.0
Run by User at 11:37:29 on 2012-01-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1369 [GMT 0:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\IDrive\IDriveWebM.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
c:\program files\arclab\maillist controller\amlcSVC.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\IDrive\IDriveETray.exe
C:\Program Files\IDrive\IDriveEBackground.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\videod~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - c:\progra~1\arcsoft\rawthu~1\EXIFToolBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - c:\progra~1\arcsoft\rawthu~1\EXIFToolBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [IDriveE Startup] "c:\program files\idrive\IDrvieEStartup.exe" Hide
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [HTpatch] c:\windows\htpatch.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [TWCU] "c:\program files\tp-link\twcu\TWCU.exe" -nogui
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\user\startm~1\programs\startup\idrive~1.lnk - c:\program files\idrive\IDriveEReg2ini.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Free YouTube Download - c:\documents and settings\user\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\user\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Read EXIF - c:\program files\arcsoft\raw thumbnail viewer\ArcEXIFM.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://shop.ebrary.com/support/plugins/ebraryRdr.cab
DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://www.truedoc.com/activex/tdserver.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {41695A8E-6414-11D4-8FB3-00D0B7730277} - hxxp://activex.microsoft.com/objects/ocget.dll
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - hxxp://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146667490500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37901.2256134259
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {AA218328-0EA8-4D70-8972-E987A9190FF4} - hxxp://activex.microsoft.com/objects/ocget.dll
DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} - hxxp://activex.microsoft.com/objects/ocget.dll
DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AEB41B01-A73B-4A02-B6C6-351D23A4B011} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E7683FB5-EED4-4E31-BDC3-8C41F6101A86} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\7q7rrwgl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\7q7rrwgl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\7q7rrwgl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\7q7rrwgl.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\7q7rrwgl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll
FF - component: c:\program files\arcsoft\raw thumbnail viewer\firefox extension\components\FirefoxMenu.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - Ext: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - %profile%\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - %profile%\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
FF - Ext: SortPlaces: sortplaces@andyhalford.com - %profile%\extensions\sortplaces@andyhalford.com
FF - Ext: bit.ly preview: bitlypreview@jay.ridgeway - %profile%\extensions\bitlypreview@jay.ridgeway
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Stealthy: stealthyextension@gmail.com - %profile%\extensions\stealthyextension@gmail.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RAW Thumbnail Viewer: RAWThumbnailViewer@arcsoft.com.cn - c:\program files\arcsoft\raw thumbnail viewer\FireFox Extension
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-13 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-23 314456]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-22 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-10-26 525840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-23 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-23 44768]
R2 IDriveWebM;IDrive WebManager;c:\program files\idrive\IDriveWebM.exe [2010-8-21 267720]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-5-10 722616]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-10-19 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-10-19 497280]
R2 MailList Controller;MailList Controller;c:\program files\arclab\maillist controller\amlcSVC.exe [2008-9-25 1581056]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
R2 SHARSHTL;Shuttle Sharer;c:\windows\system32\drivers\SHARSHTL.SYS [2003-10-9 15744]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-10-9 14336]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
S0 epatapnt;epatapnt;c:\windows\system32\drivers\EPATAPNT.MPD [2003-10-9 82944]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S2 IDriveE Service;IDriveE Service;c:\program files\idrive\IDriveE Service.exe [2010-8-21 148936]
S3 CW50;CW50 Device;c:\windows\system32\drivers\CW50.sys [2005-10-12 24059]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-2-1 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 HituMass;%BULKUSB.SvcDesc%;c:\windows\system32\drivers\RDCUMASS.sys [2005-10-10 17123]
S3 HITUMINI;HITUMINI;c:\windows\system32\drivers\RDCUMINI.sys [2005-10-10 4994]
S3 hpt4qic;hpt4qic;c:\windows\system32\drivers\hpt4qic.sys [2001-8-17 5760]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-3-27 167808]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-01-28 18:59:33 -------- d-----w- c:\documents and settings\user\local settings\application data\Sun
2012-01-28 18:45:02 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-28 18:45:02 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-28 18:45:02 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-25 20:18:41 -------- d-sha-r- C:\cmdcons
2012-01-25 20:14:47 98816 ----a-w- c:\windows\sed.exe
2012-01-25 20:14:47 518144 ----a-w- c:\windows\SWREG.exe
2012-01-25 20:14:47 256000 ----a-w- c:\windows\PEV.exe
2012-01-25 20:14:47 208896 ----a-w- c:\windows\MBR.exe
2012-01-25 13:19:33 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2012-01-13 12:02:48 -------- d-----w- c:\program files\TaxCalc 2011
.
==================== Find3M ====================
.
2012-01-06 11:51:24 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-01-06 11:51:16 11776 ----a-w- c:\windows\system32\smrgdf.exe
2012-01-06 11:29:06 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2011-12-15 09:49:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 21:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2005-01-21 00:53:22 45056 ----a-r- c:\program files\SetAttrib.exe
.
============= FINISH: 11:39:32.73 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 14/03/2008 19:01:37
System Uptime: 29/01/2012 10:06:28 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5GC-MX/1333
Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz | LGA 775 | 1800/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 262.533 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2C575ACB&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2C575ACB&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1455: 31/10/2011 20:36:46 - System Checkpoint
RP1456: 02/11/2011 09:47:20 - System Checkpoint
RP1457: 03/11/2011 09:56:16 - System Checkpoint
RP1458: 04/11/2011 10:18:18 - System Checkpoint
RP1459: 05/11/2011 16:20:35 - System Checkpoint
RP1460: 06/11/2011 16:25:23 - System Checkpoint
RP1461: 07/11/2011 17:01:01 - System Checkpoint
RP1462: 09/11/2011 09:04:58 - System Checkpoint
RP1463: 09/11/2011 20:01:56 - Software Distribution Service 3.0
RP1464: 11/11/2011 12:17:02 - System Checkpoint
RP1465: 11/11/2011 22:46:51 - Software Distribution Service 3.0
RP1466: 13/11/2011 10:36:05 - System Checkpoint
RP1467: 14/11/2011 18:27:46 - System Checkpoint
RP1468: 16/11/2011 10:14:59 - System Checkpoint
RP1469: 17/11/2011 10:38:39 - System Checkpoint
RP1470: 18/11/2011 11:43:44 - System Checkpoint
RP1471: 19/11/2011 11:48:49 - System Checkpoint
RP1472: 20/11/2011 13:49:28 - System Checkpoint
RP1473: 21/11/2011 18:34:49 - System Checkpoint
RP1474: 23/11/2011 10:18:17 - System Checkpoint
RP1475: 24/11/2011 13:28:10 - System Checkpoint
RP1476: 25/11/2011 14:19:38 - System Checkpoint
RP1477: 26/11/2011 15:33:32 - System Checkpoint
RP1478: 27/11/2011 16:13:11 - System Checkpoint
RP1479: 30/11/2011 13:31:17 - System Checkpoint
RP1480: 30/11/2011 15:16:24 - Unsigned printer driver hp LaserJet 1010 installed.
RP1481: 30/11/2011 15:18:41 - Unsigned printer driver hp LaserJet 1010 installed.
RP1482: 30/11/2011 15:40:59 - Unsigned printer driver hp LaserJet 1010 installed.
RP1483: 30/11/2011 15:43:19 - Installed hp LaserJet 1010 Series
RP1484: 02/12/2011 09:42:59 - System Checkpoint
RP1485: 03/12/2011 10:00:44 - System Checkpoint
RP1486: 04/12/2011 11:21:48 - System Checkpoint
RP1487: 04/12/2011 13:12:23 - Removed hp LaserJet 1010 Series
RP1488: 05/12/2011 19:35:53 - System Checkpoint
RP1489: 07/12/2011 12:26:31 - System Checkpoint
RP1490: 08/12/2011 18:10:11 - System Checkpoint
RP1491: 09/12/2011 18:11:35 - System Checkpoint
RP1492: 10/12/2011 18:40:33 - System Checkpoint
RP1493: 11/12/2011 19:05:43 - System Checkpoint
RP1494: 12/12/2011 20:04:50 - System Checkpoint
RP1495: 13/12/2011 21:14:08 - System Checkpoint
RP1496: 14/12/2011 22:14:59 - Software Distribution Service 3.0
RP1497: 16/12/2011 10:09:03 - System Checkpoint
RP1498: 17/12/2011 11:27:13 - System Checkpoint
RP1499: 18/12/2011 14:08:41 - System Checkpoint
RP1500: 19/12/2011 18:44:49 - System Checkpoint
RP1501: 19/12/2011 19:31:28 - Removed Tweet Adder 3
RP1502: 19/12/2011 19:31:41 - Installed Tweet Adder 3
RP1503: 20/12/2011 19:34:58 - System Checkpoint
RP1504: 21/12/2011 19:48:28 - System Checkpoint
RP1505: 22/12/2011 08:54:50 - Installed Rapport
RP1506: 23/12/2011 10:17:33 - System Checkpoint
RP1507: 24/12/2011 14:41:23 - System Checkpoint
RP1508: 25/12/2011 14:46:37 - System Checkpoint
RP1509: 26/12/2011 16:59:30 - System Checkpoint
RP1510: 27/12/2011 17:53:42 - System Checkpoint
RP1511: 29/12/2011 15:56:21 - System Checkpoint
RP1512: 30/12/2011 15:57:58 - System Checkpoint
RP1513: 31/12/2011 16:00:18 - System Checkpoint
RP1514: 01/01/2012 16:35:22 - System Checkpoint
RP1515: 02/01/2012 17:19:33 - System Checkpoint
RP1516: 04/01/2012 09:27:45 - System Checkpoint
RP1517: 05/01/2012 10:18:37 - System Checkpoint
RP1518: 06/01/2012 11:21:43 - System Checkpoint
RP1519: 07/01/2012 13:38:26 - System Checkpoint
RP1520: 08/01/2012 17:02:25 - System Checkpoint
RP1521: 09/01/2012 17:14:14 - System Checkpoint
RP1522: 10/01/2012 20:07:47 - System Checkpoint
RP1523: 12/01/2012 08:40:04 - System Checkpoint
RP1524: 13/01/2012 09:32:32 - System Checkpoint
RP1525: 14/01/2012 10:02:22 - System Checkpoint
RP1526: 15/01/2012 15:42:35 - System Checkpoint
RP1527: 16/01/2012 17:48:12 - System Checkpoint
RP1528: 17/01/2012 19:15:04 - System Checkpoint
RP1529: 18/01/2012 19:37:42 - System Checkpoint
RP1530: 19/01/2012 19:40:00 - System Checkpoint
RP1531: 21/01/2012 10:08:39 - System Checkpoint
RP1532: 22/01/2012 10:09:34 - System Checkpoint
RP1533: 23/01/2012 13:50:21 - System Checkpoint
RP1534: 24/01/2012 14:49:42 - System Checkpoint
RP1535: 25/01/2012 16:04:54 - System Checkpoint
RP1536: 26/01/2012 20:47:41 - System Checkpoint
RP1537: 28/01/2012 11:27:27 - System Checkpoint
RP1538: 28/01/2012 18:16:03 - Removed Java 2 Runtime Environment, SE v1.4.1_01
RP1539: 28/01/2012 18:17:02 - Removed J2SE Runtime Environment 5.0 Update 1
RP1540: 28/01/2012 18:44:34 - Installed Java™ 7 Update 2
.
==== Installed Programs ======================
.
7digital Download Manager
ABBYY FineReader 6.0 Sprint
Acronis True Image Home
Ad Words Digger
Adobe Acrobat 6.0 Professional
Adobe AIR
Adobe Digital Editions
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1
allTunes
AmazingMIDI
Apple Software Update
ArcSoft PhotoImpression 4
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft RAW Thumbnail Viewer
ArcSoft TotalMedia HDCam
ArcSoft Video Downloader
Arquivo do WinRAR
Article To Video Converter 1.0
Artist's Sketchbook 1.65
Artisteer 2
Atheros Communications Inc.® L2 Fast Ethernet Driver
Audacity 1.2.6
avast! Free Antivirus
BBC iPlayer Download Manager
C-Media 3D Audio
calibre
Camera RAW Plug-In for EPSON Creativity Suite
Camera Utility
CamStudio
CASIO Digital Camera v3.1
CD/DVD LABEL PRINTER
CherryPicker
Classicsonline
CoffeeCup HTML Editor
CommentKahuna
Corel Applications
Critical Update for Windows Media Player 11 (KB959772)
CuteFTP 5.0 XP
CutePDF Writer 2.7
dBpowerAMP Music Converter
Directory Lister v0.8.1
Dolet Light for Finale 2005
Dropbox
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DzSoft Paste & Save 2003
eBook Reader
eKeys
eMail-Printery 1
eMusic Download Manager 4.1.3.1
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESDX6000_CX5900 User's Guide
FileMaker Pro 7
FileZilla Client 3.5.0
Finale 2005
Finale Performance Assessment
Foxit Reader 5.1
Foxit Toolbar
Free Audio CD Burner version 1.4.7
Free SMTP Server
Free Video to JPG Converter version 1.5
Free Video to MP3 Converter version 3.2
Free YouTube Download 2.9
Free YouTube to MP3 Converter version 3.9.35.324
Google AdWords Editor
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoogleToolBar
GoToMeeting 4.0.0.320
GPL Ghostscript 8.56
GPL Ghostscript Fonts
GSview 4.9
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IBP 11.7.6
IDrive version 3.3.3 August 21, 2010
Intel® Graphics Media Accelerator Driver
iolo technologies' System Mechanic
iriver Music Manager
ISYS Text Retrieval
Jasc Paint Shop Pro 8
Java Auto Updater
Java Web Start
Java™ 7 Update 2
K-Lite Mega Codec Pack 6.3.5
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Magic Article Rewriter
Magic Article Submitter
MailList Controller 7.02 Free
Malwarebytes Anti-Malware version 1.60.0.1800
MediaFACE 4.0
MediaFACE 4.0 Image Library
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Microsoft XML Parser
Midi2Wav Recorder
MidiIllustrator v1.02
MIDInight Express II
Mobile Studio
Mobipocket Creator 4.2
Mozilla Firefox (3.6.25)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Musicmatch® Jukebox
Musicnotes Player
MWSnap 3
MyDsc2
Native Instruments Sibelius Player
Nero 6 Ultra Edition
NETGEAR WG111v2 wireless USB 2.0 adapter
Neuratron PhotoScore Ultimate
Note Attack v1.36
NoteWorthy Composer
NVIDIA Windows 2000/XP Display Drivers
Nvu 1.0PR
Opera 11.10
Orbit Downloader
PC Tune-Up
Pdf995
pdfforge Toolbar v1.0
PG Music DirectX Plugins 1.1
Philips PSS Device Manager
PowerDVD
QuickTime
Rapport
Realtek High Definition Audio Driver
Ringtone Media Studio
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SEORankFinderv2
Serif DrawPlus 5.0
Serif DrawPlus 5.0 Design CD-ROM
Serif DrawPlus Starter Edition
Serif DrawPlus X4
Serif PagePlus X4
Serif PagePlus X4 Resources
Sibelius 5
Sibelius Scorch
Sibelius Scorch (Firefox, Opera, Netscape only)
Sibelius Sounds Essentials
SiS 900 PCI Fast Ethernet Adapter Driver
SiteMap Generator 0.95 (beta)
Smart Ad-Wrapper 1.1.1
SmartScore 3.2 MIDI Edition
SOAP3 and XML4
SocialBot
SpeedTouch USB Software
Spotify
TaxCalc 2004
TaxCalc 2005
TaxCalc 2006
TaxCalc 2007
TaxCalc 2008
TaxCalc 2009
TaxCalc 2010
TaxCalc 2011
TP-LINK Wireless Client Utility Installation Program
TurboCASH 3.7.5.1
Tweak UI
Tweet Adder 3
Ulead DVD DiscRecorder 2.2
Ulead DVD MovieFactory 5 TBYB
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
vanBasco's Karaoke Player
VC 9.0 Runtime
VLC media player 1.1.0
Vodafone Mobile Connect Lite
Web CEO 8.1
Web Designer 6 Content
WebFldrs XP
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip
Xara Web Designer
Xara Web Designer 6
Xara Webstyle 4
Xara Xtreme 5
Xara3D6
Xenu's Link Sleuth
XML Paper Specification Shared Components Pack 1.0
YoGen Vocal Remover
YouTube Player
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
28/01/2012 19:45:01, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
28/01/2012 18:17:50, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
26/01/2012 08:38:20, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IDriveE Service service to connect.
26/01/2012 08:38:20, error: Service Control Manager [7000] - The IDriveE Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25/01/2012 21:00:45, error: Service Control Manager [7022] - The KService service hung on starting.
25/01/2012 20:25:35, error: Service Control Manager [7034] - The TP-LINK Configuration Service service terminated unexpectedly. It has done this 1 time(s).
25/01/2012 19:59:40, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001D0FB8CED5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
25/01/2012 09:15:44, error: PlugPlayManager [11] - The device Root\LEGACY_RAPPORTIASO\0000 disappeared from the system without first being prepared for removal.
23/01/2012 19:42:31, error: PlugPlayManager [11] - The device Root\LEGACY_WINIO\0000 disappeared from the system without first being prepared for removal.
22/01/2012 09:35:54, error: PlugPlayManager [12] - The device 'RapportIaso' (Root\LEGACY_RAPPORTIASO\0000) disappeared from the system without first being prepared for removal.
.
==== End Of File ===========================

