Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Virtumonde


  • Please log in to reply
12 replies to this topic

#1 epm522

epm522

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 03 November 2009 - 11:56 AM

My PC detected a virus the other day. I scanned with Spybot and it detected Virtumonde. I clicked Fix in Spybot and it said it was fixed. I ran Symantec version 9.0.0.338 and it did not detect it. I continue receive warnings and the occasional running low on memory. I am guessing the Virtumonde is still there somewhere.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 11:13:14.89 on Tue 11/03/2009
Internet Explorer: 8.0.6001.18702

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uDefault_Search_URL =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {4dae4f67-4cc3-4bfd-be7d-dac28d822cfd} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [NCLaunch] c:\windows\NCLAUNCH.EXe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\common files\aol\launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HostManager] c:\program files\common files\aol\1150114990\ee\AOLSoftware.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DeadAIM] rundll32.exe "c:\program files\aim\\DeadAIM.ocm",ExportedCheckODLs
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\PartyPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238116034421
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - hxxp://entimg.msn.com/client/msnmusax3913.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\we0yh8y9.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-12-28 13:09:32 5051 ----a-w- c:\windows\system32\3e54s9ywzre344.bin
2009-12-27 06:18:44 12220 ----a-w- c:\windows\z943t5reat1965.exe
2009-12-24 03:59:02 15843 ----a-w- c:\windows\system32\aafth9e5z33.bin
2009-12-23 12:44:38 4218 ----a-w- c:\windows\21054hac9tooz375.dll
2009-12-22 01:37:23 16222 ----a-w- c:\windows\15e4s9arse23z2.dll
2009-12-21 15:52:08 7203 ----a-w- c:\windows\6558szam5ot3c99.bin
2009-12-17 17:24:26 14478 ----a-w- c:\windows\28212tr95z55.bin
2009-12-16 12:05:53 12821 ----a-w- c:\windows\system32\2a8zdownl9ader1659.ocx
2009-12-15 16:21:21 10303 ----a-w- c:\windows\32086nzt-a-virus75e9.cpl
2009-12-13 23:53:19 17365 ----a-w- c:\windows\system32\5091zspy34d.cpl
2009-12-13 23:37:55 3699 ----a-w- c:\windows\system32\9057virusz335.dll
2009-12-11 06:08:39 7177 ----a-w- c:\windows\system32\92023spy75az.ocx
2009-12-10 17:33:26 17977 ----a-w- c:\windows\71dzthi5f9016.exe
2009-12-10 11:52:36 7956 ----a-w- c:\windows\system32\233s952f7z.dll
2009-12-09 15:50:52 10212 ----a-w- c:\windows\499cstea5317z.exe
2009-12-09 08:35:04 16217 ----a-w- c:\windows\2e515hzeat30999.exe
2009-12-08 23:49:32 13561 ----a-w- c:\windows\29504spazbo97e15.ocx
2009-12-08 23:04:16 4689 ----a-w- c:\windows\1ebspzrse58659.dll
2009-12-08 04:46:03 17841 ----a-w- c:\windows\system32\5z329ownloader1321.bin
2009-12-06 14:48:46 5214 ----a-w- c:\windows\c0zs59al1166.ocx
2009-12-04 07:02:49 10815 ----a-w- c:\windows\27554spaz9ot4df.exe
2009-12-03 12:15:49 7327 ----a-w- c:\windows\system32\355aspywaze969.cpl
2009-12-03 00:39:24 14363 ----a-w- c:\windows\97582spzmbo59.exe
2009-12-02 14:52:12 11895 ----a-w- c:\windows\system32\78a3zddware11599.ocx
2009-11-28 22:50:02 3894 ----a-w- c:\windows\14f95ownloadzr1690.dll
2009-11-26 22:14:59 14289 ----a-w- c:\windows\339z5orme99.dll
2009-11-23 09:38:34 3214 ----a-w- c:\windows\4f93bzckdoo52929.bin
2009-11-22 17:54:14 17774 ----a-w- c:\windows\15994vizus55e.exe
2009-11-22 14:15:03 3924 ----a-w- c:\windows\8z035ir9s2cc.exe
2009-11-21 16:29:42 8660 ----a-w- c:\windows\system32\15505nzt-a-vi9u5432.ocx
2009-11-20 10:03:32 16825 ----a-w- c:\windows\system32\cf35z92313.exe
2009-11-19 23:52:01 6277 ----a-w- c:\windows\63zasparse19685.dll
2009-11-19 19:58:56 16826 ----a-w- c:\windows\system32\z168a95ware654.bin
2009-11-17 22:57:13 17065 ----a-w- c:\windows\system32\53f7sparse9325z.dll
2009-11-15 10:05:06 8019 ----a-w- c:\windows\system32\5e2ezac9door444.bin
2009-11-14 08:51:48 3097 ----a-w- c:\windows\539bspyzare801.dll
2009-11-12 21:19:55 12890 ----a-w- c:\windows\system32\z95ds9y5are3103.cpl
2009-11-12 06:59:05 12358 ----a-w- c:\windows\system32\25637not-9-vi5zs267.ocx
2009-11-11 18:53:25 16230 ----a-w- c:\windows\3z57spa9se548.exe
2009-11-11 10:06:13 17436 ----a-w- c:\windows\5zafspyw5re9535.cpl
2009-11-09 22:23:45 4313 ----a-w- c:\windows\3070z9d5are727.dll
2009-11-09 10:23:49 18391 ----a-w- c:\windows\5a9bv9r582z.ocx
2009-11-09 09:51:43 8983 ----a-w- c:\windows\system32\1b99downl5ader2z19.bin
2009-11-07 08:14:28 9261 ----a-w- c:\windows\system32\4d0zdown5oader9689.bin
2009-11-06 16:31:55 17064 ----a-w- c:\windows\532zdownload5r2619.ocx
2009-11-06 02:34:40 8929 ----a-w- c:\windows\z4a8spywa9e1527.ocx
2009-11-04 22:10:41 7776 ----a-w- c:\windows\295addware198z.ocx
2009-11-02 23:03:28 13388 ----a-w- c:\windows\95b5thief1z03.exe
2009-11-01 22:08:04 5692 ----a-w- c:\windows\57dcste5lz993.ocx
2009-11-01 21:12:45 0 d-----w- c:\program files\Trend Micro
2009-11-01 19:46:42 17225 ----a-w- c:\windows\537steal3z985.cpl
2009-10-27 20:29:44 7958 ----a-w- c:\windows\7571sp59arz398.dll
2009-10-27 16:22:52 0 d-----w- C:\SBS
2009-10-27 05:21:59 3373 ----a-w- c:\windows\z500w59m5dc.ocx
2009-10-27 02:53:06 12731 ----a-w- c:\windows\33b5downlzader1499.bin
2009-10-26 20:51:50 14991 ----a-w- c:\windows\293fthi5f39z.exe
2009-10-23 20:33:56 13737 ----a-w- c:\windows\system32\40a59pyzare527.ocx
2009-10-23 17:12:22 13109 ----a-w- c:\windows\system32\7ef49own5oader125z.cpl
2009-10-23 05:52:24 6155 ----a-w- c:\windows\19700virz54379.exe
2009-10-19 22:02:40 15645 ----a-w- c:\windows\992zspy59.cpl
2009-10-19 21:27:49 8048 ----a-w- c:\windows\7d0downl95zer3154.cpl
2009-10-19 16:57:10 12580 ----a-w- c:\windows\system32\577b5zief2489.exe
2009-10-19 11:38:39 14284 ----a-w- c:\windows\system32\23565not-a-viruzdd9.ocx
2009-10-19 06:28:40 8592 ----a-w- c:\windows\7c5tz9ef907.exe
2009-10-18 16:21:56 11781 ----a-w- c:\windows\system32\16789zor56de.cpl
2009-10-15 23:40:52 5165 ----a-w- c:\windows\system32\3c5dspywa5917z0.exe
2009-10-14 17:29:53 16324 ----a-w- c:\windows\20022n9t-a5virusze.bin
2009-10-14 04:27:10 6104 ----a-w- c:\windows\13266hacktzo93d25.bin
2009-10-13 23:09:41 7199 ----a-w- c:\windows\system32\59zdsteal3258.exe
2009-10-11 10:35:48 9008 ----a-w- c:\windows\5f8fst5al9z1.exe
2009-10-10 21:55:44 7977 ----a-w- c:\windows\system32\198zs5eal2329.cpl
2009-10-10 13:02:57 18357 ----a-w- c:\windows\system32\219425ir9s2z9.bin
2009-10-09 08:01:04 2788 ----a-w- c:\windows\14719sp51c8z.dll
2009-10-08 07:02:30 2630 ----a-w- c:\windows\system32\z5891sp55ac.dll
2009-10-07 05:34:37 3953 ----a-w- c:\windows\725895ambotzd2.bin
2009-10-06 00:18:18 11606 ----a-w- c:\windows\system32\7e57virz59.bin
2009-10-05 22:26:22 3214 ----a-w- c:\windows\system32\15d09pa5se156z.ocx
2009-10-04 22:01:28 12316 ----a-w- c:\windows\19536not-azvirus65a.exe

==================== Find3M ====================

2009-09-27 16:33:20 11998 ----a-w- c:\windows\system32\55z97spy1b9.exe
2009-09-27 02:36:27 16649 ----a-w- c:\windows\system32\z957spyware2491.exe
2009-09-25 20:11:37 16005 ----a-w- c:\windows\system32\63cbviz4995.exe
2009-09-25 16:24:55 2901 ----a-w- c:\windows\system32\28163not-z-vir5s209.exe
2009-09-25 09:42:26 14481 ----a-w- c:\windows\system32\265985a9ztool21d.bin
2009-09-22 11:04:24 10157 ----a-w- c:\windows\system32\9907wor5z7b.bin
2009-09-20 11:41:10 12571 ----a-w- c:\windows\system32\7d35backzoor983.bin
2009-09-20 11:38:39 4463 ----a-w- c:\windows\system32\5fdbaddwarez6859.exe
2009-09-18 05:59:40 5186 ----a-w- c:\windows\7e1zbac9door3205.bin
2009-09-17 17:56:14 3462 ----a-w- c:\windows\system32\3e95zhief14659.exe
2009-09-16 20:23:07 4824 ----a-w- c:\windows\system32\56acd5wnlo9derz943.bin
2009-09-16 00:28:41 16204 ----a-w- c:\windows\z5315irus940.exe
2009-09-15 20:57:03 17814 ----a-w- c:\windows\system32\32396t9zj531.bin
2009-09-14 12:00:46 15912 ----a-w- c:\windows\system32\25876vir5s595z.exe
2009-09-13 23:31:40 15174 ----a-w- c:\windows\4533szars91420.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 20:11:18 17413 ----a-w- c:\windows\system32\53329iru57az.dll
2009-09-07 14:54:30 10605 ----a-w- c:\windows\system32\15753zp536e9.dll
2009-09-07 07:44:00 17630 ----a-w- c:\windows\85085ozm6869.bin
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 13:55:11 10073 ----a-w- c:\windows\52674wormz2d9.dll
2009-09-03 21:11:18 10866 ----a-w- c:\windows\system32\15935troj6z6.bin
2009-09-01 02:48:10 18309 ----a-w- c:\windows\75c8stea9z15.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 19:28:29 2650 ----a-w- c:\windows\system32\241889azkto5l4a.exe
2009-08-26 23:32:10 5151 ----a-w- c:\windows\zf90a5dware26049.bin
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 21:22:01 8977 ----a-w- c:\windows\56c5addware9z1.dll
2009-08-22 13:30:02 12680 ----a-w- c:\windows\system32\92azdownload5r2669.exe
2009-08-22 05:50:35 17380 ----a-w- c:\windows\system32\8259t5oj2z8.dll
2009-08-22 04:02:35 9274 ----a-w- c:\windows\25089zrus359.dll
2009-08-21 20:54:23 8261 ----a-w- c:\windows\system32\9z84steal758.exe
2009-08-21 14:10:58 12468 ----a-w- c:\windows\system32\61z39ir2805.dll
2009-08-17 07:22:30 14090 ----a-w- c:\windows\system32\522ddo9nlzad5r2815.bin
2009-08-16 23:31:50 12609 ----a-w- c:\windows\system32\2z158h5cktoo9265.dll
2009-08-15 08:08:32 2877 ----a-w- c:\windows\7290w5rm79z.dll
2009-08-09 05:10:47 6001 ----a-w- c:\windows\z9995worm9a.exe
2009-08-08 13:56:36 15909 ----a-w- c:\windows\463aa9d5are1934z.exe
2009-08-08 12:48:40 14925 ----a-w- c:\windows\system32\48e0addwarz5039.dll
2009-08-08 04:52:50 15475 ----a-w- c:\windows\system32\39b1v9r568z.exe
2009-08-07 15:42:46 5178 ----a-w- c:\windows\550d9zief2273.bin
2009-08-07 05:29:21 13014 ----a-w- c:\windows\z79dstea52963.dll
2008-07-06 19:02:25 990208 -c--a-w- c:\windows\inf\syssbck.dll
1989-12-12 14:10:10 360000 -csh--r- c:\windows\rvizfjm.exe