#4 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,549
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 29 January 2012 - 12:58 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is offline   angelfire4xx 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 26
  • Joined: 25-January 12
  • Gender:Male
  • Location:United Kingdom

Posted 29 January 2012 - 02:29 PM

Hi Gringo, here is the log. I downloaded ComboFix from Link 2. When CF started it asked if I wanted to download a newer version so I hit ok - I hope that was the right thing to do.

After running CF I tried again to access ezinearticles.com by typing the url in the browser and by doing a google search for the site and clicking on the links that came up. In all cases I still got 'server not found'.

I haven't noticed a problem like this with any other websites and apart from this my computer seems to run fine. I guess this is something really stealthy.

Your time much appreciated.

ComboFix 12-01-29.02 - User 29/01/2012 18:30:31.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1383 [GMT 0:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-28 18:59 . 2012-01-28 18:59 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sun
2012-01-28 18:45 . 2012-01-28 18:45 -------- d-----w- c:\program files\Common Files\Java
2012-01-28 18:45 . 2012-01-28 18:44 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-28 18:45 . 2012-01-28 18:44 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-28 18:45 . 2012-01-28 18:44 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-25 13:19 . 2012-01-25 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2012-01-13 12:02 . 2012-01-13 12:03 -------- d-----w- c:\program files\TaxCalc 2011
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 11:51 . 2008-05-10 13:06 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-01-06 11:51 . 2008-05-10 13:06 11776 ----a-w- c:\windows\system32\smrgdf.exe
2012-01-06 11:29 . 2011-10-06 21:36 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2011-12-15 09:49 . 2011-05-13 17:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 15:24 . 2009-11-15 20:08 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2010-10-23 07:48 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-10-23 07:48 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-06-13 16:31 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-10-23 07:50 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-10-23 07:50 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-10-23 07:50 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-10-23 07:49 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2010-10-23 07:49 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2010-10-23 07:50 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2010-10-23 07:49 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2005-01-21 00:53 . 2007-03-27 18:38 45056 ----a-r- c:\program files\SetAttrib.exe
2009-08-09 00:11 . 2009-08-09 00:11 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-08-09 00:30 . 2009-08-09 00:30 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2010-06-21 16:36 . 2010-02-01 21:05 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 12:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 1867776]
"IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2010-08-04 185800]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672]
"nwiz"="nwiz.exe" [2003-06-18 323584]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-06-18 4734976]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-04 1822720]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-15 348160]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-06-30 1106386]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-06-29 1848150]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-06-29 126976]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-21 30192]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-10-09 2086912]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-10-19 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-10-26 73360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2010-8-21 292296]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-5-17 2297856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13/06/2011 16:31 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/10/2010 07:50 314456]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [22/12/2011 09:13 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/10/2010 07:50 20568]
R2 IDriveWebM;IDrive WebManager;c:\program files\IDrive\IDriveWebM.exe [21/08/2010 12:18 267720]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [10/05/2008 13:06 722616]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [28/02/2006 12:00 14336]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [19/10/2011 10:18 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [19/10/2011 10:18 497280]
R2 MailList Controller;MailList Controller;c:\program files\Arclab\MailList Controller\amlcSVC.exe [25/09/2008 22:09 1581056]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
R2 SHARSHTL;Shuttle Sharer;c:\windows\system32\drivers\SHARSHTL.SYS [09/10/2003 18:18 15744]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [09/10/2008 15:32 14336]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [07/08/2011 12:52 21520]
S0 epatapnt;epatapnt;c:\windows\system32\drivers\EPATAPNT.MPD [09/10/2003 18:18 82944]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 21:06 135664]
S2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [21/08/2010 12:18 148936]
S3 CW50;CW50 Device;c:\windows\system32\drivers\CW50.sys [12/10/2005 09:24 24059]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [01/02/2010 21:05 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 21:06 135664]
S3 HituMass;%BULKUSB.SvcDesc%;c:\windows\system32\drivers\RDCUMASS.sys [10/10/2005 16:17 17123]
S3 HITUMINI;HITUMINI;c:\windows\system32\drivers\RDCUMINI.sys [10/10/2005 16:17 4994]
S3 hpt4qic;hpt4qic;c:\windows\system32\drivers\hpt4qic.sys [17/08/2001 13:52 5760]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27/03/2006 17:53 167808]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:05]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:05]
.
2012-01-29 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-10-07 11:24]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube Download - c:\documents and settings\User\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\User\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Read EXIF - c:\program files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - %profile%\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - %profile%\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
FF - Ext: SortPlaces: sortplaces@andyhalford.com - %profile%\extensions\sortplaces@andyhalford.com
FF - Ext: bit.ly preview: bitlypreview@jay.ridgeway - %profile%\extensions\bitlypreview@jay.ridgeway
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Stealthy: stealthyextension@gmail.com - %profile%\extensions\stealthyextension@gmail.com
FF - Ext: socialmonkee: sm@submitter.net - %profile%\extensions\sm@submitter.net
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RAW Thumbnail Viewer: RAWThumbnailViewer@arcsoft.com.cn - c:\program files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-29 18:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????Z????`??Z???Z`??Z???????????????Z???Z???Z???Z$??????Z???????????????Z???????????Z???w????(????3?w???w?????3?w ??w???Z:???????d???r??Z1??Z???Zd??????Z?-?Z????z??w8h?Z\2?Z?1?Zhtinst.INI?Z?u?Z????d????????F?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\epatapnt]
"ImagePath"="System32\Drivers\epatapnt.mpd"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\relog_ap.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(1272)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-01-29 19:07:13
ComboFix-quarantined-files.txt 2012-01-29 19:07
.
Pre-Run: 281,721,593,856 bytes free
Post-Run: 281,725,476,864 bytes free
.
- - End Of File - - 2521E7DA4CA0CF2833B62577DE32CC8A

#6 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,549
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 29 January 2012 - 02:55 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

  • Please post the contents of OTL.txt in your next reply.


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#7 User is offline   angelfire4xx 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 26
  • Joined: 25-January 12
  • Gender:Male
  • Location:United Kingdom

Posted 29 January 2012 - 03:15 PM

Nearly forgot, on one of the occasions when I ran rkunhooker and tried to use the 'quick report' function, I managed to get an error log after the program crashed. Here it is.

Exception code : 0xC0000005
Instruction address : 0x004418DC
Attempt to write at address : 0x00000004

Next I will send the OTL report

#8 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,549
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 29 January 2012 - 03:32 PM

Ok I will be waiting for the report


gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#9 User is offline   angelfire4xx 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 26
  • Joined: 25-January 12
  • Gender:Male
  • Location:United Kingdom

Posted 29 January 2012 - 03:42 PM

Hi, here it is

OTL logfile created on: 29/01/2012 20:19:35 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.04% Memory free
3.84 Gb Paging File | 2.97 Gb Available in Paging File | 77.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 262.33 Gb Free Space | 56.33% Space Free | Partition Type: NTFS

Computer Name: 0IGOTOZG63 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\IDrive\IDriveETray.exe (Pro Softnet Corp.)
PRC - C:\Program Files\IDrive\IDriveEBackground.exe (Pro-SoftNet Corp, U.S.A)
PRC - C:\Program Files\IDrive\IDriveWebM.exe ( Pro-Softnet)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - c:\Program Files\Arclab\MailList Controller\amlcSVC.exe (Arclab Software Technologies)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
PRC - C:\Program Files\TP-LINK\TWCU\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD)
PRC - C:\WINDOWS\system32\acs.exe ()
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\htpatch.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Alwil Software\Avast5\defs\12012900\algo.dll ()
MOD - C:\Program Files\Mozilla Firefox\js3250.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll ()
MOD - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll ()
MOD - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll ()
MOD - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\WINDOWS\system32\pdf995mon.dll ()
MOD - C:\Program Files\iolo\Common\Lib\Aquarius.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\Common Files\Acronis\Common\rpc_client.dll ()
MOD - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
MOD - C:\Program Files\dBpowerAMP\dBShell.dll ()
MOD - C:\Program Files\NETGEAR\WG111v2\NWTools.dll ()
MOD - C:\WINDOWS\system32\acs.exe ()
MOD - C:\Program Files\NETGEAR\WG111v2\acAuth.dll ()
MOD - C:\WINDOWS\htpatch.exe ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (IDriveE Service) -- C:\Program Files\IDrive\IDriveE Service.exe (Pro Softnet Corporation)
SRV - (IDriveWebM) -- C:\Program Files\IDrive\IDriveWebM.exe ( Pro-Softnet)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (MailList Controller) -- c:\Program Files\Arclab\MailList Controller\amlcSVC.exe (Arclab Software Technologies)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Visual Studio Analyzer RPC bridge) -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (RapportCerberus_34302) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ()
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys (Trusteer Ltd.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (AtcL002) -- C:\WINDOWS\system32\drivers\l251x86.sys (Atheros Communications, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AR5523) -- C:\WINDOWS\system32\drivers\ar5523.sys (Atheros Communications, Inc.)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (hpt4qic) -- C:\WINDOWS\system32\drivers\hpt4qic.sys (Microsoft Corporation)
DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (IFP800) -- C:\WINDOWS\system32\drivers\ifp800.sys (iRiver, Inc.)
DRV - (IFP700) -- C:\WINDOWS\system32\drivers\ifp700.sys (iRiver, Inc.)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (Intels51) Intel® -- C:\WINDOWS\system32\drivers\Intels51.sys (Intel Corporation)
DRV - (EUSBMSD) -- C:\WINDOWS\system32\drivers\EUSBMSD.SYS (SCM Microsystems Inc.)
DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)
DRV - (CW50) -- C:\WINDOWS\system32\drivers\CW50.sys (CASIO COMPUTER CO.,LTD.)
DRV - (HITUMINI) -- C:\WINDOWS\system32\drivers\RDCUMINI.sys (American Megatrends, Inc.)
DRV - (HituMass) -- C:\WINDOWS\system32\drivers\RDCUMASS.sys (American Megatrends, Inc.)
DRV - (epatapnt) -- C:\WINDOWS\System32\Drivers\epatapnt.mpd (Shuttle Technology. )
DRV - (SHARSHTL) -- C:\WINDOWS\System32\Drivers\sharshtl.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 9D AE 47 0D DE CC 01 [binary data]
IE - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1801674531-117609710-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-117609710-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2009/10/27 20:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/02/01 22:12:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010/12/31 16:18:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010/12/31 16:19:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/01/25 13:42:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 09:42:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/22 09:42:51 | 000,000,000 | ---D | M]