============= FINISH: 11:14:25.89 ===============

Attached Files

  • Attached File  ark.txt   1.78KB   7 downloads


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:35 PM

Posted 04 November 2009 - 08:10 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %systemdrive%\*.exe
    %systemroot%\system32\drivers\*.sys


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 epm522

epm522
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 04 November 2009 - 09:54 AM

Thanks for your help. here are the logs:



OTL logfile created on: 11/4/2009 9:41:13 AM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.52 Mb Total Physical Memory | 97.91 Mb Available Physical Memory | 19.18% Memory free
1.22 Gb Paging File | 0.68 Gb Available in Paging File | 56.12% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.50 Gb Total Space | 52.31 Gb Free Space | 75.27% Space Free | Partition Type: NTFS
Drive D: | 5.02 Gb Total Space | 0.98 Gb Free Space | 19.59% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 38.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GJC136
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/04 09:39:53 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/10/29 08:42:07 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/24 12:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 12:25:22 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/14 04:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 17:16:42 | 00,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2006/05/09 19:24:16 | 00,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1150114990\EE\aolsoftware.exe
PRC - [2006/02/23 14:45:20 | 00,278,528 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2006/02/23 14:45:06 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/03/30 00:35:55 | 00,040,960 | ---- | M] (Northcode Inc.) -- C:\WINDOWS\NCLAUNCH.EXe
PRC - [2004/10/18 16:42:18 | 00,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
PRC - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 00,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/03/12 14:18:32 | 00,124,128 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2004/03/12 14:17:46 | 01,221,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/03/12 14:17:10 | 00,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/02/18 12:55:28 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2003/12/22 07:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2003/04/06 00:06:58 | 00,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/05 23:55:04 | 00,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/05 23:45:10 | 00,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/05 23:37:10 | 00,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2003/03/09 15:31:02 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/03/09 15:30:52 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
PRC - [2002/10/06 23:23:20 | 00,090,112 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
PRC - [2002/07/16 10:03:00 | 00,106,549 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2002/05/15 05:29:02 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2002/05/15 05:20:50 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2001/07/06 23:56:56 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\KBD.EXE
PRC - [1998/05/07 18:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009/11/04 09:39:53 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/14 04:42:52 | 01,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 04:42:02 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/14 04:41:54 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2007/04/19 13:21:40 | 00,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
MOD - [2001/10/04 16:50:08 | 00,040,820 | ---- | M] (SoundMAX) -- C:\WINDOWS\system32\Syncor11.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (AOL ACS)
SRV - [2008/04/24 12:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2)
SRV - [2008/04/14 04:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/04/03 17:12:14 | 00,014,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/02/23 14:45:06 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/03/12 14:18:06 | 00,169,192 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/03/12 14:17:46 | 01,221,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/03/12 14:17:10 | 00,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/03/09 15:31:02 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/05/03 19:06:00 | 00,061,440 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\S-1-5-21-3615762775-810355832-1822439336-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\S-1-5-21-3615762775-810355832-1822439336-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 08:42:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 08:42:16 | 00,000,000 | ---D | M]

[2009/01/24 13:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/01/24 13:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/24 13:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\we0yh8y9.default\extensions
[2009/01/24 13:47:26 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/29 08:42:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/29 08:42:07 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 08:42:07 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/29 08:42:10 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/06/25 12:37:05 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/06/25 12:37:05 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/06/25 12:37:05 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/06/25 12:37:05 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/06/25 12:37:05 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/06/25 12:37:05 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/06/25 12:37:05 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (348919 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11964 more lines...
O2 - BHO: (no name) - {4dae4f67-4cc3-4bfd-be7d-dac28d822cfd} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\..\Toolbar\WebBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150114990\EE\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-3615762775-810355832-1822439336-1003..\Run: [Aim6] C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe (America Online, Inc.)
O4 - HKU\S-1-5-21-3615762775-810355832-1822439336-1003..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKU\S-1-5-21-3615762775-810355832-1822439336-1003..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe (Northcode Inc.)
O4 - HKU\S-1-5-21-3615762775-810355832-1822439336-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3615762775-810355832-1822439336-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-3615762775-810355832-1822439336-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3615762775-810355832-1822439336-1003\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1238116034421 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} http://entimg.msn.com/client/msnmusax3913.cab (MsnMusicAx Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ModuleUsage: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 () - C:\Program Files\MSN Gaming Zone\samybixe.html
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/07/24 02:18:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2000/09/30 00:29:56 | 00,000,047 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2f98686a-ad43-11de-a1f7-00e0188b972e}\Shell - "" = AutoRun
O33 - MountPoints2\{2f98686a-ad43-11de-a1f7-00e0188b972e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2f98686a-ad43-11de-a1f7-00e0188b972e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b2badbaa-a0d3-11dc-a0e3-00e0188b972e}\Shell - "" = AutoRun
O33 - MountPoints2\{b2badbaa-a0d3-11dc-a0e3-00e0188b972e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2badbaa-a0d3-11dc-a0e3-00e0188b972e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d6cd8ed4-f2b0-11da-9f06-00e0188b972e}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{e24c65f6-9b1c-11d9-8078-00e0188b972e}\Shell\AutoRun\command - "" = G:\JDSecure\Windows\JDSecure31.exe -- File not found
O33 - MountPoints2\{fd1bc3fc-f984-11dd-a160-00e0188b972e}\Shell\AutoRun\command - "" = H:\CA_EDGEmobile.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/01/23 16:33:19 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: winmgmt - C:\WINDOWS\system32\wbem\winmgmt.exe (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

File not found -- C:\Documents and Settings\Owner\Desktop\CAYF4HYV.
File not found -- C:\Documents and Settings\Owner\Desktop\CAL5BZ24.
[2009/11/04 09:39:49 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/04 09:14:01 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/04 09:13:58 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/04 09:13:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/04 09:11:05 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/11/03 11:19:25 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/01 16:12:45 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/01 16:10:12 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe
[2009/10/30 23:02:47 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\setup-spybotsd162.exe
[2009/10/27 11:22:52 | 00,000,000 | ---D | C] -- C:\SBS
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[39 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

File not found -- C:\Documents and Settings\Owner\Desktop\CAYF4HYV.
File not found -- C:\Documents and Settings\Owner\Desktop\CAL5BZ24.
[2009/12/28 08:09:32 | 00,005,051 | ---- | M] () -- C:\WINDOWS\System32\3e54s9ywzre344.bin
[2009/12/27 01:18:44 | 00,012,220 | ---- | M] () -- C:\WINDOWS\z943t5reat1965.exe
[2009/12/23 22:59:02 | 00,015,843 | ---- | M] () -- C:\WINDOWS\System32\aafth9e5z33.bin
[2009/12/23 07:44:38 | 00,004,218 | ---- | M] () -- C:\WINDOWS\21054hac9tooz375.dll
[2009/12/21 20:37:23 | 00,016,222 | ---- | M] () -- C:\WINDOWS\15e4s9arse23z2.dll
[2009/12/21 10:52:08 | 00,007,203 | ---- | M] () -- C:\WINDOWS\6558szam5ot3c99.bin
[2009/12/17 12:24:26 | 00,014,478 | ---- | M] () -- C:\WINDOWS\28212tr95z55.bin
[2009/12/16 07:05:53 | 00,012,821 | ---- | M] () -- C:\WINDOWS\System32\2a8zdownl9ader1659.ocx
[2009/12/15 11:21:21 | 00,010,303 | ---- | M] () -- C:\WINDOWS\32086nzt-a-virus75e9.cpl
[2009/12/13 18:53:19 | 00,017,365 | ---- | M] () -- C:\WINDOWS\System32\5091zspy34d.cpl
[2009/12/13 18:37:55 | 00,003,699 | ---- | M] () -- C:\WINDOWS\System32\9057virusz335.dll
[2009/12/11 01:08:39 | 00,007,177 | ---- | M] () -- C:\WINDOWS\System32\92023spy75az.ocx
[2009/12/10 12:33:26 | 00,017,977 | ---- | M] () -- C:\WINDOWS\71dzthi5f9016.exe
[2009/12/10 06:52:36 | 00,007,956 | ---- | M] () -- C:\WINDOWS\System32\233s952f7z.dll
[2009/12/09 10:50:52 | 00,010,212 | ---- | M] () -- C:\WINDOWS\499cstea5317z.exe
[2009/12/09 03:35:04 | 00,016,217 | ---- | M] () -- C:\WINDOWS\2e515hzeat30999.exe
[2009/12/08 18:49:32 | 00,013,561 | ---- | M] () -- C:\WINDOWS\29504spazbo97e15.ocx
[2009/12/08 18:04:16 | 00,004,689 | ---- | M] () -- C:\WINDOWS\1ebspzrse58659.dll
[2009/12/07 23:46:03 | 00,017,841 | ---- | M] () -- C:\WINDOWS\System32\5z329ownloader1321.bin
[2009/12/06 09:48:46 | 00,005,214 | ---- | M] () -- C:\WINDOWS\c0zs59al1166.ocx
[2009/12/04 02:02:49 | 00,010,815 | ---- | M] () -- C:\WINDOWS\27554spaz9ot4df.exe
[2009/12/03 07:15:49 | 00,007,327 | ---- | M] () -- C:\WINDOWS\System32\355aspywaze969.cpl
[2009/12/02 19:39:24 | 00,014,363 | ---- | M] () -- C:\WINDOWS\97582spzmbo59.exe
[2009/12/02 09:52:12 | 00,011,895 | ---- | M] () -- C:\WINDOWS\System32\78a3zddware11599.ocx
[2009/11/28 17:50:02 | 00,003,894 | ---- | M] () -- C:\WINDOWS\14f95ownloadzr1690.dll
[2009/11/26 17:14:59 | 00,014,289 | ---- | M] () -- C:\WINDOWS\339z5orme99.dll
[2009/11/23 04:38:34 | 00,003,214 | ---- | M] () -- C:\WINDOWS\4f93bzckdoo52929.bin
[2009/11/22 12:54:14 | 00,017,774 | ---- | M] () -- C:\WINDOWS\15994vizus55e.exe
[2009/11/22 09:15:03 | 00,003,924 | ---- | M] () -- C:\WINDOWS\8z035ir9s2cc.exe
[2009/11/21 11:29:42 | 00,008,660 | ---- | M] () -- C:\WINDOWS\System32\15505nzt-a-vi9u5432.ocx
[2009/11/20 05:03:32 | 00,016,825 | ---- | M] () -- C:\WINDOWS\System32\cf35z92313.exe
[2009/11/19 18:52:01 | 00,006,277 | ---- | M] () -- C:\WINDOWS\63zasparse19685.dll
[2009/11/19 14:58:56 | 00,016,826 | ---- | M] () -- C:\WINDOWS\System32\z168a95ware654.bin
[2009/11/17 17:57:13 | 00,017,065 | ---- | M] () -- C:\WINDOWS\System32\53f7sparse9325z.dll
[2009/11/15 05:05:06 | 00,008,019 | ---- | M] () -- C:\WINDOWS\System32\5e2ezac9door444.bin
[2009/11/14 03:51:48 | 00,003,097 | ---- | M] () -- C:\WINDOWS\539bspyzare801.dll
[2009/11/12 16:19:55 | 00,012,890 | ---- | M] () -- C:\WINDOWS\System32\z95ds9y5are3103.cpl
[2009/11/12 01:59:05 | 00,012,358 | ---- | M] () -- C:\WINDOWS\System32\25637not-9-vi5zs267.ocx
[2009/11/11 13:53:25 | 00,016,230 | ---- | M] () -- C:\WINDOWS\3z57spa9se548.exe
[2009/11/11 05:06:13 | 00,017,436 | ---- | M] () -- C:\WINDOWS\5zafspyw5re9535.cpl
[2009/11/09 17:23:45 | 00,004,313 | ---- | M] () -- C:\WINDOWS\3070z9d5are727.dll
[2009/11/09 05:23:49 | 00,018,391 | ---- | M] () -- C:\WINDOWS\5a9bv9r582z.ocx
[2009/11/09 04:51:43 | 00,008,983 | ---- | M] () -- C:\WINDOWS\System32\1b99downl5ader2z19.bin
[2009/11/07 03:14:28 | 00,009,261 | ---- | M] () -- C:\WINDOWS\System32\4d0zdown5oader9689.bin
[2009/11/06 11:31:55 | 00,017,064 | ---- | M] () -- C:\WINDOWS\532zdownload5r2619.ocx
[2009/11/05 21:34:40 | 00,008,929 | ---- | M] () -- C:\WINDOWS\z4a8spywa9e1527.ocx
[2009/11/04 17:10:41 | 00,007,776 | ---- | M] () -- C:\WINDOWS\295addware198z.ocx
[2009/11/04 09:39:53 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/04 09:33:30 | 00,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/11/04 09:33:18 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/04 09:32:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/04 09:32:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/04 09:30:57 | 09,699,328 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/04 09:30:57 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/04 09:14:05 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/04 09:11:08 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/11/03 17:18:50 | 00,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2009/11/03 11:20:19 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/03 11:19:25 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/03 11:11:52 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/11/02 18:48:41 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Ed week 8.xls
[2009/11/02 18:48:35 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Esther week 8.xls
[2009/11/02 18:03:28 | 00,013,388 | ---- | M] () -- C:\WINDOWS\95b5thief1z03.exe
[2009/11/01 17:08:04 | 00,005,692 | ---- | M] () -- C:\WINDOWS\57dcste5lz993.ocx
[2009/11/01 16:16:43 | 00,010,946 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\hijackthis 110109a
[2009/11/01 16:12:47 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/11/01 16:10:19 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe
[2009/11/01 14:46:42 | 00,017,225 | ---- | M] () -- C:\WINDOWS\537steal3z985.cpl
[2009/10/30 23:07:09 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/10/30 23:04:24 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\setup-spybotsd162.exe
[2009/10/30 21:10:57 | 00,016,551 | ---- | M] () -- C:\WINDOWS\System32\5b9ast5az70.ocx
[2009/10/30 21:10:57 | 00,006,924 | ---- | M] () -- C:\WINDOWS\3ez9v591179.dll
[2009/10/30 21:10:55 | 00,018,271 | ---- | M] () -- C:\WINDOWS\System32\3894vir21z65.cpl
[2009/10/30 21:10:55 | 00,012,457 | ---- | M] () -- C:\WINDOWS\System32\4ba8bac5dz9r1314.exe
[2009/10/30 21:10:55 | 00,011,642 | ---- | M] () -- C:\WINDOWS\50589ackdooz2592.dll
[2009/10/30 21:10:53 | 00,012,916 | ---- | M] () -- C:\WINDOWS\System32\93436spy415z.dll
[2009/10/30 21:10:53 | 00,010,918 | ---- | M] () -- C:\WINDOWS\3c99zackdo5r1804.dll
[2009/10/30 21:10:53 | 00,008,682 | ---- | M] () -- C:\WINDOWS\System32\49dcspyware93z5.exe
[2009/10/30 21:10:53 | 00,003,326 | ---- | M] () -- C:\WINDOWS\62eb5p9rse261z.dll
[2009/10/30 21:10:53 | 00,002,561 | ---- | M] () -- C:\WINDOWS\System32\4084sp9wzr52794.bin
[2009/10/30 21:10:52 | 00,009,899 | ---- | M] () -- C:\WINDOWS\System32\2c86sp95sez789.exe
[2009/10/30 21:10:50 | 00,014,869 | ---- | M] () -- C:\WINDOWS\System32\6eecdownloade91z59.cpl
[2009/10/30 21:10:50 | 00,009,994 | ---- | M] () -- C:\WINDOWS\System32\28837n9t-a-v5zus6a2.bin
[2009/10/30 21:10:50 | 00,007,536 | ---- | M] () -- C:\WINDOWS\System32\5bcbackdooz496.cpl
[2009/10/30 21:10:50 | 00,007,035 | ---- | M] () -- C:\WINDOWS\7f8z9p5ware14.exe
[2009/10/30 21:10:50 | 00,004,727 | ---- | M] () -- C:\WINDOWS\15999szy59.dll
[2009/10/30 21:10:50 | 00,004,595 | ---- | M] () -- C:\WINDOWS\592zsparse9628.dll
[2009/10/30 21:10:50 | 00,003,182 | ---- | M] () -- C:\WINDOWS\System32\zcb195arse1187.ocx
[2009/10/30 21:10:50 | 00,003,065 | ---- | M] () -- C:\WINDOWS\z340addwa9e3075.exe
[2009/10/30 21:10:49 | 00,011,681 | ---- | M] () -- C:\WINDOWS\4dc99hreatz959.ocx
[2009/10/30 21:10:47 | 00,013,199 | ---- | M] () -- C:\WINDOWS\54510tr9z99.ocx
[2009/10/30 21:10:47 | 00,013,131 | ---- | M] () -- C:\WINDOWS\4087sz5r9e2091.exe
[2009/10/30 21:10:46 | 00,014,038 | ---- | M] () -- C:\WINDOWS\94759zroj5f5.exe
[2009/10/30 21:10:46 | 00,012,701 | ---- | M] () -- C:\WINDOWS\9688worz2955.dll
[2009/10/30 21:10:46 | 00,010,738 | ---- | M] () -- C:\WINDOWS\System32\6945viru514z.bin
[2009/10/30 21:10:46 | 00,009,666 | ---- | M] () -- C:\WINDOWS\System32\4b92backdoor5z27.bin
[2009/10/30 21:10:46 | 00,008,311 | ---- | M] () -- C:\WINDOWS\2a95s95zare2058.ocx
[2009/10/30 21:10:45 | 00,011,252 | ---- | M] () -- C:\WINDOWS\System32\2c89tzi5f692.cpl
[2009/10/30 21:10:45 | 00,009,601 | ---- | M] () -- C:\WINDOWS\System32\75c1addw9ze1810.cpl
[2009/10/30 21:10:45 | 00,008,072 | ---- | M] () -- C:\WINDOWS\8735s5z7a9.exe
[2009/10/30 21:10:45 | 00,005,314 | ---- | M] () -- C:\WINDOWS\System32\1z95parse29919.dll
[2009/10/30 21:10:45 | 00,002,867 | ---- | M] () -- C:\WINDOWS\System32\1bz1b9ckdoor657.exe
[2009/10/30 21:10:44 | 00,016,060 | ---- | M] () -- C:\WINDOWS\2052spamzot9a15.ocx
[2009/10/30 21:10:43 | 00,017,571 | ---- | M] () -- C:\WINDOWS\z9776viru5198.ocx
[2009/10/30 21:10:43 | 00,016,314 | ---- | M] () -- C:\WINDOWS\102eadzw5re799.ocx
[2009/10/30 21:10:43 | 00,015,336 | ---- | M] () -- C:\WINDOWS\259bs5arse1z48.ocx
[2009/10/30 21:10:43 | 00,013,963 | ---- | M] () -- C:\WINDOWS\System32\z848download952550.cpl
[2009/10/30 21:10:43 | 00,012,344 | ---- | M] () -- C:\WINDOWS\597avzr460.cpl
[2009/10/30 21:10:43 | 00,003,803 | ---- | M] () -- C:\WINDOWS\5371t5rzat271139.ocx