[2010/06/13 11:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/06/13 11:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012/01/29 20:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions
[2010/04/28 17:07:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/03 08:46:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/12/18 11:51:07 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/08/30 10:09:51 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/12/28 17:19:57 | 000,000,000 | ---D | M] (RefControl) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
[2011/09/23 16:22:47 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2011/12/21 11:03:44 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/08/30 13:46:52 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/01/09 17:15:07 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/12/08 09:46:55 | 000,000,000 | ---D | M] (SearchStatus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/01/22 22:39:58 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2011/05/24 08:05:23 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/01/09 08:32:09 | 000,000,000 | ---D | M] (bit.ly preview) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\bitlypreview@jay.ridgeway
[2011/03/21 20:05:05 | 000,000,000 | ---D | M] ("Blank Canvas Signatures for Gmail ") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\gmail_sigs@blankcanvasweb.com
[2010/03/19 22:56:18 | 000,000,000 | ---D | M] (SEO Blogger) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\seo-blogger@wordtracker.com
[2011/06/21 21:30:30 | 000,000,000 | ---D | M] (SEO Doctor) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\seodoctor@prelovac.com
[2012/01/29 16:16:08 | 000,000,000 | ---D | M] (socialmonkee) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\sm@submitter.net
[2011/09/17 10:48:13 | 000,000,000 | ---D | M] (SortPlaces) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\sortplaces@andyhalford.com
[2011/10/31 09:40:53 | 000,000,000 | ---D | M] (Stealthy) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\stealthyextension@gmail.com
[2011/10/31 09:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\stealthyextension@gmail.com\chrome
[2009/05/31 13:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/27 20:37:31 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2009/10/27 20:37:32 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2009/10/27 20:37:32 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2008/02/27 16:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2009/08/09 00:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2009/08/09 00:30:36 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2011/06/23 16:42:58 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/06/23 16:42:58 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/06/23 16:42:58 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/06/23 16:42:58 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/01/25 20:57:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HTpatch] C:\WINDOWS\htpatch.exe ()
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TWCU\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1801674531-117609710-839522115-1004..\Run: [IDriveE Startup] C:\Program Files\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - HKU\S-1-5-21-1801674531-117609710-839522115-1004..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\User\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\User\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Read EXIF - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O15 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://shop.ebrary.com/support/plugins/ebraryRdr.cab (Infotl Control)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.truedoc.com/activex/tdserver.cab (TDServer Control)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {41695A8E-6414-11D4-8FB3-00D0B7730277} http://activex.microsoft.com/objects/ocget.dll (Reg Error: Key error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (AccountTracking Profile Manager Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146667490500 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37901.2256134259 (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {AA218328-0EA8-4D70-8972-E987A9190FF4} http://activex.microsoft.com/objects/ocget.dll (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} http://activex.microsoft.com/objects/ocget.dll (Reg Error: Key error.)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab (EPSImageControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEB41B01-A73B-4A02-B6C6-351D23A4B011}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7683FB5-EED4-4E31-BDC3-8C41F6101A86}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/10 22:48:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/29 20:15:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/01/29 18:17:15 | 004,393,882 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/01/28 21:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\malware cleaning
[2012/01/28 18:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sun
[2012/01/28 18:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/01/28 18:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/28 18:45:02 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/01/28 18:45:02 | 000,567,184 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/01/28 18:45:02 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/01/28 18:45:02 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/01/28 18:45:02 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/01/28 18:45:02 | 000,141,312 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/01/25 20:18:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/25 20:14:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/25 20:14:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/25 20:14:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/25 20:14:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/25 20:14:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/25 20:14:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/25 20:13:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools
[2012/01/25 13:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2012/01/25 13:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/01/13 12:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\TaxCalc 2011
[2012/01/11 10:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Backlinks Report
[2012/01/10 12:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\WATER ORG POSTS
[2012/01/01 15:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\FURNITURE
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/29 20:16:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/01/29 19:54:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/29 19:22:39 | 000,437,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/29 19:22:39 | 000,069,536 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/29 19:15:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/29 18:26:16 | 004,393,882 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/01/29 16:54:01 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/29 16:43:17 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2012/01/29 11:35:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable
[2012/01/29 10:13:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/28 19:36:16 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/28 18:44:44 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/01/28 18:44:44 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/01/28 18:44:44 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/01/28 18:44:44 | 000,141,312 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/01/28 18:44:43 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/01/28 18:44:41 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/01/28 11:09:35 | 000,020,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/27 19:40:08 | 000,000,648 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/01/27 19:39:56 | 000,008,006 | ---- | M] () -- C:\WINDOWS\qwshellx.ini
[2012/01/25 20:57:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/25 13:29:38 | 000,415,859 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/01/06 14:33:34 | 005,135,836 | ---- | M] (TweetAdder.com) -- C:\Documents and Settings\User\Desktop\tweetadder3.exe
[2012/01/06 11:51:24 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe
[2012/01/06 11:51:16 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe
[2012/01/06 11:29:06 | 002,083,464 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator32.dll
[2012/01/04 16:31:14 | 000,002,908 | ---- | M] () -- C:\Documents and Settings\User\Desktop\application-form-2012-01-04.csv
[2012/01/01 15:35:36 | 000,145,358 | ---- | M] () -- C:\Documents and Settings\User\Desktop\larynx.jpg
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/29 11:35:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable
[2012/01/25 20:18:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/25 20:14:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/25 20:14:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/25 20:14:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/25 20:14:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/25 20:14:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/25 13:22:46 | 000,415,859 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/01/04 16:31:13 | 000,002,908 | ---- | C] () -- C:\Documents and Settings\User\Desktop\application-form-2012-01-04.csv
[2012/01/01 16:03:43 | 002,620,762 | ---- | C] () -- C:\Documents and Settings\User\Desktop\09 CaroMioBen.wma
[2012/01/01 15:35:32 | 000,145,358 | ---- | C] () -- C:\Documents and Settings\User\Desktop\larynx.jpg
[2011/11/30 15:42:24 | 000,007,219 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2011/11/30 15:16:52 | 000,000,417 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2011/11/30 15:16:51 | 000,001,112 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2011/11/06 11:43:03 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Player.INI
[2010/12/14 12:55:16 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/04 15:21:18 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/09/04 15:21:17 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/09/04 15:21:15 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/04 15:21:15 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/09/04 15:21:15 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/21 12:18:55 | 000,026,032 | ---- | C] () -- C:\WINDOWS\System32\IDriveEXceedCryReg.exe
[2010/08/21 12:18:54 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/01/15 20:26:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SmartAdWrapper.INI
[2009/12/12 16:54:27 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\˜113.›sys
[2009/10/23 16:57:24 | 019,247,104 | ---- | C] () -- C:\Documents and Settings\User\Application Data\TweetAdder
[2009/08/20 20:19:01 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/08/20 20:16:11 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/08/20 20:16:11 | 000,000,085 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/08/13 10:51:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/08/13 10:43:39 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/08/04 14:11:43 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/08/04 14:11:06 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/07/01 16:51:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ABC_mru.ini
[2009/06/02 16:39:57 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/04/10 18:24:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/16 15:55:33 | 000,072,192 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2008/09/22 14:21:34 | 000,127,092 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/09/02 16:04:23 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BinCoder.dll
[2008/08/20 16:45:46 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2008/08/19 16:17:06 | 000,149,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2008/08/19 16:17:06 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\ar5523.bin
[2008/08/19 16:17:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2008/08/19 16:17:03 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2008/08/12 21:04:59 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\msblcd32.dll
[2008/05/11 09:39:05 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/03/14 19:16:54 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/03/14 19:14:35 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2008/03/14 19:11:38 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/07/30 08:10:26 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/07/21 14:07:12 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/07/21 14:07:12 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/07/21 14:07:12 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/07/21 14:07:12 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/07/21 14:07:12 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/07/21 14:07:12 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/07/21 14:07:12 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/07/21 14:07:12 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/07/21 14:07:12 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/07/21 14:07:12 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/07/21 14:07:11 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/07/21 14:07:11 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/07/21 14:07:11 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/07/21 14:07:11 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/07/21 14:07:11 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/07/21 14:07:11 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/07/21 14:07:11 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/07/21 14:07:11 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/07/21 14:07:11 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/07/21 14:02:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX6000EFDG.ini
[2007/03/27 18:38:22 | 000,045,056 | R--- | C] () -- C:\Program Files\SetAttrib.exe
[2007/03/12 12:12:52 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hasher.dll
[2006/10/01 09:55:14 | 000,000,034 | ---- | C] () -- C:\WINDOWS\ebraryRdr.ini
[2006/06/17 18:09:15 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCPitchBenches
[2006/06/17 18:09:03 | 000,000,396 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCPitchScores
[2006/06/17 18:08:42 | 000,000,244 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCPrefs
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench5
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench4
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench3
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench2
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench1
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench0
[2006/06/08 22:05:59 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
[2006/05/04 13:24:00 | 000,036,593 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2006/05/03 14:13:06 | 000,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2006/05/03 14:12:30 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2006/04/26 14:36:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/04/26 14:36:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/04/26 14:36:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/04/26 14:36:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/04/26 14:36:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/04/26 14:36:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/04/20 22:06:43 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2006/04/11 12:30:55 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2006/02/28 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/15 13:41:47 | 000,001,089 | ---- | C] () -- C:\WINDOWS\atm.ini
[2005/12/27 18:16:30 | 000,000,180 | -H-- | C] () -- C:\WINDOWS\System32\einfopsv10.dll
[2005/11/16 12:01:53 | 000,002,936 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/13 13:19:56 | 000,099,970 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/11/13 13:19:31 | 000,003,445 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/11/13 13:04:19 | 000,000,315 | ---- | C] () -- C:\WINDOWS\System32\PCRVersion.ini
[2005/10/29 10:15:06 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/10/10 14:45:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/10/03 13:29:51 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2005/03/29 13:59:47 | 000,006,688 | ---- | C] () -- C:\WINDOWS\movexe.exe
[2005/02/23 13:59:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/12/25 17:34:42 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/12/25 17:34:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/11/15 10:40:34 | 000,000,062 | ---- | C] () -- C:\WINDOWS\I_VIEW32.INI
[2004/11/12 16:04:10 | 000,795,832 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2004/11/05 14:20:20 | 000,039,095 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2004/09/29 14:17:28 | 005,927,424 | ---- | C] () -- C:\WINDOWS\System32\Drs732.dll
[2004/09/14 18:36:31 | 000,000,056 | ---- | C] () -- C:\WINDOWS\lifeart.ini
[2004/08/30 14:25:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Application Data\dm.ini
[2004/05/22 08:18:43 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/05/02 17:50:19 | 000,126,464 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/27 09:31:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\SSB.ini
[2004/04/23 14:01:12 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\HANDLE.INI
[2004/03/08 13:24:47 | 000,011,036 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2004/03/07 22:23:27 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2004/02/17 10:22:27 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\TyrannLite.dll
[2003/12/31 16:02:55 | 000,000,107 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2003/12/27 13:16:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2003/12/27 13:15:06 | 000,000,407 | ---- | C] () -- C:\WINDOWS\webpos20.ini
[2003/12/22 15:24:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\QVPC.INI
[2003/10/26 11:59:10 | 000,001,783 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/10/24 21:59:18 | 000,000,313 | ---- | C] () -- C:\WINDOWS\browsev2.ini
[2003/10/24 13:44:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xwsindex.exe
[2003/10/22 16:12:09 | 000,009,336 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).EML
[2003/10/22 09:26:08 | 000,008,006 | ---- | C] () -- C:\WINDOWS\qwshellx.ini
[2003/10/10 23:02:56 | 000,000,090 | ---- | C] () -- C:\WINDOWS\A5.INI
[2003/10/10 22:51:07 | 000,000,186 | ---- | C] () -- C:\WINDOWS\rtpatch.ini
[2003/10/10 22:48:43 | 000,003,433 | ---- | C] () -- C:\WINDOWS\WPR.INI
[2003/10/10 22:48:43 | 000,000,648 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/10/10 21:21:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/10/09 19:27:13 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2003/10/09 11:50:48 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2003/10/09 11:32:05 | 000,000,886 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/09 11:01:49 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2003/10/07 12:44:34 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/10/07 11:57:59 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/10/07 11:57:01 | 000,939,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/10/07 11:18:45 | 000,000,154 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2003/10/07 11:18:45 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2003/10/07 11:18:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2003/10/07 11:18:35 | 000,237,568 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2003/10/07 11:18:35 | 000,212,992 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2003/10/07 11:18:35 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2003/10/07 11:16:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2003/10/07 11:16:27 | 000,028,672 | R--- | C] () -- C:\WINDOWS\htpatch.exe
[2003/10/07 11:16:27 | 000,003,072 | R--- | C] () -- C:\WINDOWS\winio.sys
[2003/10/07 11:14:55 | 000,011,230 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2003/10/07 11:14:55 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003/10/07 11:12:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/10/07 11:08:15 | 000,024,208 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/04/09 13:40:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2003/04/09 13:40:14 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2003/04/09 13:40:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/04/09 13:40:00 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2003/03/09 20:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/11/04 03:09:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2002/11/04 03:09:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2002/09/02 15:45:30 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2002/08/29 12:00:00 | 000,437,004 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 12:00:00 | 000,069,536 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/06/06 01:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2002/03/31 13:26:54 | 000,000,514 | ---- | C] () -- C:\WINDOWS\ISYSKNOW.INI
[2001/07/31 11:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1999/07/05 10:00:00 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[1999/01/22 18:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/12/24 14:38:02 | 000,002,496 | ---- | C] () -- C:\WINDOWS\ISYS.INI
[1998/09/30 13:11:20 | 000,657,408 | ---- | C] () -- C:\WINDOWS\System32\ISYSU532.DLL
[1998/07/31 04:14:40 | 000,000,246 | ---- | C] () -- C:\WINDOWS\ISYSSQL.INI
[1998/06/09 23:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/17 23:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/01/12 08:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Windows Update.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\webpos20.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsccvid.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapectrl.cfg:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SpoonUninstall.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pnpwhsc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nwiz.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nvwrseng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nvsvc32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nvrseng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nview.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NvCpl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpzlnt07.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpotscl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsroute.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\serscan.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MODEMCSA.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\HCF_MSFT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\etc\services:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\etc\quotes:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drvmcdb.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cmuda.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dc210usd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dc210_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cmuda.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\cmicnfg.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SiSUSBrg.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SiSport.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\msshlib2.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\mover.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\MDACSET.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\GRAPH5.XLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Forest.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\EXCEL5.XLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\DYNAZIP.LOG:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Clouds.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Circles.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Bubbles.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\analyse.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Start Menu\Programs\NoteWorthy Composer.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Start Menu\Programs\Musicnotes Player.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Start Menu\Programs\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\ntuser.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\My Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotec.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\xpsp1hfm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WPR.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPrx.prx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vminst.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\uninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tsoc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tasks\Symantec NetDetect.job:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedon.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedoff.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zlib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xwsindex.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp1hfm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\write.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WPWIZDLL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WNASPI32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvcore2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpscheme.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wjview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSOCK.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINDBVER.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WEBPOST.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSEXT.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSDBFLEX.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vmhelper.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ven2232.olb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBDB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vbar332.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAR2232.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VB5StKit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VB5DB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VB40032.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\udaprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TyrannLite.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TLBINF32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\THREED32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tabctl32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TABCTL32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSINFO.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSINFO.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSINFO.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stkit432.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SSTABS32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SSTAB.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SSDOCK32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLSODBC.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLPARSE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPIN32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shw32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SELFREG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCRRUN.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scripto.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCRIPTLE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RICHTX32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RICHTX32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RICHTEXT.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REPUTIL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REGOBJ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RACREG32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RACMGR32.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qvusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PUBDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\POSTWPP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PIPARSE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PICCLP32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PICCLIP.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pgtextje.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pgtextj_.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PGTEXTJ_.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pgtext.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PGTEXT.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pgmus.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PGMUS.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pgjazz__.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pgjazz__.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pgchords.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PGCHORDS.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PDM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OUTLWAB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODKOB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OC30.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrszht.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrszhc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrstr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsptb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrspt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsnl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsko.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsja.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrshu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrshe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsesm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrses.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrscs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsar.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvtuicpl.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvshell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrszht.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrszhc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrstr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsptb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrspt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsnl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsko.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsja.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrshu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrshe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsesm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrses.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrscs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsar.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvoglnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvmctray.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvinstnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nviewimg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\npwmsdrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml4r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSXBSE35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSXB3032.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSWINSCK.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Msvcrt10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msuni11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSTEXT35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msstkprp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSDM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSCRIPT.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSCRIPT.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRTEDIT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSREPL35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDC20.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDC20.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDC20.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrd2x35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRD2X32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSPX3032.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSPDOX35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSOUTL32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMASK32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMASK32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMASK.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMAPI32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMAPI32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMAPI.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSLTUS35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSLS2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjter35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJTER32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJT4JLT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJT3032.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Msjint35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJINT32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjet35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjdbc10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjava.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msisam11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSINET.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMUSIC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSHFLXGD.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSHFLXGD.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSHFLXGD.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSFLXGRD.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSFLXGRD.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSEXCL35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSEXCH35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBRPTR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBRPTR.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBRPT.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBRPT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBGEN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATREP.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATREP.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATREP.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATLST.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATLST.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATGRD.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATGRD.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATGRD.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMM32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMM32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMM.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMCTL.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMCTL.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMCT2.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMCT2.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCHRT20.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCHRT20.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCHRT20.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSBIND.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSBIND.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msawt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSADODC.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSADODC.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mindex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFCANS32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MDT2FW95.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MDM.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCI32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCI32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCI.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapisvc.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MabryObj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lvkrn13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTWVC13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTWND13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltwen13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lttwn13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lttw213n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lttmb13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lttls13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTTLB13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltsgm13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTSCR13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTRTN13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltpnt13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltpdg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltlst13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltkrn13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltisi13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTIMG13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTFIL13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTEFX13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltdlg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTDIS13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTDic13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltcry13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTCON13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTCLR13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTAUT13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltann13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfxwd13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfXpm13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfXbm13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfwpg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfwmp13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lfwmf13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfwfx13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfvec13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lftif13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lftga13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFSMP13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfshp13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfsgi13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfsct13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfRaw13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfras13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFPTK13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpsd13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFPNM13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lfpng13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfplt13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpdf13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpcx13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lfpct13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfPCL13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpcd13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfmsp13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfmpg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfmac13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lflmb13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lflma13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfkodak.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfjbg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFJ2K13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfitg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfimg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfiff13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfica13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfgif13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfgbr13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lffpx7.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lffpx13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfflc13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lffax13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfeps13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfdxf13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfdwg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfdwf13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfdrw13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lfdgn13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfCUT13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFCMW13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFCMP13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfclp13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lfcgm13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfcal13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfbmp13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfawd13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfavi13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfani13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfAFP13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keystone.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jdbgmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javart.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaprxy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JAVALE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaee.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javacypt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISYSU532.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISYSPDFL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISYSPDF3.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISYS532.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INLOADER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INETCTLS.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IMOCX32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IMGMAN31.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31WPG.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31WMF.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31TIF.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31TGA.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31PNG.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31PCX.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31PCD.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31JPG.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31IMG.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31FAX.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31EPS.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31DXF.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31BMP.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HTMUTIL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hticons.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzcon07.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzcoi07.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HPZc3212.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HLP95EN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HANDLE.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getuname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxssend.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsperf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscount.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsclntR.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscfgwz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FTPx.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FTPx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FTPWPP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FPWPP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FPHttp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fnfilter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EXSEC32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMLCNS32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMDAZ32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dzgtactx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx3j.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRVVFP.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRVVFP.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SHARSHTL.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\protocol:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\networks:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\lmhosts.sam:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\EPATAPNT.MPD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ASUSHWIO.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ASPI32.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmcpl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DDAO36.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsvinn.dLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBMSSOCN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsadsn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBLIST32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBLIST32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBLIST.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBGRID32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBGRID32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBGRID.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBADAPT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DATALIST.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CTVLST32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CSPLST32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CSLIST32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CSFORM32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CSCOMB32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CSCMD32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CRSWPP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMMTB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMDLG32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCTL32.NU7:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCTL32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCTL2.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCTL.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCT332.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comct332.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCT332.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCT232.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCT232.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CMDIALOG.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clspack.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CIRAS.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28603.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28599.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20127.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\besched.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\besch.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BENTOFIO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Base64.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\azip32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avwav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTPRX32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTMGR32.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Audio3D.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asutl8.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ADODC.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ADIST5.PPD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\a3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WOWPOST.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WINASPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\vaspid.386:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\setup.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\READMEHP.WRI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\QCTL3D.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\QCONNECT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PJAM.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PFEED.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PERROR.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PCOVER.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PCOMMERR.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PADDPAP.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5EO.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E4.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E3.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\FINSTALL.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\FINSTALL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\CTL3DV2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\CTL3D.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\cmswtape.386:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\cmids3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\CmiCnfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ST4UNST.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ST4UNST.003:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ST4UNST.002:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ST4UNST.001:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ST4UNST.000:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SSB.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Soap Bubbles.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SKY32V3C.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SIS_LIB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setuplog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupact.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setdebug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\sessmgr.setup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\rtpatch.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\River Sumida.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\regopt.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\qwshellx.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\QVPC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\QUICKEN.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q828026.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q819696.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q817606.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q817287.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q815021.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q814033.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q811630.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q811493.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q810833.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q810577.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q810565.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q330994.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329834.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329441.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329390.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329170.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329115.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329048.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q328310.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q323255.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Prairie Wind.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\OEWABLog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocmsn.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocgen.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ntdtcsetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\nsreg.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msgsocm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ModemLog_Intel® Ham 5628 V.92 Modem.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\mdm.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB840374.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB837001.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB835732.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB828741.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB828035.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB828028.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB825119.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB824146.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB824141.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB824105.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB823980.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB823559.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB823182.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB821557.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB810217.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\JAUTOEXP.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\jautoexp.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ISYSSQL.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ISYSKNOW.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ISYS.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ISYS.GRP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\INTUIT.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\iis6.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\IEPatchUninstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Greenstone.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Gone Fishing.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FeatherTexture.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FaxSetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FASTWiz.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DUNZIP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DtcInstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DINSTALL.RC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\dahotfix.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\COM+.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Coffee Bean.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CMIUninstall.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CMISETUP.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CmiRmRedundDir.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CMIRmDriver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CMCDPLAY.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CDPlayer.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\browsev2.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blue Lace 16.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\AWMODEM.INF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\A5.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\VIRTPART.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\msconfig.exe.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\My Documents\xxLogins.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Local Settings\Application Data\FASTWiz.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Desktop\zzTO-DO.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Desktop\Quicken 5.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Desktop\Alpha 5.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).EML:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Desktop\PowerDVD.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\CONFIG.SYS:KAVICHS