[2009/10/30 21:10:43 | 00,003,415 | ---- | M] () -- C:\WINDOWS\9f3downloader91z5.ocx
[2009/10/30 21:10:43 | 00,002,950 | ---- | M] () -- C:\WINDOWS\2z1cspars928245.dll
[2009/10/30 21:10:42 | 00,013,855 | ---- | M] () -- C:\WINDOWS\System32\96742spam5ot4eaz.dll
[2009/10/30 21:10:42 | 00,013,676 | ---- | M] () -- C:\WINDOWS\System32\zebdv5r1659.dll
[2009/10/30 21:10:42 | 00,013,274 | ---- | M] () -- C:\WINDOWS\System32\5e49v5z3232.exe
[2009/10/30 21:10:42 | 00,012,274 | ---- | M] () -- C:\WINDOWS\7ca15tezl949.dll
[2009/10/30 21:10:42 | 00,011,169 | ---- | M] () -- C:\WINDOWS\System32\721b5tezl291.cpl
[2009/10/30 21:10:42 | 00,010,819 | ---- | M] () -- C:\WINDOWS\21915spambz5539.exe
[2009/10/30 21:10:42 | 00,010,728 | ---- | M] () -- C:\WINDOWS\System32\18e45own9oadez185.dll
[2009/10/30 21:10:42 | 00,010,622 | ---- | M] () -- C:\WINDOWS\System32\14dcback9oo5748z.ocx
[2009/10/30 21:10:42 | 00,009,401 | ---- | M] () -- C:\WINDOWS\System32\5515ztroj1b9.dll
[2009/10/30 21:10:42 | 00,009,369 | ---- | M] () -- C:\WINDOWS\System32\5429spyw9ze2265.dll
[2009/10/30 21:10:42 | 00,008,151 | ---- | M] () -- C:\WINDOWS\771095rz35c.ocx
[2009/10/30 21:10:42 | 00,007,971 | ---- | M] () -- C:\WINDOWS\System32\23908hacztoo5119.dll
[2009/10/30 21:10:42 | 00,006,900 | ---- | M] () -- C:\WINDOWS\39zathre5t97679.exe
[2009/10/30 21:10:42 | 00,006,246 | ---- | M] () -- C:\WINDOWS\System32\4260t5zj5e59.dll
[2009/10/30 21:10:42 | 00,004,221 | ---- | M] () -- C:\WINDOWS\System32\6960t5zeat99094.dll
[2009/10/30 21:10:42 | 00,002,517 | ---- | M] () -- C:\WINDOWS\System32\1z75v9r1678.cpl
[2009/10/30 21:10:41 | 00,018,098 | ---- | M] () -- C:\WINDOWS\21165s5z1b19.bin
[2009/10/30 21:10:41 | 00,017,844 | ---- | M] () -- C:\WINDOWS\62025roj39z.bin
[2009/10/30 21:10:41 | 00,017,800 | ---- | M] () -- C:\WINDOWS\z4505ot-a-viru9442.exe
[2009/10/30 21:10:41 | 00,016,839 | ---- | M] () -- C:\WINDOWS\System32\9956viruz653.bin
[2009/10/30 21:10:41 | 00,015,575 | ---- | M] () -- C:\WINDOWS\12593nzt-9-virus170.dll
[2009/10/30 21:10:41 | 00,013,988 | ---- | M] () -- C:\WINDOWS\cz7backd9or4275.exe
[2009/10/30 21:10:41 | 00,013,783 | ---- | M] () -- C:\WINDOWS\System32\1b5zspyware29009.cpl
[2009/10/30 21:10:41 | 00,013,567 | ---- | M] () -- C:\WINDOWS\System32\1953stezl19215.cpl
[2009/10/30 21:10:41 | 00,010,319 | ---- | M] () -- C:\WINDOWS\5459addware1920z.cpl
[2009/10/30 21:10:41 | 00,008,131 | ---- | M] () -- C:\WINDOWS\System32\32240tzoj3159.exe
[2009/10/30 21:10:41 | 00,004,464 | ---- | M] () -- C:\WINDOWS\9c58vir63z.ocx
[2009/10/30 21:10:40 | 00,017,827 | ---- | M] () -- C:\WINDOWS\37375orm9z0.exe
[2009/10/30 21:10:40 | 00,017,065 | ---- | M] () -- C:\WINDOWS\System32\36z09pyware2952.ocx
[2009/10/30 21:10:40 | 00,015,543 | ---- | M] () -- C:\WINDOWS\System32\21759zroj98.cpl
[2009/10/30 21:10:40 | 00,014,633 | ---- | M] () -- C:\WINDOWS\90259zrus452.dll
[2009/10/30 21:10:40 | 00,012,112 | ---- | M] () -- C:\WINDOWS\53414not9a-virus5b0z.bin
[2009/10/30 21:10:40 | 00,011,989 | ---- | M] () -- C:\WINDOWS\System32\5c599irz278.exe
[2009/10/30 21:10:40 | 00,011,622 | ---- | M] () -- C:\WINDOWS\1f3b9hrz5t20543.bin
[2009/10/30 21:10:40 | 00,011,051 | ---- | M] () -- C:\WINDOWS\55999orz353.dll
[2009/10/30 21:10:40 | 00,008,309 | ---- | M] () -- C:\WINDOWS\System32\5659thre5t1z419.bin
[2009/10/30 21:10:40 | 00,007,549 | ---- | M] () -- C:\WINDOWS\System32\6c29st5al2586z.dll
[2009/10/30 21:10:40 | 00,006,890 | ---- | M] () -- C:\WINDOWS\99efdow5lzader2959.bin
[2009/10/30 21:10:40 | 00,006,844 | ---- | M] () -- C:\WINDOWS\System32\59193trojz9a.cpl
[2009/10/30 21:10:40 | 00,005,136 | ---- | M] () -- C:\WINDOWS\1z898w9r5146.bin
[2009/10/30 21:10:40 | 00,003,555 | ---- | M] () -- C:\WINDOWS\System32\z095worm32d9.bin
[2009/10/30 21:10:39 | 00,017,829 | ---- | M] () -- C:\WINDOWS\System32\55zethre9t5067.ocx
[2009/10/30 21:10:39 | 00,013,709 | ---- | M] () -- C:\WINDOWS\8b9d9wnlzader8975.cpl
[2009/10/30 21:10:39 | 00,012,233 | ---- | M] () -- C:\WINDOWS\795backd5or1333z.cpl
[2009/10/30 21:10:39 | 00,008,823 | ---- | M] () -- C:\WINDOWS\22129nzt-a-vir5s5b9.dll
[2009/10/30 21:10:39 | 00,002,745 | ---- | M] () -- C:\WINDOWS\System32\166athzef1592.ocx
[2009/10/30 21:10:38 | 00,015,945 | ---- | M] () -- C:\WINDOWS\77zfsteal1957.cpl
[2009/10/30 21:10:38 | 00,014,583 | ---- | M] () -- C:\WINDOWS\System32\19291zot-a-virus5be.dll
[2009/10/30 21:10:38 | 00,008,605 | ---- | M] () -- C:\WINDOWS\2zb9sparse9550.dll
[2009/10/30 21:10:38 | 00,002,819 | ---- | M] () -- C:\WINDOWS\5450v9z1049.dll
[2009/10/30 21:10:38 | 00,002,708 | ---- | M] () -- C:\WINDOWS\28855t5o974z.dll
[2009/10/30 21:10:37 | 00,014,093 | ---- | M] () -- C:\WINDOWS\70dzth9eat25199.dll
[2009/10/30 21:10:37 | 00,007,122 | ---- | M] () -- C:\WINDOWS\System32\5654ste5lz197.ocx
[2009/10/30 21:10:37 | 00,006,491 | ---- | M] () -- C:\WINDOWS\6c9azpyware517.dll
[2009/10/30 21:10:37 | 00,004,047 | ---- | M] () -- C:\WINDOWS\44bfspy5are988z.ocx
[2009/10/30 21:10:36 | 00,016,950 | ---- | M] () -- C:\WINDOWS\System32\321fsz9w5re681.bin
[2009/10/30 21:10:36 | 00,016,495 | ---- | M] () -- C:\WINDOWS\5ec8downzo5der908.bin
[2009/10/30 21:10:36 | 00,012,696 | ---- | M] () -- C:\WINDOWS\System32\29032ha5ktzol8f.cpl
[2009/10/30 21:10:36 | 00,011,784 | ---- | M] () -- C:\WINDOWS\6714s5yzare9895.ocx
[2009/10/30 21:10:36 | 00,011,518 | ---- | M] () -- C:\WINDOWS\2985hacktool60z.cpl
[2009/10/30 21:10:36 | 00,010,887 | ---- | M] () -- C:\WINDOWS\System32\13939sp5mbotza4.bin
[2009/10/30 21:10:36 | 00,010,430 | ---- | M] () -- C:\WINDOWS\6220haz9too5752.dll
[2009/10/30 21:10:36 | 00,006,749 | ---- | M] () -- C:\WINDOWS\System32\15110s9y7dz.bin
[2009/10/30 21:10:36 | 00,005,306 | ---- | M] () -- C:\WINDOWS\System32\90z53hacktool69d.dll
[2009/10/30 21:10:35 | 00,017,894 | ---- | M] () -- C:\WINDOWS\System32\6beesteal3z95.dll
[2009/10/30 21:10:35 | 00,012,434 | ---- | M] () -- C:\WINDOWS\System32\f1zhr9at14152.bin
[2009/10/30 21:10:35 | 00,011,376 | ---- | M] () -- C:\WINDOWS\System32\5195viz52.dll
[2009/10/30 21:10:35 | 00,009,418 | ---- | M] () -- C:\WINDOWS\System32\4071h5ckt9ozef.ocx
[2009/10/30 21:10:35 | 00,008,940 | ---- | M] () -- C:\WINDOWS\49255ir108z.ocx
[2009/10/30 21:10:35 | 00,008,714 | ---- | M] () -- C:\WINDOWS\369zno9-a-v5rus582.dll
[2009/10/30 21:10:35 | 00,007,963 | ---- | M] () -- C:\WINDOWS\System32\29a9steal315z5.exe
[2009/10/30 21:10:35 | 00,007,878 | ---- | M] () -- C:\WINDOWS\99cfthi5fz125.dll
[2009/10/30 21:10:35 | 00,003,414 | ---- | M] () -- C:\WINDOWS\System32\735znot-a-v5ru9e5.dll
[2009/10/30 21:10:33 | 00,018,312 | ---- | M] () -- C:\WINDOWS\24z7t59ef2751.ocx
[2009/10/30 21:10:32 | 00,017,537 | ---- | M] () -- C:\WINDOWS\System32\5c889teaz2325.cpl
[2009/10/30 21:10:32 | 00,011,018 | ---- | M] () -- C:\WINDOWS\7575worz5d49.ocx
[2009/10/30 21:10:32 | 00,010,123 | ---- | M] () -- C:\WINDOWS\System32\196709ackt5zl456.exe
[2009/10/30 21:10:32 | 00,008,828 | ---- | M] () -- C:\WINDOWS\9973w9rm35z.ocx
[2009/10/30 21:10:32 | 00,008,407 | ---- | M] () -- C:\WINDOWS\System32\5049stzal1097.bin
[2009/10/30 21:10:32 | 00,007,322 | ---- | M] () -- C:\WINDOWS\2efbackd5oz9215.dll
[2009/10/29 01:18:02 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/27 15:29:44 | 00,007,958 | ---- | M] () -- C:\WINDOWS\7571sp59arz398.dll
[2009/10/27 00:21:59 | 00,003,373 | ---- | M] () -- C:\WINDOWS\z500w59m5dc.ocx
[2009/10/26 21:53:06 | 00,012,731 | ---- | M] () -- C:\WINDOWS\33b5downlzader1499.bin
[2009/10/26 15:51:50 | 00,014,991 | ---- | M] () -- C:\WINDOWS\293fthi5f39z.exe
[2009/10/23 15:33:56 | 00,013,737 | ---- | M] () -- C:\WINDOWS\System32\40a59pyzare527.ocx
[2009/10/23 12:12:22 | 00,013,109 | ---- | M] () -- C:\WINDOWS\System32\7ef49own5oader125z.cpl
[2009/10/23 00:52:24 | 00,006,155 | ---- | M] () -- C:\WINDOWS\19700virz54379.exe
[2009/10/22 17:38:10 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Ed and Esther Week 7.xls
[2009/10/21 20:09:51 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[39 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/28 08:09:32 | 00,005,051 | ---- | C] () -- C:\WINDOWS\System32\3e54s9ywzre344.bin
[2009/12/27 01:18:44 | 00,012,220 | ---- | C] () -- C:\WINDOWS\z943t5reat1965.exe
[2009/12/23 22:59:02 | 00,015,843 | ---- | C] () -- C:\WINDOWS\System32\aafth9e5z33.bin
[2009/12/23 07:44:38 | 00,004,218 | ---- | C] () -- C:\WINDOWS\21054hac9tooz375.dll
[2009/12/21 20:37:23 | 00,016,222 | ---- | C] () -- C:\WINDOWS\15e4s9arse23z2.dll
[2009/12/21 10:52:08 | 00,007,203 | ---- | C] () -- C:\WINDOWS\6558szam5ot3c99.bin
[2009/12/17 12:24:26 | 00,014,478 | ---- | C] () -- C:\WINDOWS\28212tr95z55.bin
[2009/12/16 07:05:53 | 00,012,821 | ---- | C] () -- C:\WINDOWS\System32\2a8zdownl9ader1659.ocx
[2009/12/15 11:21:21 | 00,010,303 | ---- | C] () -- C:\WINDOWS\32086nzt-a-virus75e9.cpl
[2009/12/13 18:53:19 | 00,017,365 | ---- | C] () -- C:\WINDOWS\System32\5091zspy34d.cpl
[2009/12/13 18:37:55 | 00,003,699 | ---- | C] () -- C:\WINDOWS\System32\9057virusz335.dll
[2009/12/11 01:08:39 | 00,007,177 | ---- | C] () -- C:\WINDOWS\System32\92023spy75az.ocx
[2009/12/10 12:33:26 | 00,017,977 | ---- | C] () -- C:\WINDOWS\71dzthi5f9016.exe
[2009/12/10 06:52:36 | 00,007,956 | ---- | C] () -- C:\WINDOWS\System32\233s952f7z.dll
[2009/12/09 10:50:52 | 00,010,212 | ---- | C] () -- C:\WINDOWS\499cstea5317z.exe