< End of report >

#10 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,549
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 29 January 2012 - 03:56 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O16 - DPF: {41695A8E-6414-11D4-8FB3-00D0B7730277} http://activex.microsoft.com/objects/ocget.dll (Reg Error: Key error.)
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37901.2256134259 (Reg Error: Key error.)
O16 - DPF: {AA218328-0EA8-4D70-8972-E987A9190FF4} http://activex.microsoft.com/objects/ocget.dll (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} http://activex.microsoft.com/objects/ocget.dll (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Windows Update.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\webpos20.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsccvid.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapectrl.cfg:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SpoonUninstall.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pnpwhsc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nwiz.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nvwrseng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nvsvc32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nvrseng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nview.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NvCpl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpzlnt07.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpotscl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsroute.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\serscan.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MODEMCSA.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\HCF_MSFT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\etc\services:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\etc\quotes:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drvmcdb.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cmuda.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dc210usd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dc210_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cmuda.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\cmicnfg.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SiSUSBrg.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SiSport.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\msshlib2.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\mover.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\MDACSET.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\GRAPH5.XLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Forest.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\EXCEL5.XLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\DYNAZIP.LOG:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Clouds.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Circles.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Bubbles.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\analyse.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Start Menu\Programs\NoteWorthy Composer.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Start Menu\Programs\Musicnotes Player.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Start Menu\Programs\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\ntuser.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\My Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\User\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotec.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\xpsp1hfm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WPR.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPrx.prx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vminst.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\uninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tsoc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tasks\Symantec NetDetect.job:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedon.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedoff.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zlib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xwsindex.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp1hfm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\write.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WPWIZDLL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WNASPI32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvcore2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpscheme.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wjview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINSOCK.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WINDBVER.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WEBPOST.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSEXT.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSDBFLEX.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vmhelper.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ven2232.olb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBDB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vbar332.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAR2232.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VB5StKit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VB5DB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VB40032.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\udaprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TyrannLite.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TLBINF32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\THREED32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tabctl32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TABCTL32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSINFO.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSINFO.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SYSINFO.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stkit432.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SSTABS32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SSTAB.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SSDOCK32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLSODBC.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SQLPARSE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SPIN32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shw32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SELFREG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCRRUN.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scripto.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCRIPTLE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RICHTX32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RICHTX32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RICHTEXT.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REPUTIL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\REGOBJ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RACREG32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RACMGR32.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qvusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PUBDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\POSTWPP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PIPARSE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PICCLP32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PICCLIP.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pgtextje.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pgtextj_.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PGTEXTJ_.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pgtext.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PGTEXT.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pgmus.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PGMUS.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pgjazz__.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pgjazz__.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Pgchords.ttf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PGCHORDS.FOT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PDM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OUTLWAB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODKOB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OC30.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrszht.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrszhc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrstr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsptb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrspt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsnl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsko.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsja.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrshu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrshe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsesm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrses.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrscs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsar.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvtuicpl.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvshell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrszht.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrszhc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrstr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsptb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrspt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsnl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsko.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsja.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrshu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrshe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsesm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrses.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrscs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsar.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvoglnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvmctray.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvinstnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nviewimg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\npwmsdrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml4r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSXBSE35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSXB3032.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSWINSCK.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Msvcrt10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msuni11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSTEXT35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msstkprp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSDM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSCRIPT.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSCRIPT.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRTEDIT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSREPL35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDC20.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDC20.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDC20.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrd2x35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRD2X32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSPX3032.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSPDOX35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSOUTL32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMASK32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMASK32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMASK.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMAPI32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMAPI32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSMAPI.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSLTUS35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSLS2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjter35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJTER32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJT4JLT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJT3032.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Msjint35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSJINT32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjet35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjdbc10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjava.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msisam11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSINET.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMUSIC.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT16.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSIMRT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSHFLXGD.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSHFLXGD.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSHFLXGD.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSFLXGRD.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSFLXGRD.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSEXCL35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSEXCH35.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBRPTR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBRPTR.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBRPT.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBRPT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBGEN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDBG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATREP.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATREP.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATREP.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATLST.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATLST.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATGRD.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATGRD.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSDATGRD.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMM32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMM32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMM.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMCTL.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMCTL.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMCT2.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCOMCT2.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCHRT20.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCHRT20.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCHRT20.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSCAL.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSBIND.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSBIND.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msawt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSADODC.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSADODC.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mindex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFCANS32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MDT2FW95.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MDM.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCI32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCI32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MCI.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapisvc.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MabryObj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lvkrn13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTWVC13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTWND13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltwen13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lttwn13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lttw213n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lttmb13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lttls13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTTLB13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltsgm13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTSCR13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTRTN13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Ltpnt13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltpdg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltlst13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltkrn13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltisi13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTIMG13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTFIL13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTEFX13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltdlg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTDIS13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTDic13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltcry13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTCON13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTCLR13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LTAUT13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltann13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfxwd13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfXpm13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfXbm13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfwpg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfwmp13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lfwmf13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfwfx13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfvec13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lftif13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lftga13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFSMP13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfshp13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfsgi13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfsct13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfRaw13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfras13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFPTK13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpsd13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFPNM13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lfpng13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfplt13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpdf13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpcx13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lfpct13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfPCL13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfpcd13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfmsp13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfmpg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfmac13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lflmb13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lflma13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfkodak.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfjbg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFJ2K13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfitg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfimg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfiff13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfica13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfgif13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfgbr13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lffpx7.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lffpx13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfflc13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lffax13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfeps13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfdxf13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfdwg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfdwf13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfdrw13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lfdgn13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfCUT13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFCMW13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\LFCMP13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfclp13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Lfcgm13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfcal13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfbmp13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfawd13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfavi13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfani13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfAFP13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keystone.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jdbgmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javart.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaprxy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JAVALE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaee.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javacypt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISYSU532.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISYSPDFL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISYSPDF3.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ISYS532.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INLOADER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INETCTLS.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IMOCX32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IMGMAN31.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31WPG.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31WMF.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31TIF.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31TGA.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31PNG.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31PCX.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31PCD.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31JPG.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31IMG.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31FAX.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31EPS.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31DXF.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IM31BMP.DIL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HTMUTIL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hticons.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzcon07.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzcoi07.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HPZc3212.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HLP95EN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HANDLE.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getuname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxssend.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsperf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscount.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsclntR.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscfgwz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FTPx.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FTPx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FTPWPP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FPWPP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FPHttp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fnfilter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EXSEC32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMLCNS32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EMDAZ32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dzgtactx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx3j.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRVVFP.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRVVFP.CNT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SHARSHTL.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\protocol:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\networks:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\lmhosts.sam:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\EPATAPNT.MPD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ASUSHWIO.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ASPI32.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmcpl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DDAO36.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsvinn.dLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBMSSOCN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsadsn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBLIST32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBLIST32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBLIST.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBGRID32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBGRID32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBGRID.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DBADAPT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DATALIST.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CTVLST32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CSPLST32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CSLIST32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CSFORM32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CSCOMB32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CSCMD32.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CRSWPP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMMTB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMDLG32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCTL32.NU7:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCTL32.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCTL2.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCTL.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCT332.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comct332.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCT332.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCT232.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMCT232.DEP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CMDIALOG.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clspack.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CIRAS.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\besched.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\besch.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BENTOFIO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Base64.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\azip32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avwav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTPRX32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTMGR32.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Audio3D.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asutl8.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ADODC.SRG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ADIST5.PPD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\a3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WOWPOST.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WINASPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\vaspid.386:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\setup.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\READMEHP.WRI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\QCTL3D.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\QCONNECT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PJAM.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PFEED.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PERROR.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PCOVER.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PCOMMERR.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\PADDPAP.WAV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5EO.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E4.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E3.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E1.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\HPPCL5E.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\FINSTALL.HLP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\FINSTALL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\CTL3DV2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\CTL3D.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\cmswtape.386:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\cmids3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\CmiCnfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ST4UNST.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ST4UNST.003:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ST4UNST.002:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ST4UNST.001:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ST4UNST.000:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SSB.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Soap Bubbles.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SKY32V3C.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SIS_LIB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setuplog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupact.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setdebug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\sessmgr.setup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\rtpatch.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\River Sumida.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\regopt.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\qwshellx.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\QVPC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\QUICKEN.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q828026.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q819696.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q817606.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q817287.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q815021.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q814033.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q811630.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q811493.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q810833.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q810577.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q810565.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q330994.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329834.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329441.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329390.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329170.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329115.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q329048.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q328310.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q323255.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Prairie Wind.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\OEWABLog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocmsn.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocgen.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ntdtcsetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\nsreg.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msgsocm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ModemLog_Intel® Ham 5628 V.92 Modem.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\mdm.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB840374.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB837001.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB835732.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB828741.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB828035.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB828028.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB825119.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB824146.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB824141.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB824105.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB823980.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB823559.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB823182.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB821557.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB810217.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\JAUTOEXP.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\jautoexp.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ISYSSQL.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ISYSKNOW.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ISYS.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ISYS.GRP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\INTUIT.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\iis6.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\IEPatchUninstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Greenstone.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Gone Fishing.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FeatherTexture.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FaxSetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FASTWiz.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DUNZIP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DtcInstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DINSTALL.RC:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\dahotfix.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\COM+.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Coffee Bean.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CMIUninstall.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CMISETUP.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CmiRmRedundDir.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CMIRmDriver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CMCDPLAY.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CDPlayer.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\browsev2.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blue Lace 16.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\AWMODEM.INF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\A5.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\VIRTPART.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\msconfig.exe.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\My Documents\xxLogins.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Local Settings\Application Data\FASTWiz.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Desktop\zzTO-DO.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Desktop\Quicken 5.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Desktop\Alpha 5.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).EML:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Desktop\PowerDVD.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\CONFIG.SYS:KAVICHS
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2009/10/27 20:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/02/01 22:12:47 | 000,000,000 | ---D | M]
[2009/10/27 20:37:31 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2009/10/27 20:37:32 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2009/10/27 20:37:32 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2009/12/12 16:54:27 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\˜113.›sys

  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Let me know How things are doing

Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#11 User is offline   angelfire4xx 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 26
  • Joined: 25-January 12
  • Gender:Male
  • Location:United Kingdom

Posted 29 January 2012 - 04:22 PM

I wish I could say it worked. Sadly... no. (I did also clear the cache in Firefox.)