[2009/12/09 03:35:04 | 00,016,217 | ---- | C] () -- C:\WINDOWS\2e515hzeat30999.exe
[2009/12/08 18:49:32 | 00,013,561 | ---- | C] () -- C:\WINDOWS\29504spazbo97e15.ocx
[2009/12/08 18:04:16 | 00,004,689 | ---- | C] () -- C:\WINDOWS\1ebspzrse58659.dll
[2009/12/07 23:46:03 | 00,017,841 | ---- | C] () -- C:\WINDOWS\System32\5z329ownloader1321.bin
[2009/12/06 09:48:46 | 00,005,214 | ---- | C] () -- C:\WINDOWS\c0zs59al1166.ocx
[2009/12/04 02:02:49 | 00,010,815 | ---- | C] () -- C:\WINDOWS\27554spaz9ot4df.exe
[2009/12/03 07:15:49 | 00,007,327 | ---- | C] () -- C:\WINDOWS\System32\355aspywaze969.cpl
[2009/12/02 19:39:24 | 00,014,363 | ---- | C] () -- C:\WINDOWS\97582spzmbo59.exe
[2009/12/02 09:52:12 | 00,011,895 | ---- | C] () -- C:\WINDOWS\System32\78a3zddware11599.ocx
[2009/11/28 17:50:02 | 00,003,894 | ---- | C] () -- C:\WINDOWS\14f95ownloadzr1690.dll
[2009/11/26 17:14:59 | 00,014,289 | ---- | C] () -- C:\WINDOWS\339z5orme99.dll
[2009/11/23 04:38:34 | 00,003,214 | ---- | C] () -- C:\WINDOWS\4f93bzckdoo52929.bin
[2009/11/22 12:54:14 | 00,017,774 | ---- | C] () -- C:\WINDOWS\15994vizus55e.exe
[2009/11/22 09:15:03 | 00,003,924 | ---- | C] () -- C:\WINDOWS\8z035ir9s2cc.exe
[2009/11/21 11:29:42 | 00,008,660 | ---- | C] () -- C:\WINDOWS\System32\15505nzt-a-vi9u5432.ocx
[2009/11/20 05:03:32 | 00,016,825 | ---- | C] () -- C:\WINDOWS\System32\cf35z92313.exe
[2009/11/19 18:52:01 | 00,006,277 | ---- | C] () -- C:\WINDOWS\63zasparse19685.dll
[2009/11/19 14:58:56 | 00,016,826 | ---- | C] () -- C:\WINDOWS\System32\z168a95ware654.bin
[2009/11/17 17:57:13 | 00,017,065 | ---- | C] () -- C:\WINDOWS\System32\53f7sparse9325z.dll
[2009/11/15 05:05:06 | 00,008,019 | ---- | C] () -- C:\WINDOWS\System32\5e2ezac9door444.bin
[2009/11/14 03:51:48 | 00,003,097 | ---- | C] () -- C:\WINDOWS\539bspyzare801.dll
[2009/11/12 16:19:55 | 00,012,890 | ---- | C] () -- C:\WINDOWS\System32\z95ds9y5are3103.cpl
[2009/11/12 01:59:05 | 00,012,358 | ---- | C] () -- C:\WINDOWS\System32\25637not-9-vi5zs267.ocx
[2009/11/11 13:53:25 | 00,016,230 | ---- | C] () -- C:\WINDOWS\3z57spa9se548.exe
[2009/11/11 05:06:13 | 00,017,436 | ---- | C] () -- C:\WINDOWS\5zafspyw5re9535.cpl
[2009/11/09 17:23:45 | 00,004,313 | ---- | C] () -- C:\WINDOWS\3070z9d5are727.dll
[2009/11/09 05:23:49 | 00,018,391 | ---- | C] () -- C:\WINDOWS\5a9bv9r582z.ocx
[2009/11/09 04:51:43 | 00,008,983 | ---- | C] () -- C:\WINDOWS\System32\1b99downl5ader2z19.bin
[2009/11/07 03:14:28 | 00,009,261 | ---- | C] () -- C:\WINDOWS\System32\4d0zdown5oader9689.bin
[2009/11/06 11:31:55 | 00,017,064 | ---- | C] () -- C:\WINDOWS\532zdownload5r2619.ocx
[2009/11/05 21:34:40 | 00,008,929 | ---- | C] () -- C:\WINDOWS\z4a8spywa9e1527.ocx
[2009/11/04 17:10:41 | 00,007,776 | ---- | C] () -- C:\WINDOWS\295addware198z.ocx
[2009/11/04 09:14:05 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/03 11:20:19 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/03 11:11:47 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/11/02 18:03:28 | 00,013,388 | ---- | C] () -- C:\WINDOWS\95b5thief1z03.exe
[2009/11/01 17:08:04 | 00,005,692 | ---- | C] () -- C:\WINDOWS\57dcste5lz993.ocx
[2009/11/01 16:16:43 | 00,010,946 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\hijackthis 110109a
[2009/11/01 16:12:47 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/11/01 14:46:42 | 00,017,225 | ---- | C] () -- C:\WINDOWS\537steal3z985.cpl
[2009/10/30 21:10:57 | 00,016,551 | ---- | C] () -- C:\WINDOWS\System32\5b9ast5az70.ocx
[2009/10/30 21:10:57 | 00,006,924 | ---- | C] () -- C:\WINDOWS\3ez9v591179.dll
[2009/10/30 21:10:55 | 00,018,271 | ---- | C] () -- C:\WINDOWS\System32\3894vir21z65.cpl
[2009/10/30 21:10:55 | 00,012,457 | ---- | C] () -- C:\WINDOWS\System32\4ba8bac5dz9r1314.exe
[2009/10/30 21:10:55 | 00,011,642 | ---- | C] () -- C:\WINDOWS\50589ackdooz2592.dll
[2009/10/30 21:10:53 | 00,012,916 | ---- | C] () -- C:\WINDOWS\System32\93436spy415z.dll
[2009/10/30 21:10:53 | 00,010,918 | ---- | C] () -- C:\WINDOWS\3c99zackdo5r1804.dll
[2009/10/30 21:10:53 | 00,008,682 | ---- | C] () -- C:\WINDOWS\System32\49dcspyware93z5.exe
[2009/10/30 21:10:53 | 00,003,326 | ---- | C] () -- C:\WINDOWS\62eb5p9rse261z.dll
[2009/10/30 21:10:53 | 00,002,561 | ---- | C] () -- C:\WINDOWS\System32\4084sp9wzr52794.bin
[2009/10/30 21:10:52 | 00,009,899 | ---- | C] () -- C:\WINDOWS\System32\2c86sp95sez789.exe
[2009/10/30 21:10:50 | 00,014,869 | ---- | C] () -- C:\WINDOWS\System32\6eecdownloade91z59.cpl
[2009/10/30 21:10:50 | 00,009,994 | ---- | C] () -- C:\WINDOWS\System32\28837n9t-a-v5zus6a2.bin
[2009/10/30 21:10:50 | 00,007,536 | ---- | C] () -- C:\WINDOWS\System32\5bcbackdooz496.cpl
[2009/10/30 21:10:50 | 00,007,035 | ---- | C] () -- C:\WINDOWS\7f8z9p5ware14.exe
[2009/10/30 21:10:50 | 00,004,727 | ---- | C] () -- C:\WINDOWS\15999szy59.dll
[2009/10/30 21:10:50 | 00,004,595 | ---- | C] () -- C:\WINDOWS\592zsparse9628.dll
[2009/10/30 21:10:50 | 00,003,182 | ---- | C] () -- C:\WINDOWS\System32\zcb195arse1187.ocx
[2009/10/30 21:10:50 | 00,003,065 | ---- | C] () -- C:\WINDOWS\z340addwa9e3075.exe
[2009/10/30 21:10:49 | 00,011,681 | ---- | C] () -- C:\WINDOWS\4dc99hreatz959.ocx
[2009/10/30 21:10:47 | 00,013,199 | ---- | C] () -- C:\WINDOWS\54510tr9z99.ocx
[2009/10/30 21:10:47 | 00,013,131 | ---- | C] () -- C:\WINDOWS\4087sz5r9e2091.exe
[2009/10/30 21:10:46 | 00,014,038 | ---- | C] () -- C:\WINDOWS\94759zroj5f5.exe
[2009/10/30 21:10:46 | 00,012,701 | ---- | C] () -- C:\WINDOWS\9688worz2955.dll
[2009/10/30 21:10:46 | 00,010,738 | ---- | C] () -- C:\WINDOWS\System32\6945viru514z.bin
[2009/10/30 21:10:46 | 00,009,666 | ---- | C] () -- C:\WINDOWS\System32\4b92backdoor5z27.bin
[2009/10/30 21:10:46 | 00,008,311 | ---- | C] () -- C:\WINDOWS\2a95s95zare2058.ocx
[2009/10/30 21:10:45 | 00,011,252 | ---- | C] () -- C:\WINDOWS\System32\2c89tzi5f692.cpl
[2009/10/30 21:10:45 | 00,009,601 | ---- | C] () -- C:\WINDOWS\System32\75c1addw9ze1810.cpl
[2009/10/30 21:10:45 | 00,008,072 | ---- | C] () -- C:\WINDOWS\8735s5z7a9.exe
[2009/10/30 21:10:45 | 00,005,314 | ---- | C] () -- C:\WINDOWS\System32\1z95parse29919.dll
[2009/10/30 21:10:45 | 00,002,867 | ---- | C] () -- C:\WINDOWS\System32\1bz1b9ckdoor657.exe
[2009/10/30 21:10:44 | 00,016,060 | ---- | C] () -- C:\WINDOWS\2052spamzot9a15.ocx
[2009/10/30 21:10:43 | 00,017,571 | ---- | C] () -- C:\WINDOWS\z9776viru5198.ocx
[2009/10/30 21:10:43 | 00,016,314 | ---- | C] () -- C:\WINDOWS\102eadzw5re799.ocx
[2009/10/30 21:10:43 | 00,015,336 | ---- | C] () -- C:\WINDOWS\259bs5arse1z48.ocx
[2009/10/30 21:10:43 | 00,013,963 | ---- | C] () -- C:\WINDOWS\System32\z848download952550.cpl
[2009/10/30 21:10:43 | 00,012,344 | ---- | C] () -- C:\WINDOWS\597avzr460.cpl
[2009/10/30 21:10:43 | 00,003,803 | ---- | C] () -- C:\WINDOWS\5371t5rzat271139.ocx
[2009/10/30 21:10:43 | 00,003,415 | ---- | C] () -- C:\WINDOWS\9f3downloader91z5.ocx
[2009/10/30 21:10:43 | 00,002,950 | ---- | C] () -- C:\WINDOWS\2z1cspars928245.dll
[2009/10/30 21:10:42 | 00,013,855 | ---- | C] () -- C:\WINDOWS\System32\96742spam5ot4eaz.dll
[2009/10/30 21:10:42 | 00,013,676 | ---- | C] () -- C:\WINDOWS\System32\zebdv5r1659.dll
[2009/10/30 21:10:42 | 00,013,274 | ---- | C] () -- C:\WINDOWS\System32\5e49v5z3232.exe
[2009/10/30 21:10:42 | 00,012,274 | ---- | C] () -- C:\WINDOWS\7ca15tezl949.dll
[2009/10/30 21:10:42 | 00,011,169 | ---- | C] () -- C:\WINDOWS\System32\721b5tezl291.cpl
[2009/10/30 21:10:42 | 00,010,819 | ---- | C] () -- C:\WINDOWS\21915spambz5539.exe
[2009/10/30 21:10:42 | 00,010,728 | ---- | C] () -- C:\WINDOWS\System32\18e45own9oadez185.dll
[2009/10/30 21:10:42 | 00,010,622 | ---- | C] () -- C:\WINDOWS\System32\14dcback9oo5748z.ocx
[2009/10/30 21:10:42 | 00,009,401 | ---- | C] () -- C:\WINDOWS\System32\5515ztroj1b9.dll
[2009/10/30 21:10:42 | 00,009,369 | ---- | C] () -- C:\WINDOWS\System32\5429spyw9ze2265.dll
[2009/10/30 21:10:42 | 00,008,151 | ---- | C] () -- C:\WINDOWS\771095rz35c.ocx
[2009/10/30 21:10:42 | 00,007,971 | ---- | C] () -- C:\WINDOWS\System32\23908hacztoo5119.dll
[2009/10/30 21:10:42 | 00,006,900 | ---- | C] () -- C:\WINDOWS\39zathre5t97679.exe
[2009/10/30 21:10:42 | 00,006,246 | ---- | C] () -- C:\WINDOWS\System32\4260t5zj5e59.dll
[2009/10/30 21:10:42 | 00,004,221 | ---- | C] () -- C:\WINDOWS\System32\6960t5zeat99094.dll
[2009/10/30 21:10:42 | 00,002,517 | ---- | C] () -- C:\WINDOWS\System32\1z75v9r1678.cpl
[2009/10/30 21:10:41 | 00,018,098 | ---- | C] () -- C:\WINDOWS\21165s5z1b19.bin
[2009/10/30 21:10:41 | 00,017,844 | ---- | C] () -- C:\WINDOWS\62025roj39z.bin
[2009/10/30 21:10:41 | 00,017,800 | ---- | C] () -- C:\WINDOWS\z4505ot-a-viru9442.exe
[2009/10/30 21:10:41 | 00,016,839 | ---- | C] () -- C:\WINDOWS\System32\9956viruz653.bin
[2009/10/30 21:10:41 | 00,015,575 | ---- | C] () -- C:\WINDOWS\12593nzt-9-virus170.dll
[2009/10/30 21:10:41 | 00,013,988 | ---- | C] () -- C:\WINDOWS\cz7backd9or4275.exe
[2009/10/30 21:10:41 | 00,013,783 | ---- | C] () -- C:\WINDOWS\System32\1b5zspyware29009.cpl
[2009/10/30 21:10:41 | 00,013,567 | ---- | C] () -- C:\WINDOWS\System32\1953stezl19215.cpl
[2009/10/30 21:10:41 | 00,010,319 | ---- | C] () -- C:\WINDOWS\5459addware1920z.cpl
[2009/10/30 21:10:41 | 00,008,131 | ---- | C] () -- C:\WINDOWS\System32\32240tzoj3159.exe
[2009/10/30 21:10:41 | 00,004,464 | ---- | C] () -- C:\WINDOWS\9c58vir63z.ocx