Here's the log

========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1801674531-117609710-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Starting removal of ActiveX control {41695A8E-6414-11D4-8FB3-00D0B7730277}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41695A8E-6414-11D4-8FB3-00D0B7730277}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41695A8E-6414-11D4-8FB3-00D0B7730277}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41695A8E-6414-11D4-8FB3-00D0B7730277}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41695A8E-6414-11D4-8FB3-00D0B7730277}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41695A8E-6414-11D4-8FB3-00D0B7730277}\ not found.
Starting removal of ActiveX control {6BEA1C48-1850-486C-8F58-C7354BA3165E}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6BEA1C48-1850-486C-8F58-C7354BA3165E}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6BEA1C48-1850-486C-8F58-C7354BA3165E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BEA1C48-1850-486C-8F58-C7354BA3165E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BEA1C48-1850-486C-8F58-C7354BA3165E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BEA1C48-1850-486C-8F58-C7354BA3165E}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {AA218328-0EA8-4D70-8972-E987A9190FF4}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AA218328-0EA8-4D70-8972-E987A9190FF4}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AA218328-0EA8-4D70-8972-E987A9190FF4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA218328-0EA8-4D70-8972-E987A9190FF4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AA218328-0EA8-4D70-8972-E987A9190FF4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA218328-0EA8-4D70-8972-E987A9190FF4}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {DA4F543C-C8A9-4E88-9A79-548CBB46F18F}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DA4F543C-C8A9-4E88-9A79-548CBB46F18F}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DA4F543C-C8A9-4E88-9A79-548CBB46F18F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA4F543C-C8A9-4E88-9A79-548CBB46F18F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DA4F543C-C8A9-4E88-9A79-548CBB46F18F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA4F543C-C8A9-4E88-9A79-548CBB46F18F}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
ADS C:\WINDOWS\winnt256.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\winnt.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\Windows Update.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\webpos20.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wpa.dbl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tsccvid.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tapectrl.cfg:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SpoonUninstall.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pnpwhsc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nwiz.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrseng.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvsvc32.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrseng.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nview.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\NvCpl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msg723.acm:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mapi32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\javasup.vxd:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hpzlnt07.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hpotscl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fxsroute.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\serscan.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\MODEMCSA.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\HCF_MSFT.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\etc\services:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\etc\quotes:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\drvmcdb.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\cmuda.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dc210usd.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dc210_32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cmuda.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\cmicnfg.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\SiSUSBrg.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\SiSport.sys:KAVICHS deleted successfully.
ADS C:\WINDOWS\msshlib2.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\mover.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\MDACSET.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\GRAPH5.XLB:KAVICHS deleted successfully.
ADS C:\WINDOWS\Forest.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\EXCEL5.XLB:KAVICHS deleted successfully.
ADS C:\WINDOWS\DYNAZIP.LOG:KAVICHS deleted successfully.
ADS C:\WINDOWS\Clouds.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\Circles.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\Bubbles.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\analyse.log:KAVICHS deleted successfully.
ADS C:\Documents and Settings\User\Start Menu\Programs\Startup\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\User\Start Menu\Programs\NoteWorthy Composer.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\User\Start Menu\Programs\Musicnotes Player.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\User\Start Menu\Programs\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\User\ntuser.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\User\My Documents\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\User\Application Data\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Documents\desktop.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\Zapotec.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\xpsp1hfm.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\WPR.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\WMSysPrx.prx:KAVICHS deleted successfully.
ADS C:\WINDOWS\wiaservc.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\vminst.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\vbaddin.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\vb.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\uninst.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\tsoc.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\tasks\Symantec NetDetect.job:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\zonedon.reg:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\zonedoff.reg:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\zlib.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\xwsindex.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\xpsp1hfm.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\write.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WPWIZDLL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WNASPI32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmvdmoe.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmvcore2.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmv8dmod.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmpstub.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmpscheme.xml:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmimgmt.msc:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wmidx.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\wjview.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WINSOCK.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WINDBVER.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\winchat.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\WEBPOST.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VSEXT.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VSDBFLEX.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vmhelper.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vfpodbc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ven2232.olb:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VBDB32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\vbar332.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VBAR2232.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VBAME.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VBAEN32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VB5StKit.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VB5DB.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\VB40032.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\usrlogon.cmd:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\udaprop.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TyrannLite.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tsshutdn.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tslabels.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tslabels.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tskill.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tsdiscon.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tscon.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TLBINF32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\THREED32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\tabctl32.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\TABCTL32.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SYSINFO.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SYSINFO.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SYSINFO.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\subrange.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\stkit432.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SSTABS32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SSTAB.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SSDOCK32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SQLSODBC.HLP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SQLPARSE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SPIN32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\sndvol32.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shw32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shiftjis.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\shadow.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SELFREG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SCRRUN.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\scripto.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SCRIPTLE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\SCP32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rwinsta.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RICHTX32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RICHTX32.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RICHTEXT.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\reset.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\REPUTIL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\REGOBJ.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\regini.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RACREG32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\RACMGR32.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\qwinsta.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\qvusd.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\qappsrv.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PUBDLG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\POSTWPP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PIPARSE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PICCLP32.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PICCLIP.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Pgtextje.ttf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Pgtextj_.ttf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PGTEXTJ_.FOT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Pgtext.ttf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PGTEXT.FOT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pgmus.ttf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PGMUS.FOT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Pgjazz__.ttf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\pgjazz__.FOT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Pgchords.ttf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PGCHORDS.FOT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\PDM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OUTLWAB.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ODKOB32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\OC30.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrszht.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrszhc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrstr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrssv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrssl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrssk.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrsru.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrsptb.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrspt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrspl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrsno.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrsnl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrsko.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrsja.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrsit.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrshu.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrshe.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrsfr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrsfi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrsesm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrses.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrsel.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrsde.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrsda.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrscs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvwrsar.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvtuicpl.cpl:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvshell.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrszht.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrszhc.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrstr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrssv.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrssl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrssk.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrsru.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrsptb.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrspt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrspl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrsno.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrsnl.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrsko.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrsja.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrsit.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrshu.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrshe.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrsfr.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrsfi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrsesm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrses.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrsel.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrsde.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrsda.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrscs.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvrsar.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvoglnt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvmctray.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nvinstnt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nviewimg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\npwmsdrm.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.tha:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.sve:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.nld:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.ita:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.fra:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.esn:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.enu:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.eng:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.deu:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\noise.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msxml4r.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSXBSE35.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSXB3032.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSWINSCK.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Msvcrt10.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msuni11.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSTEXT35.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msstkprp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSSDM.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSSCRIPT.HLP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSSCRIPT.CNT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSRTEDIT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSREPL35.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSRDO20.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSRDO20.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSRDC20.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSRDC20.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSRDC20.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msrd2x35.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSRD2X32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSPX3032.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSPDOX35.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSOUTL32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSMASK32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSMASK32.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSMASK.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSMAPI32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSMAPI32.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSMAPI.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSLTUS35.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSLS2.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msjter35.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSJTER32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSJT4JLT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSJT3032.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Msjint35.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSJINT32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msjet35.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msjdbc10.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msjava.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msisam11.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSINET.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSIMUSIC.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSIMRT32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSIMRT16.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSIMRT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSHFLXGD.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSHFLXGD.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSHFLXGD.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msg.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSFLXGRD.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSFLXGRD.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSEXCL35.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSEXCH35.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msdtcprf.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msdtcprf.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSDBRPTR.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSDBRPTR.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSDBRPT.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSDBRPT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSDBGEN.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSDBG.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSDATREP.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSDATREP.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSDATREP.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSDATLST.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSDATLST.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSDATGRD.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSDATGRD.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSDATGRD.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSCOMM32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSCOMM32.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSCOMM.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSCOMCTL.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSCOMCTL.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSCOMCT2.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSCOMCT2.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSCHRT20.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSCHRT20.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSCHRT20.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSCAL.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSCAL.HLP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSCAL.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSCAL.CNT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSBIND.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSBIND.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\msawt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSADODC.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MSADODC.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mindex.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MFCANS32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MFC42ENU.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MDT2FW95.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MDM.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MCI32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MCI32.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MCI.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\mapisvc.inf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MAPI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\MabryObj.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Lvkrn13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LTWVC13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LTWND13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ltwen13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lttwn13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lttw213n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lttmb13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lttls13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LTTLB13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Ltsgm13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LTSCR13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LTRTN13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Ltpnt13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ltpdg13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ltlst13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ltkrn13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ltisi13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LTIMG13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LTFIL13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LTEFX13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ltdlg13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LTDIS13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LTDic13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ltcry13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LTCON13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LTCLR13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LTAUT13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ltann13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\logoff.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfxwd13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfXpm13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfXbm13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfwpg13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfwmp13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Lfwmf13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfwfx13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfvec13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lftif13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lftga13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LFSMP13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfshp13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfsgi13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfsct13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfRaw13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfras13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LFPTK13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfpsd13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LFPNM13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Lfpng13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfplt13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfpdf13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfpcx13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Lfpct13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfPCL13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfpcd13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfmsp13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfmpg13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfmac13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lflmb13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lflma13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfkodak.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfjbg13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LFJ2K13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfitg13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfimg13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfiff13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfica13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfgif13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfgbr13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lffpx7.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lffpx13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfflc13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lffax13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfeps13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfdxf13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfdwg13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfdwf13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfdrw13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Lfdgn13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfCUT13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LFCMW13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\LFCMP13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfclp13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Lfcgm13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfcal13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfbmp13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfawd13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfavi13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfani13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\lfAFP13n.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\korean.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\keystone.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kanji_2.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\kanji_1.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\jview.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\jit.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\jdbgmgr.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\javart.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\javaprxy.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\JAVALE.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\javaee.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\javacypt.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ISYSU532.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ISYSPDFL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ISYSPDF3.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ISYS532.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\INLOADER.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\INETCTLS.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IMOCX32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IMGMAN31.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IM31WPG.DIL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IM31WMF.DIL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IM31TIF.DIL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IM31TGA.DIL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IM31PNG.DIL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IM31PCX.DIL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IM31PCD.DIL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IM31JPG.DIL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IM31IMG.DIL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IM31FAX.DIL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IM31EPS.DIL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IM31DXF.DIL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\IM31BMP.DIL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ideograf.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\icfgnt5.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\HTMUTIL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hticons.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hpzcon07.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\hpzcoi07.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\HPZc3212.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\HLP95EN.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\HANDLE.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\getuname.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\gb2312.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fxssend.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fxsperf.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fxscount.h:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fxsclntR.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fxscfgwz.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FTPx.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FTPx.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FTPWPP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FPWPP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FPHttp.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\fnfilter.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FM20ENU.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\FM20.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EXSEC32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EqnClass.Dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\emptyregdb.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EMLCNS32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\EMDAZ32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dzgtactx.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dx3j.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DRVVFP.HLP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DRVVFP.CNT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\SHARSHTL.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\etc\protocol:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\etc\networks:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\etc\lmhosts.sam:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\EPATAPNT.MPD:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\ASUSHWIO.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\drivers\ASPI32.SYS:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dmcpl.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DDAO36.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dbmsvinn.dLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DBMSSOCN.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\dbmsadsn.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DBLIST32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DBLIST32.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DBLIST.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DBGRID32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DBGRID32.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DBGRID.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DBADAPT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\DATALIST.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CTVLST32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CSPLST32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CSLIST32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CSFORM32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CSCOMB32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CSCMD32.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CRSWPP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMMTB32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMDLG32.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\comctl32.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMCTL32.NU7:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMCTL32.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMCTL2.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMCTL.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMCT332.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\comct332.ocx:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMCT332.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMCT232.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\COMCT232.DEP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CMDIALOG.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\clspack.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\CIRAS.OCX:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\charmap.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\cdmodem.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\calc.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\bopomofo.uce:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\besched.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\besch.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\BENTOFIO.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Base64.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\azip32.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\avwav.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\avtapi.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\avmeter.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AUTPRX32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\AUTMGR32.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\Audio3D.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\atrace.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\atl70.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\asutl8.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ADODC.SRG:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\ADIST5.PPD:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\acctres.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System32\a3d.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\WOWPOST.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\WINASPI.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\WFWNET.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\VGA.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\vaspid.386:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\TIMER.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\SYSTEM.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\SOUND.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\setup.inf:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\READMEHP.WRI:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\QCTL3D.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\QCONNECT.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\PJAM.WAV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\PFEED.WAV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\PERROR.WAV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\PCOVER.WAV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\PCOMMERR.WAV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\PADDPAP.WAV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\MOUSE.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\HPPCL5EO.HLP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\HPPCL5E4.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\HPPCL5E3.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\HPPCL5E2.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\HPPCL5E1.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\HPPCL5E.HLP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\HPPCL5E.DRV:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\FINSTALL.HLP:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\FINSTALL.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\CTL3DV2.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\CTL3D.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\cmswtape.386:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\cmids3d.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\CmiCnfg.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\System\AVICAP.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\ST4UNST.EXE:KAVICHS deleted successfully.
ADS C:\WINDOWS\ST4UNST.003:KAVICHS deleted successfully.
ADS C:\WINDOWS\ST4UNST.002:KAVICHS deleted successfully.
ADS C:\WINDOWS\ST4UNST.001:KAVICHS deleted successfully.
ADS C:\WINDOWS\ST4UNST.000:KAVICHS deleted successfully.
ADS C:\WINDOWS\SSB.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\Soap Bubbles.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\SKY32V3C.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\SIS_LIB.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\setuplog.txt:KAVICHS deleted successfully.
ADS C:\WINDOWS\setupact.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\setdebug.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\sessmgr.setup.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\SchedLgU.Txt:KAVICHS deleted successfully.
ADS C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\rtpatch.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\River Sumida.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\Rhododendron.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\regopt.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\qwshellx.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\QVPC.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\QUICKEN.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q828026.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q819696.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q817606.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q817287.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q815021.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q814033.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q811630.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q811493.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q810833.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q810577.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q810565.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q330994.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q329834.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q329441.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q329390.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q329170.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q329115.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q329048.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q328310.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Q323255.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Prairie Wind.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\OEWABLog.txt:KAVICHS deleted successfully.
ADS C:\WINDOWS\ODBCINST.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\ODBC.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\ocmsn.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\ocgen.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\ntdtcsetup.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\nsreg.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\msgsocm.log:KAVICHS deleted successfully.
Unable to delete ADS C:\WINDOWS\ModemLog_Intel® Ham 5628 V.92 Modem.txt:KAVICHS .
ADS C:\WINDOWS\mdm.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB840374.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB837001.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB835732.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB828741.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB828035.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB828028.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB825119.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB824146.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB824141.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB824105.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB823980.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB823559.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB823182.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB821557.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\KB810217.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\JAUTOEXP.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\jautoexp.dat:KAVICHS deleted successfully.
ADS C:\WINDOWS\ISYSSQL.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\ISYSKNOW.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\ISYS.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\ISYS.GRP:KAVICHS deleted successfully.
ADS C:\WINDOWS\INTUIT.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\iis6.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\IEPatchUninstall.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Greenstone.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\Gone Fishing.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\FeatherTexture.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\FaxSetup.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\FASTWiz.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\DUNZIP32.DLL:KAVICHS deleted successfully.
ADS C:\WINDOWS\DtcInstall.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\DINSTALL.RC:KAVICHS deleted successfully.
ADS C:\WINDOWS\dahotfix.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\COM+.log:KAVICHS deleted successfully.
ADS C:\WINDOWS\Coffee Bean.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\CMIUninstall.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\CMISETUP.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\CmiRmRedundDir.exe:KAVICHS deleted successfully.
ADS C:\WINDOWS\CMIRmDriver.dll:KAVICHS deleted successfully.
ADS C:\WINDOWS\CMCDPLAY.INI:KAVICHS deleted successfully.
ADS C:\WINDOWS\CDPlayer.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\browsev2.ini:KAVICHS deleted successfully.
ADS C:\WINDOWS\Blue Lace 16.bmp:KAVICHS deleted successfully.
ADS C:\WINDOWS\AWMODEM.INF:KAVICHS deleted successfully.
ADS C:\WINDOWS\A5.INI:KAVICHS deleted successfully.
ADS C:\VIRTPART.DAT:KAVICHS deleted successfully.
ADS C:\msconfig.exe.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\User\My Documents\xxLogins.doc:KAVICHS deleted successfully.
ADS C:\Documents and Settings\User\Local Settings\Application Data\FASTWiz.log:KAVICHS deleted successfully.
ADS C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS deleted successfully.
ADS C:\Documents and Settings\User\Desktop\zzTO-DO.txt:KAVICHS deleted successfully.
ADS C:\Documents and Settings\User\Desktop\Quicken 5.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\User\Desktop\Alpha 5.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).EML:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Desktop\PowerDVD.lnk:KAVICHS deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\hpzinstall.log:KAVICHS deleted successfully.
ADS C:\CONFIG.SYS:KAVICHS deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components not found.
File HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins not found.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM\platform\WINNT_x86-msvc\components folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM\platform\WINNT_x86-msvc folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM\platform folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM\chrome\content folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM\chrome folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM\platform\WINNT_x86-msvc\components folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM\platform\WINNT_x86-msvc folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM\platform folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM\chrome\content folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM\chrome folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM\platform\WINNT_x86-msvc\components folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM\platform\WINNT_x86-msvc folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM\platform folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM\chrome\content folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM\chrome folder moved successfully.
C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM folder moved successfully.
C:\Documents and Settings\All Users\Application Data\˜113.›sys moved successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 01292012_210645

This post has been edited by angelfire4xx: 29 January 2012 - 04:24 PM

#12 User is offline   angelfire4xx 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 26
  • Joined: 25-January 12
  • Gender:Male
  • Location:United Kingdom

Posted 29 January 2012 - 07:43 PM

I'm concerned that RKUnHooker kept shutting down. Should I try to run it again? I don't want to do anything like that unless you say it's ok.

#13 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,549
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 29 January 2012 - 08:05 PM

Hello

don't worry about RKUnhooker as those type of scans can be very touchy as they go deep into the system - most likely the antivirus was interfering

if I am reading things correctly you arte having problems with only one web site

I would like to get a new OTL scan


gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#14 User is offline   angelfire4xx 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 26
  • Joined: 25-January 12
  • Gender:Male
  • Location:United Kingdom

Posted 30 January 2012 - 04:55 AM

Hi, here is new OTL scan.
Yes, it's only one website that I know of. I maybe should tell you that when I try to access the site, in the status bar at bottom left the message 'looking up ezinearticles.com' changes very briefly to a bit.ly address before the 404 error appears. This only happens the first time I enter the address after booting up the PC.
Thanks for your help

OTL logfile created on: 30/01/2012 09:13:51 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.97% Memory free
3.84 Gb Paging File | 3.11 Gb Available in Paging File | 81.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 262.02 Gb Free Space | 56.27% Space Free | Partition Type: NTFS

Computer Name: 0IGOTOZG63 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\IDrive\IDriveETray.exe (Pro Softnet Corp.)
PRC - C:\Program Files\IDrive\IDriveEBackground.exe (Pro-SoftNet Corp, U.S.A)
PRC - C:\Program Files\IDrive\IDriveWebM.exe ( Pro-Softnet)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - c:\Program Files\Arclab\MailList Controller\amlcSVC.exe (Arclab Software Technologies)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
PRC - C:\Program Files\TP-LINK\TWCU\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD)
PRC - C:\WINDOWS\system32\acs.exe ()
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\htpatch.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Alwil Software\Avast5\defs\12013000\algo.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\defs\12012900\algo.dll ()
MOD - C:\Program Files\Mozilla Firefox\js3250.dll ()
MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll ()
MOD - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll ()
MOD - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\WINDOWS\system32\pdf995mon.dll ()
MOD - C:\Program Files\iolo\Common\Lib\Aquarius.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\Common Files\Acronis\Common\rpc_client.dll ()
MOD - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
MOD - C:\Program Files\dBpowerAMP\dBShell.dll ()
MOD - C:\Program Files\NETGEAR\WG111v2\NWTools.dll ()
MOD - C:\WINDOWS\system32\acs.exe ()
MOD - C:\Program Files\NETGEAR\WG111v2\acAuth.dll ()
MOD - C:\WINDOWS\htpatch.exe ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (IDriveE Service) -- C:\Program Files\IDrive\IDriveE Service.exe (Pro Softnet Corporation)
SRV - (IDriveWebM) -- C:\Program Files\IDrive\IDriveWebM.exe ( Pro-Softnet)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (MailList Controller) -- c:\Program Files\Arclab\MailList Controller\amlcSVC.exe (Arclab Software Technologies)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Visual Studio Analyzer RPC bridge) -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (RapportCerberus_34302) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ()
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (AtcL002) -- C:\WINDOWS\system32\drivers\l251x86.sys (Atheros Communications, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AR5523) -- C:\WINDOWS\system32\drivers\ar5523.sys (Atheros Communications, Inc.)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (hpt4qic) -- C:\WINDOWS\system32\drivers\hpt4qic.sys (Microsoft Corporation)
DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (IFP800) -- C:\WINDOWS\system32\drivers\ifp800.sys (iRiver, Inc.)
DRV - (IFP700) -- C:\WINDOWS\system32\drivers\ifp700.sys (iRiver, Inc.)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (Intels51) Intel® -- C:\WINDOWS\system32\drivers\Intels51.sys (Intel Corporation)
DRV - (EUSBMSD) -- C:\WINDOWS\system32\drivers\EUSBMSD.SYS (SCM Microsystems Inc.)
DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)
DRV - (CW50) -- C:\WINDOWS\system32\drivers\CW50.sys (CASIO COMPUTER CO.,LTD.)
DRV - (HITUMINI) -- C:\WINDOWS\system32\drivers\RDCUMINI.sys (American Megatrends, Inc.)
DRV - (HituMass) -- C:\WINDOWS\system32\drivers\RDCUMASS.sys (American Megatrends, Inc.)
DRV - (epatapnt) -- C:\WINDOWS\System32\Drivers\epatapnt.mpd (Shuttle Technology. )
DRV - (SHARSHTL) -- C:\WINDOWS\System32\Drivers\sharshtl.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 9D AE 47 0D DE CC 01 [binary data]
IE - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1801674531-117609710-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-117609710-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2009/10/27 20:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/02/01 22:12:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010/12/31 16:18:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010/12/31 16:19:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/01/25 13:42:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 09:42:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/22 09:42:51 | 000,000,000 | ---D | M]