[2009/10/30 21:10:40 | 00,017,827 | ---- | C] () -- C:\WINDOWS\37375orm9z0.exe
[2009/10/30 21:10:40 | 00,017,065 | ---- | C] () -- C:\WINDOWS\System32\36z09pyware2952.ocx
[2009/10/30 21:10:40 | 00,015,543 | ---- | C] () -- C:\WINDOWS\System32\21759zroj98.cpl
[2009/10/30 21:10:40 | 00,014,633 | ---- | C] () -- C:\WINDOWS\90259zrus452.dll
[2009/10/30 21:10:40 | 00,012,112 | ---- | C] () -- C:\WINDOWS\53414not9a-virus5b0z.bin
[2009/10/30 21:10:40 | 00,011,989 | ---- | C] () -- C:\WINDOWS\System32\5c599irz278.exe
[2009/10/30 21:10:40 | 00,011,622 | ---- | C] () -- C:\WINDOWS\1f3b9hrz5t20543.bin
[2009/10/30 21:10:40 | 00,011,051 | ---- | C] () -- C:\WINDOWS\55999orz353.dll
[2009/10/30 21:10:40 | 00,008,309 | ---- | C] () -- C:\WINDOWS\System32\5659thre5t1z419.bin
[2009/10/30 21:10:40 | 00,007,549 | ---- | C] () -- C:\WINDOWS\System32\6c29st5al2586z.dll
[2009/10/30 21:10:40 | 00,006,890 | ---- | C] () -- C:\WINDOWS\99efdow5lzader2959.bin
[2009/10/30 21:10:40 | 00,006,844 | ---- | C] () -- C:\WINDOWS\System32\59193trojz9a.cpl
[2009/10/30 21:10:40 | 00,005,136 | ---- | C] () -- C:\WINDOWS\1z898w9r5146.bin
[2009/10/30 21:10:40 | 00,003,555 | ---- | C] () -- C:\WINDOWS\System32\z095worm32d9.bin
[2009/10/30 21:10:39 | 00,017,829 | ---- | C] () -- C:\WINDOWS\System32\55zethre9t5067.ocx
[2009/10/30 21:10:39 | 00,013,709 | ---- | C] () -- C:\WINDOWS\8b9d9wnlzader8975.cpl
[2009/10/30 21:10:39 | 00,012,233 | ---- | C] () -- C:\WINDOWS\795backd5or1333z.cpl
[2009/10/30 21:10:39 | 00,008,823 | ---- | C] () -- C:\WINDOWS\22129nzt-a-vir5s5b9.dll
[2009/10/30 21:10:39 | 00,002,745 | ---- | C] () -- C:\WINDOWS\System32\166athzef1592.ocx
[2009/10/30 21:10:38 | 00,015,945 | ---- | C] () -- C:\WINDOWS\77zfsteal1957.cpl
[2009/10/30 21:10:38 | 00,014,583 | ---- | C] () -- C:\WINDOWS\System32\19291zot-a-virus5be.dll
[2009/10/30 21:10:38 | 00,008,605 | ---- | C] () -- C:\WINDOWS\2zb9sparse9550.dll
[2009/10/30 21:10:38 | 00,002,819 | ---- | C] () -- C:\WINDOWS\5450v9z1049.dll
[2009/10/30 21:10:38 | 00,002,708 | ---- | C] () -- C:\WINDOWS\28855t5o974z.dll
[2009/10/30 21:10:37 | 00,014,093 | ---- | C] () -- C:\WINDOWS\70dzth9eat25199.dll
[2009/10/30 21:10:37 | 00,007,122 | ---- | C] () -- C:\WINDOWS\System32\5654ste5lz197.ocx
[2009/10/30 21:10:37 | 00,006,491 | ---- | C] () -- C:\WINDOWS\6c9azpyware517.dll
[2009/10/30 21:10:37 | 00,004,047 | ---- | C] () -- C:\WINDOWS\44bfspy5are988z.ocx
[2009/10/30 21:10:36 | 00,016,950 | ---- | C] () -- C:\WINDOWS\System32\321fsz9w5re681.bin
[2009/10/30 21:10:36 | 00,016,495 | ---- | C] () -- C:\WINDOWS\5ec8downzo5der908.bin
[2009/10/30 21:10:36 | 00,012,696 | ---- | C] () -- C:\WINDOWS\System32\29032ha5ktzol8f.cpl
[2009/10/30 21:10:36 | 00,011,784 | ---- | C] () -- C:\WINDOWS\6714s5yzare9895.ocx
[2009/10/30 21:10:36 | 00,011,518 | ---- | C] () -- C:\WINDOWS\2985hacktool60z.cpl
[2009/10/30 21:10:36 | 00,010,887 | ---- | C] () -- C:\WINDOWS\System32\13939sp5mbotza4.bin
[2009/10/30 21:10:36 | 00,010,430 | ---- | C] () -- C:\WINDOWS\6220haz9too5752.dll
[2009/10/30 21:10:36 | 00,006,749 | ---- | C] () -- C:\WINDOWS\System32\15110s9y7dz.bin
[2009/10/30 21:10:36 | 00,005,306 | ---- | C] () -- C:\WINDOWS\System32\90z53hacktool69d.dll
[2009/10/30 21:10:35 | 00,017,894 | ---- | C] () -- C:\WINDOWS\System32\6beesteal3z95.dll
[2009/10/30 21:10:35 | 00,012,434 | ---- | C] () -- C:\WINDOWS\System32\f1zhr9at14152.bin
[2009/10/30 21:10:35 | 00,011,376 | ---- | C] () -- C:\WINDOWS\System32\5195viz52.dll
[2009/10/30 21:10:35 | 00,009,418 | ---- | C] () -- C:\WINDOWS\System32\4071h5ckt9ozef.ocx
[2009/10/30 21:10:35 | 00,008,940 | ---- | C] () -- C:\WINDOWS\49255ir108z.ocx
[2009/10/30 21:10:35 | 00,008,714 | ---- | C] () -- C:\WINDOWS\369zno9-a-v5rus582.dll
[2009/10/30 21:10:35 | 00,007,963 | ---- | C] () -- C:\WINDOWS\System32\29a9steal315z5.exe
[2009/10/30 21:10:35 | 00,007,878 | ---- | C] () -- C:\WINDOWS\99cfthi5fz125.dll
[2009/10/30 21:10:35 | 00,003,414 | ---- | C] () -- C:\WINDOWS\System32\735znot-a-v5ru9e5.dll
[2009/10/30 21:10:33 | 00,018,312 | ---- | C] () -- C:\WINDOWS\24z7t59ef2751.ocx
[2009/10/30 21:10:32 | 00,017,537 | ---- | C] () -- C:\WINDOWS\System32\5c889teaz2325.cpl
[2009/10/30 21:10:32 | 00,011,018 | ---- | C] () -- C:\WINDOWS\7575worz5d49.ocx
[2009/10/30 21:10:32 | 00,010,123 | ---- | C] () -- C:\WINDOWS\System32\196709ackt5zl456.exe
[2009/10/30 21:10:32 | 00,008,828 | ---- | C] () -- C:\WINDOWS\9973w9rm35z.ocx
[2009/10/30 21:10:32 | 00,008,407 | ---- | C] () -- C:\WINDOWS\System32\5049stzal1097.bin
[2009/10/30 21:10:32 | 00,007,322 | ---- | C] () -- C:\WINDOWS\2efbackd5oz9215.dll
[2009/10/30 18:08:04 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Ed week 8.xls
[2009/10/30 17:58:44 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Esther week 8.xls
[2009/10/27 15:29:44 | 00,007,958 | ---- | C] () -- C:\WINDOWS\7571sp59arz398.dll
[2009/10/27 00:21:59 | 00,003,373 | ---- | C] () -- C:\WINDOWS\z500w59m5dc.ocx
[2009/10/26 21:53:06 | 00,012,731 | ---- | C] () -- C:\WINDOWS\33b5downlzader1499.bin
[2009/10/26 15:51:50 | 00,014,991 | ---- | C] () -- C:\WINDOWS\293fthi5f39z.exe
[2009/10/23 15:33:56 | 00,013,737 | ---- | C] () -- C:\WINDOWS\System32\40a59pyzare527.ocx
[2009/10/23 12:12:22 | 00,013,109 | ---- | C] () -- C:\WINDOWS\System32\7ef49own5oader125z.cpl
[2009/10/23 00:52:24 | 00,006,155 | ---- | C] () -- C:\WINDOWS\19700virz54379.exe
[2009/10/22 17:29:36 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Ed and Esther Week 7.xls
[2009/10/09 03:01:04 | 00,002,788 | ---- | C] () -- C:\WINDOWS\14719sp51c8z.dll
[2009/10/08 02:02:30 | 00,002,630 | ---- | C] () -- C:\WINDOWS\System32\z5891sp55ac.dll
[2009/09/13 18:31:40 | 00,015,174 | ---- | C] () -- C:\WINDOWS\4533szars91420.dll
[2009/09/07 15:11:18 | 00,017,413 | ---- | C] () -- C:\WINDOWS\System32\53329iru57az.dll
[2009/09/07 09:54:30 | 00,010,605 | ---- | C] () -- C:\WINDOWS\System32\15753zp536e9.dll
[2009/09/04 08:55:11 | 00,010,073 | ---- | C] () -- C:\WINDOWS\52674wormz2d9.dll
[2009/08/31 21:48:10 | 00,018,309 | ---- | C] () -- C:\WINDOWS\75c8stea9z15.dll
[2009/08/23 16:22:01 | 00,008,977 | ---- | C] () -- C:\WINDOWS\56c5addware9z1.dll
[2009/08/22 00:50:35 | 00,017,380 | ---- | C] () -- C:\WINDOWS\System32\8259t5oj2z8.dll
[2009/08/21 23:02:35 | 00,009,274 | ---- | C] () -- C:\WINDOWS\25089zrus359.dll
[2009/08/21 09:10:58 | 00,012,468 | ---- | C] () -- C:\WINDOWS\System32\61z39ir2805.dll
[2009/08/16 18:31:50 | 00,012,609 | ---- | C] () -- C:\WINDOWS\System32\2z158h5cktoo9265.dll
[2009/08/15 03:08:32 | 00,002,877 | ---- | C] () -- C:\WINDOWS\7290w5rm79z.dll
[2009/08/08 07:48:40 | 00,014,925 | ---- | C] () -- C:\WINDOWS\System32\48e0addwarz5039.dll
[2009/08/07 00:29:21 | 00,013,014 | ---- | C] () -- C:\WINDOWS\z79dstea52963.dll
[2009/08/05 03:54:40 | 00,017,246 | ---- | C] () -- C:\WINDOWS\System32\1f66zpy9a5e2073.dll
[2009/08/03 06:10:11 | 00,012,103 | ---- | C] () -- C:\WINDOWS\System32\3331v59us34bz.dll
[2009/07/20 02:43:32 | 00,007,394 | ---- | C] () -- C:\WINDOWS\z8057spy559.dll
[2009/07/14 09:37:26 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\41b6backdzo91075.dll
[2009/07/11 19:30:26 | 00,016,163 | ---- | C] () -- C:\WINDOWS\System32\39z9threat70785.dll
[2009/07/09 11:55:51 | 00,013,488 | ---- | C] () -- C:\WINDOWS\System32\61bzspywar5196.dll
[2009/07/05 23:46:00 | 00,015,889 | ---- | C] () -- C:\WINDOWS\5z59viru5299.dll
[2009/06/26 23:41:59 | 00,015,531 | ---- | C] () -- C:\WINDOWS\System32\4895stezl2699.dll
[2009/06/23 13:13:01 | 00,002,649 | ---- | C] () -- C:\WINDOWS\z62espy5ar93192.dll
[2009/06/19 02:08:12 | 00,017,333 | ---- | C] () -- C:\WINDOWS\51bz9teal220.dll
[2009/06/17 22:17:46 | 00,015,647 | ---- | C] () -- C:\WINDOWS\System32\66czs95al2774.dll
[2009/06/17 01:36:50 | 00,015,981 | ---- | C] () -- C:\WINDOWS\581zbackd5o92362.dll
[2009/06/16 16:52:28 | 00,008,621 | ---- | C] () -- C:\WINDOWS\5e53th9eat2372z.dll
[2009/06/13 14:12:39 | 00,017,661 | ---- | C] () -- C:\WINDOWS\System32\39845spy5z9.dll
[2009/06/05 09:48:50 | 00,011,599 | ---- | C] () -- C:\WINDOWS\System32\5a79backdoor3z875.dll
[2009/06/04 08:55:56 | 00,015,891 | ---- | C] () -- C:\WINDOWS\System32\1791z9roj5d.dll
[2009/06/02 05:58:11 | 00,009,157 | ---- | C] () -- C:\WINDOWS\System32\281z7w9rm59a.dll
[2009/05/27 11:06:34 | 00,017,473 | ---- | C] () -- C:\WINDOWS\System32\779zn95-a-virus2fc.dll
[2009/05/17 01:50:26 | 00,004,454 | ---- | C] () -- C:\WINDOWS\System32\47ffd9wnlo5dzr545.dll
[2009/05/14 15:05:02 | 00,016,924 | ---- | C] () -- C:\WINDOWS\System32\15ffzow9load5r931.dll
[2009/04/13 04:34:11 | 00,012,215 | ---- | C] () -- C:\WINDOWS\24209wo5z710.dll
[2009/04/12 05:35:40 | 00,017,818 | ---- | C] () -- C:\WINDOWS\System32\19545pywarz2411.dll
[2009/04/04 16:50:35 | 00,011,848 | ---- | C] () -- C:\WINDOWS\System32\71f1ba9zdoor1005.dll
[2009/03/10 02:06:08 | 00,007,924 | ---- | C] () -- C:\WINDOWS\System32\75c5addware27z29.dll
[2009/03/07 18:56:28 | 00,008,961 | ---- | C] () -- C:\WINDOWS\95724spambozfa.dll
[2009/03/04 05:20:31 | 00,014,440 | ---- | C] () -- C:\WINDOWS\System32\59efszarse1388.dll
[2009/03/02 23:42:18 | 00,011,320 | ---- | C] () -- C:\WINDOWS\System32\5566thr9at1195z.dll
[2009/03/02 02:53:03 | 00,006,523 | ---- | C] () -- C:\WINDOWS\54460wzrm18f9.dll