[2010/06/13 11:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/06/13 11:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012/01/29 20:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions
[2010/04/28 17:07:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/03 08:46:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/12/18 11:51:07 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/08/30 10:09:51 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/12/28 17:19:57 | 000,000,000 | ---D | M] (RefControl) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
[2011/09/23 16:22:47 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2011/12/21 11:03:44 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/08/30 13:46:52 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/01/09 17:15:07 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/12/08 09:46:55 | 000,000,000 | ---D | M] (SearchStatus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/01/22 22:39:58 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2011/05/24 08:05:23 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/01/09 08:32:09 | 000,000,000 | ---D | M] (bit.ly preview) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\bitlypreview@jay.ridgeway
[2011/03/21 20:05:05 | 000,000,000 | ---D | M] ("Blank Canvas Signatures for Gmail ") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\gmail_sigs@blankcanvasweb.com
[2010/03/19 22:56:18 | 000,000,000 | ---D | M] (SEO Blogger) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\seo-blogger@wordtracker.com
[2011/06/21 21:30:30 | 000,000,000 | ---D | M] (SEO Doctor) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\seodoctor@prelovac.com
[2012/01/29 16:16:08 | 000,000,000 | ---D | M] (socialmonkee) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\sm@submitter.net
[2011/09/17 10:48:13 | 000,000,000 | ---D | M] (SortPlaces) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\sortplaces@andyhalford.com
[2011/10/31 09:40:53 | 000,000,000 | ---D | M] (Stealthy) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\stealthyextension@gmail.com
[2011/10/31 09:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7q7rrwgl.default\extensions\stealthyextension@gmail.com\chrome
[2009/05/31 13:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
File not found (No name found) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
File not found (No name found) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2008/02/27 16:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2009/08/09 00:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2009/08/09 00:30:36 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2011/06/23 16:42:58 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/06/23 16:42:58 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/06/23 16:42:58 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/06/23 16:42:58 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/01/25 20:57:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HTpatch] C:\WINDOWS\htpatch.exe ()
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TWCU\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1801674531-117609710-839522115-1004..\Run: [IDriveE Startup] C:\Program Files\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - HKU\S-1-5-21-1801674531-117609710-839522115-1004..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\User\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\User\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Read EXIF - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O15 - HKU\S-1-5-21-1801674531-117609710-839522115-1004\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://shop.ebrary.com/support/plugins/ebraryRdr.cab (Infotl Control)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.truedoc.com/activex/tdserver.cab (TDServer Control)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (AccountTracking Profile Manager Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146667490500 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab (EPSImageControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEB41B01-A73B-4A02-B6C6-351D23A4B011}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7683FB5-EED4-4E31-BDC3-8C41F6101A86}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/10 22:48:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/29 21:06:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/29 20:15:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/01/29 18:17:15 | 004,393,882 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/01/28 21:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\malware cleaning
[2012/01/28 18:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sun
[2012/01/28 18:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/01/28 18:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/28 18:45:02 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/01/28 18:45:02 | 000,567,184 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/01/28 18:45:02 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/01/28 18:45:02 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/01/28 18:45:02 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/01/28 18:45:02 | 000,141,312 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/01/25 20:18:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/25 20:14:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/25 20:14:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/25 20:14:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/25 20:14:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/25 20:14:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/25 20:14:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/25 20:13:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools
[2012/01/25 13:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2012/01/25 13:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/01/13 12:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\TaxCalc 2011
[2012/01/11 10:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Backlinks Report
[2012/01/10 12:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\WATER ORG POSTS
[2012/01/01 15:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\FURNITURE
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/30 09:00:30 | 000,437,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/30 09:00:30 | 000,069,536 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/30 08:53:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/29 21:54:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/29 20:43:18 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2012/01/29 20:16:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/01/29 18:26:16 | 004,393,882 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/01/29 16:54:01 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/29 11:35:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable
[2012/01/29 10:13:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/28 19:36:16 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/28 18:44:44 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/01/28 18:44:44 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/01/28 18:44:44 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/01/28 18:44:44 | 000,141,312 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/01/28 18:44:43 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/01/28 18:44:41 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/01/28 11:09:35 | 000,020,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/27 19:40:08 | 000,000,648 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/01/27 19:39:56 | 000,008,006 | ---- | M] () -- C:\WINDOWS\qwshellx.ini
[2012/01/25 20:57:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/25 13:29:38 | 000,415,859 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/01/06 14:33:34 | 005,135,836 | ---- | M] (TweetAdder.com) -- C:\Documents and Settings\User\Desktop\tweetadder3.exe
[2012/01/06 11:51:24 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe
[2012/01/06 11:51:16 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe
[2012/01/06 11:29:06 | 002,083,464 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator32.dll
[2012/01/04 16:31:14 | 000,002,908 | ---- | M] () -- C:\Documents and Settings\User\Desktop\application-form-2012-01-04.csv
[2012/01/01 15:35:36 | 000,145,358 | ---- | M] () -- C:\Documents and Settings\User\Desktop\larynx.jpg
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/29 11:35:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable
[2012/01/25 20:18:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/25 20:14:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/25 20:14:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/25 20:14:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/25 20:14:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/25 20:14:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/25 13:22:46 | 000,415,859 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/01/04 16:31:13 | 000,002,908 | ---- | C] () -- C:\Documents and Settings\User\Desktop\application-form-2012-01-04.csv
[2012/01/01 16:03:43 | 002,620,762 | ---- | C] () -- C:\Documents and Settings\User\Desktop\09 CaroMioBen.wma
[2012/01/01 15:35:32 | 000,145,358 | ---- | C] () -- C:\Documents and Settings\User\Desktop\larynx.jpg
[2011/11/30 15:42:24 | 000,007,219 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2011/11/30 15:16:52 | 000,000,417 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2011/11/30 15:16:51 | 000,001,112 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2011/11/06 11:43:03 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Player.INI
[2010/12/14 12:55:16 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/04 15:21:18 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/09/04 15:21:17 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/09/04 15:21:15 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/04 15:21:15 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/09/04 15:21:15 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/21 12:18:55 | 000,026,032 | ---- | C] () -- C:\WINDOWS\System32\IDriveEXceedCryReg.exe
[2010/08/21 12:18:54 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/01/15 20:26:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SmartAdWrapper.INI
[2009/10/23 16:57:24 | 019,247,104 | ---- | C] () -- C:\Documents and Settings\User\Application Data\TweetAdder
[2009/08/20 20:19:01 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/08/20 20:16:11 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/08/20 20:16:11 | 000,000,085 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/08/13 10:51:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/08/13 10:43:39 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/08/04 14:11:43 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/08/04 14:11:06 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/07/01 16:51:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ABC_mru.ini
[2009/06/02 16:39:57 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/04/10 18:24:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/16 15:55:33 | 000,072,192 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2008/09/22 14:21:34 | 000,127,092 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/09/02 16:04:23 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BinCoder.dll
[2008/08/20 16:45:46 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2008/08/19 16:17:06 | 000,149,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2008/08/19 16:17:06 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\ar5523.bin
[2008/08/19 16:17:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2008/08/19 16:17:03 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2008/08/12 21:04:59 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\msblcd32.dll
[2008/05/11 09:39:05 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/03/14 19:16:54 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/03/14 19:14:35 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2008/03/14 19:11:38 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/07/30 08:10:26 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/07/21 14:07:12 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/07/21 14:07:12 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/07/21 14:07:12 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/07/21 14:07:12 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/07/21 14:07:12 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/07/21 14:07:12 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/07/21 14:07:12 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/07/21 14:07:12 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/07/21 14:07:12 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/07/21 14:07:12 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/07/21 14:07:11 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/07/21 14:07:11 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/07/21 14:07:11 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/07/21 14:07:11 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/07/21 14:07:11 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/07/21 14:07:11 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/07/21 14:07:11 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/07/21 14:07:11 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/07/21 14:07:11 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/07/21 14:02:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX6000EFDG.ini
[2007/03/27 18:38:22 | 000,045,056 | R--- | C] () -- C:\Program Files\SetAttrib.exe
[2007/03/12 12:12:52 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hasher.dll
[2006/10/01 09:55:14 | 000,000,034 | ---- | C] () -- C:\WINDOWS\ebraryRdr.ini
[2006/06/17 18:09:15 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCPitchBenches
[2006/06/17 18:09:03 | 000,000,396 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCPitchScores
[2006/06/17 18:08:42 | 000,000,244 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCPrefs
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench5
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench4
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench3
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench2
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench1
[2006/06/17 18:08:42 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ETCHarmonyBench0
[2006/06/08 22:05:59 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
[2006/05/04 13:24:00 | 000,036,593 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2006/05/03 14:13:06 | 000,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2006/05/03 14:12:30 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2006/04/26 14:36:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/04/26 14:36:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/04/26 14:36:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/04/26 14:36:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/04/26 14:36:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/04/26 14:36:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/04/20 22:06:43 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2006/04/11 12:30:55 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2006/02/28 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/15 13:41:47 | 000,001,089 | ---- | C] () -- C:\WINDOWS\atm.ini
[2005/12/27 18:16:30 | 000,000,180 | -H-- | C] () -- C:\WINDOWS\System32\einfopsv10.dll
[2005/11/16 12:01:53 | 000,002,936 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/13 13:19:56 | 000,099,970 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/11/13 13:19:31 | 000,003,445 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/11/13 13:04:19 | 000,000,315 | ---- | C] () -- C:\WINDOWS\System32\PCRVersion.ini
[2005/10/29 10:15:06 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/10/10 14:45:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/10/03 13:29:51 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2005/03/29 13:59:47 | 000,006,688 | ---- | C] () -- C:\WINDOWS\movexe.exe
[2005/02/23 13:59:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/12/25 17:34:42 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/12/25 17:34:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/11/15 10:40:34 | 000,000,062 | ---- | C] () -- C:\WINDOWS\I_VIEW32.INI
[2004/11/12 16:04:10 | 000,795,832 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2004/11/05 14:20:20 | 000,039,095 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2004/09/29 14:17:28 | 005,927,424 | ---- | C] () -- C:\WINDOWS\System32\Drs732.dll
[2004/09/14 18:36:31 | 000,000,056 | ---- | C] () -- C:\WINDOWS\lifeart.ini
[2004/08/30 14:25:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Application Data\dm.ini
[2004/05/22 08:18:43 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/05/02 17:50:19 | 000,126,464 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/27 09:31:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\SSB.ini
[2004/04/23 14:01:12 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\HANDLE.INI
[2004/03/08 13:24:47 | 000,011,036 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2004/03/07 22:23:27 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2004/02/17 10:22:27 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\TyrannLite.dll
[2003/12/31 16:02:55 | 000,000,107 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2003/12/27 13:16:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2003/12/27 13:15:06 | 000,000,407 | ---- | C] () -- C:\WINDOWS\webpos20.ini
[2003/12/22 15:24:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\QVPC.INI
[2003/10/26 11:59:10 | 000,001,783 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/10/24 21:59:18 | 000,000,313 | ---- | C] () -- C:\WINDOWS\browsev2.ini
[2003/10/24 13:44:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xwsindex.exe
[2003/10/22 16:12:09 | 000,009,336 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Comma Separated Values (Windows).EML
[2003/10/22 09:26:08 | 000,008,006 | ---- | C] () -- C:\WINDOWS\qwshellx.ini
[2003/10/10 23:02:56 | 000,000,090 | ---- | C] () -- C:\WINDOWS\A5.INI
[2003/10/10 22:51:07 | 000,000,186 | ---- | C] () -- C:\WINDOWS\rtpatch.ini
[2003/10/10 22:48:43 | 000,003,433 | ---- | C] () -- C:\WINDOWS\WPR.INI
[2003/10/10 22:48:43 | 000,000,648 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/10/10 21:21:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/10/09 19:27:13 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2003/10/09 11:50:48 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2003/10/09 11:32:05 | 000,000,886 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/09 11:01:49 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2003/10/07 12:44:34 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/10/07 11:57:59 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/10/07 11:57:01 | 000,939,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/10/07 11:18:45 | 000,000,154 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2003/10/07 11:18:45 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2003/10/07 11:18:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2003/10/07 11:18:35 | 000,237,568 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2003/10/07 11:18:35 | 000,212,992 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2003/10/07 11:18:35 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2003/10/07 11:16:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2003/10/07 11:16:27 | 000,028,672 | R--- | C] () -- C:\WINDOWS\htpatch.exe
[2003/10/07 11:16:27 | 000,003,072 | R--- | C] () -- C:\WINDOWS\winio.sys
[2003/10/07 11:14:55 | 000,011,230 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2003/10/07 11:14:55 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003/10/07 11:12:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/10/07 11:08:15 | 000,024,208 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/04/09 13:40:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2003/04/09 13:40:14 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2003/04/09 13:40:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/04/09 13:40:00 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2003/03/09 20:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/11/04 03:09:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2002/11/04 03:09:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2002/09/02 15:45:30 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2002/08/29 12:00:00 | 000,437,004 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 12:00:00 | 000,069,536 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/06/06 01:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2002/03/31 13:26:54 | 000,000,514 | ---- | C] () -- C:\WINDOWS\ISYSKNOW.INI
[2001/07/31 11:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1999/07/05 10:00:00 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[1999/01/22 18:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/12/24 14:38:02 | 000,002,496 | ---- | C] () -- C:\WINDOWS\ISYS.INI
[1998/09/30 13:11:20 | 000,657,408 | ---- | C] () -- C:\WINDOWS\System32\ISYSU532.DLL
[1998/07/31 04:14:40 | 000,000,246 | ---- | C] () -- C:\WINDOWS\ISYSSQL.INI
[1998/06/09 23:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/17 23:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/01/12 08:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28603.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28599.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20127.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ModemLog_Intel® Ham 5628 V.92 Modem.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS

< End of report >

#15 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,549
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 30 January 2012 - 07:17 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :Files
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[emptyjava]
[EMPTYFLASH]
[RESETHOSTS]

  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Let me know How things are doing

Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Share this topic:


  • 4 Pages +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users