[2009/02/24 04:49:59 | 00,006,771 | ---- | C] () -- C:\WINDOWS\System32\2497dowz5oader2297.dll
[2009/02/11 05:00:15 | 00,007,425 | ---- | C] () -- C:\WINDOWS\System32\38vir297z5.dll
[2009/01/17 17:50:28 | 00,008,909 | ---- | C] () -- C:\WINDOWS\299275acktool260z.dll
[2009/01/16 14:20:16 | 00,014,112 | ---- | C] () -- C:\WINDOWS\26574viruzd9.dll
[2009/01/08 15:14:47 | 00,005,881 | ---- | C] () -- C:\WINDOWS\349zaddwar917195.dll
[2009/01/06 09:04:03 | 00,010,735 | ---- | C] () -- C:\WINDOWS\7665hackzo5l6559.dll
[2009/01/05 20:27:38 | 00,005,478 | ---- | C] () -- C:\WINDOWS\System32\651cvir1z609.dll
[2009/01/05 04:18:47 | 00,008,477 | ---- | C] () -- C:\WINDOWS\25428tro95bz.dll
[2009/01/01 00:26:21 | 00,002,648 | ---- | C] () -- C:\WINDOWS\59a8s5eal1z94.dll
[2008/12/18 14:27:17 | 00,013,675 | ---- | C] () -- C:\WINDOWS\System32\343c5ddwa9e24z6.dll
[2008/12/16 14:07:07 | 00,011,145 | ---- | C] () -- C:\WINDOWS\55c2addzare17985.dll
[2008/12/11 23:26:54 | 00,004,144 | ---- | C] () -- C:\WINDOWS\255z69roj352.dll
[2008/12/09 03:54:31 | 00,014,362 | ---- | C] () -- C:\WINDOWS\System32\925zackto9l35b.dll
[2008/12/08 05:37:29 | 00,011,853 | ---- | C] () -- C:\WINDOWS\15403trzj49.dll
[2008/12/03 00:14:30 | 00,006,213 | ---- | C] () -- C:\WINDOWS\4350troj5z9.dll
[2008/11/23 16:40:07 | 00,007,363 | ---- | C] () -- C:\WINDOWS\1z9265orm5e3.dll
[2008/11/04 19:59:47 | 00,009,017 | ---- | C] () -- C:\WINDOWS\fz9v5r697.dll
[2008/10/27 05:53:43 | 00,011,337 | ---- | C] () -- C:\WINDOWS\System32\79dbzddware5975.dll
[2008/10/07 01:23:57 | 00,003,127 | ---- | C] () -- C:\WINDOWS\System32\29ecaz9ware5765.dll
[2008/10/05 07:05:42 | 00,007,768 | ---- | C] () -- C:\WINDOWS\System32\1c49sp5ware1z59.dll
[2008/10/02 19:24:15 | 00,011,806 | ---- | C] () -- C:\WINDOWS\3339downlo5der1z94.dll
[2008/09/15 17:02:53 | 00,015,850 | ---- | C] () -- C:\WINDOWS\System32\19847hacktoo59bdz.dll
[2008/09/11 07:50:31 | 00,004,351 | ---- | C] () -- C:\WINDOWS\187749p575z.dll
[2008/08/24 13:19:42 | 00,009,280 | ---- | C] () -- C:\WINDOWS\9984zr5j3b.dll
[2008/07/24 20:44:34 | 00,011,401 | ---- | C] () -- C:\WINDOWS\306559irzs6a0.dll
[2008/07/19 11:11:02 | 00,009,315 | ---- | C] () -- C:\WINDOWS\System32\2f0zs9eal765.dll
[2008/07/19 01:55:13 | 00,003,978 | ---- | C] () -- C:\WINDOWS\6958spa9ze23595.dll
[2008/07/15 23:05:33 | 00,011,541 | ---- | C] () -- C:\WINDOWS\System32\186es59al206z.dll
[2008/07/10 10:08:20 | 00,004,991 | ---- | C] () -- C:\WINDOWS\911zdownloade51843.dll
[2008/07/08 19:38:24 | 00,008,427 | ---- | C] () -- C:\WINDOWS\98b55pywarz230.dll
[2008/07/06 22:25:51 | 00,003,037 | ---- | C] () -- C:\WINDOWS\System32\9755worm798z.dll
[2008/07/05 03:14:35 | 00,017,784 | ---- | C] () -- C:\WINDOWS\594esp5rze9456.dll
[2008/07/04 09:48:18 | 00,017,130 | ---- | C] () -- C:\WINDOWS\System32\13100w5rm719z.dll
[2008/07/01 23:37:03 | 00,013,313 | ---- | C] () -- C:\WINDOWS\635zv9r1161.dll
[2008/06/16 13:21:24 | 00,013,464 | ---- | C] () -- C:\WINDOWS\System32\17515zorm2c19.dll
[2008/05/21 13:07:58 | 00,004,868 | ---- | C] () -- C:\WINDOWS\System32\3a79zhreat112245.dll
[2008/05/19 13:12:30 | 00,005,114 | ---- | C] () -- C:\WINDOWS\184z35irus559.dll
[2008/05/18 19:11:22 | 00,008,794 | ---- | C] () -- C:\WINDOWS\9751spy96z5.dll
[2008/05/11 01:04:55 | 00,003,605 | ---- | C] () -- C:\WINDOWS\6e069ownloaderz50.dll
[2008/05/09 19:14:56 | 00,008,215 | ---- | C] () -- C:\WINDOWS\5cc75zdwar923.dll
[2008/05/01 03:39:05 | 00,015,088 | ---- | C] () -- C:\WINDOWS\902wzr51d6.dll
[2008/04/19 08:11:08 | 00,005,326 | ---- | C] () -- C:\WINDOWS\5z799virus566.dll
[2008/04/14 06:19:15 | 00,002,789 | ---- | C] () -- C:\WINDOWS\50779hazktool11d.dll
[2008/03/22 19:15:45 | 00,004,084 | ---- | C] () -- C:\WINDOWS\2z4565i9us3b4.dll
[2008/03/18 22:09:14 | 00,013,069 | ---- | C] () -- C:\WINDOWS\5z975teal2599.dll
[2008/03/13 20:45:45 | 00,013,090 | ---- | C] () -- C:\WINDOWS\212szywa9e6535.dll
[2008/03/13 15:10:44 | 00,009,928 | ---- | C] () -- C:\WINDOWS\System32\28756no9-a-virus3zc.dll
[2008/03/11 03:43:00 | 00,017,385 | ---- | C] () -- C:\WINDOWS\7166zroj59a.dll
[2008/03/07 10:57:31 | 00,010,914 | ---- | C] () -- C:\WINDOWS\System32\39c15ir316z.dll
[2008/03/04 13:09:46 | 00,016,953 | ---- | C] () -- C:\WINDOWS\z640n5t-a-virus93d.dll
[2008/02/27 22:39:11 | 00,006,758 | ---- | C] () -- C:\WINDOWS\25216spy95z.dll
[2008/02/26 03:15:47 | 00,013,198 | ---- | C] () -- C:\WINDOWS\System32\38935py4z8.dll
[2008/02/24 07:05:51 | 00,004,669 | ---- | C] () -- C:\WINDOWS\System32\6754t5rza91259.dll
[2008/02/20 21:57:48 | 00,002,918 | ---- | C] () -- C:\WINDOWS\30605tzoj1589.dll
[2008/02/17 15:21:48 | 00,005,221 | ---- | C] () -- C:\WINDOWS\System32\351595eal27z3.dll
[2008/02/17 10:46:32 | 00,013,782 | ---- | C] () -- C:\WINDOWS\System32\24a3backdoorz5859.dll
[2008/02/12 10:02:52 | 00,007,262 | ---- | C] () -- C:\WINDOWS\System32\4aecba9kdoo5115z.dll
[2008/02/07 18:00:22 | 00,015,350 | ---- | C] () -- C:\WINDOWS\System32\z8cfspyware9935.dll
[2008/01/16 09:03:18 | 00,003,438 | ---- | C] () -- C:\WINDOWS\System32\15725vzrusf59.dll
[2008/01/12 06:07:04 | 00,016,336 | ---- | C] () -- C:\WINDOWS\System32\769cszeal15365.dll
[2008/01/08 13:17:00 | 00,012,378 | ---- | C] () -- C:\WINDOWS\System32\2465baczdoor1898.dll
[2008/01/06 07:57:54 | 00,011,773 | ---- | C] () -- C:\WINDOWS\21968not-z-v5ru9f4.dll
[2008/01/03 22:21:16 | 00,016,987 | ---- | C] () -- C:\WINDOWS\14734noz5a-virus6329.dll
[2007/05/22 18:00:22 | 02,073,654 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ZBWallpaper_1.bmp
[2007/05/22 17:59:58 | 02,073,654 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ZBWallpaper.bmp
[2007/03/22 19:05:22 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/10/24 19:18:27 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\CDVPreviewEx.dll
[2006/10/09 19:26:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM.INI
[2006/08/05 17:16:05 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/08 10:59:36 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/06/26 18:43:50 | 00,010,829 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2006/06/02 12:45:16 | 00,000,090 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2006/06/02 12:45:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DettoMe.INI
[2006/06/02 12:25:30 | 00,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2006/06/02 11:27:21 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2006/05/28 10:42:17 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/05/28 09:18:22 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/08 03:00:43 | 00,002,733 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/10/19 14:15:07 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/17 07:47:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/06/14 09:26:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/05/08 10:39:35 | 00,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/05/02 07:11:21 | 00,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2005/03/31 13:53:40 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/23 09:39:07 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2005/03/23 09:39:07 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2005/03/22 22:30:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/22 18:24:42 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2005/03/22 16:56:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/03/22 16:53:53 | 00,073,904 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2003/03/09 15:31:04 | 00,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/26 22:41:34 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/07/24 19:39:38 | 00,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2002/07/24 19:39:38 | 00,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2002/07/24 19:32:31 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2002/07/24 19:32:31 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/07/24 18:41:48 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2002/07/24 18:34:36 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2002/07/24 18:15:29 | 06,954,222 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2002/07/24 18:10:35 | 00,000,029 | ---- | C] () -- C:\WINDOWS\ALSndMgr.ini
[2002/07/24 17:58:11 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2002/07/24 17:58:11 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2002/07/24 17:57:49 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/07/24 02:29:49 | 00,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/07/24 02:29:09 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2002/07/24 02:14:33 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/07/24 02:05:50 | 00,000,663 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/07/24 02:05:41 | 00,001,062 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/07/24 02:05:38 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/07/23 19:10:29 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2002/05/22 21:44:14 | 00,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
[2002/05/22 21:04:26 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2002/05/15 05:26:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/09/01 00:33:58 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/08 15:13:22 | 00,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll

========== LOP Check ==========

[2008/06/30 02:58:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2005/10/15 21:27:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/08/26 09:59:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/06/12 07:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/09/14 11:55:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2002/07/26 23:23:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2002/07/26 23:23:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\VERITAS
[2006/08/05 17:23:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2008/03/23 17:12:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2005/03/23 09:39:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Corel
[2006/10/24 19:18:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CSOdessa
[2002/07/26 23:23:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2005/05/15 15:46:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2006/10/07 10:41:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2006/05/26 10:47:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SuperAdBlocker.com
[2002/07/26 23:23:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS
[2007/01/22 20:37:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2005/10/24 22:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Webshots
[2001/08/18 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/03 22:20:00 | 00,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1246035848.job
[2009/10/29 01:18:02 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/11/04 09:32:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\*.exe >
[2005/03/24 10:12:28 | 02,636,408 | ---- | M] () -- C:\aawsepersonal.exe
[2005/08/17 18:07:25 | 04,186,768 | ---- | M] () -- C:\aim553599.exe
[2005/03/24 10:50:08 | 00,761,621 | ---- | M] (JDennis.net Ltd ) -- C:\DeadAIM.exe
[2005/03/24 10:12:52 | 00,457,920 | ---- | M] (Google) -- C:\GoogleToolbarInstaller.exe
[2005/03/24 10:51:47 | 04,466,776 | ---- | M] () -- C:\Install_AIM.exe
[2005/03/25 01:12:21 | 21,848,504 | ---- | M] (Apple Computer, Inc. ) -- C:\iTunesSetup.exe
[39 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys >
[2005/07/04 07:52:50 | 00,018,432 | ---- | M] (First 4 Internet) -- C:\WINDOWS\system32\drivers\$sys$cor.sys
[2008/04/13 23:16:20 | 00,053,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\1394bus.sys
[2002/05/22 21:43:00 | 00,010,297 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\a302.sys
[2002/05/22 21:43:10 | 00,026,169 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\a303.sys
[2002/05/22 21:43:16 | 00,025,657 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\a304.sys
[2002/05/22 21:43:20 | 00,011,321 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\a305.sys
[2002/05/22 21:43:24 | 00,013,881 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\a306.sys
[2002/05/22 21:43:28 | 00,020,025 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\a307.sys
[2002/05/22 21:43:32 | 00,010,297 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\a308.sys
[2002/05/22 21:43:36 | 00,023,609 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\a309.sys
[2002/05/22 21:43:44 | 00,024,121 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\a310.sys
[2002/05/22 21:44:10 | 00,028,729 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\a311.sys
[2002/05/22 21:44:14 | 00,009,785 | ---- | M] () -- C:\WINDOWS\system32\drivers\a312.sys
[2008/04/13 23:06:36 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys
[2003/03/31 06:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpiec.sys
[2002/03/23 01:14:52 | 00,095,936 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys
[2008/04/14 04:51:44 | 00,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys
[2008/08/14 05:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys
[2004/10/07 20:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS
[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys
[2008/04/14 00:06:40 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agpcpq.sys
[2008/04/14 00:06:40 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\alim1541.sys
[2008/04/14 00:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys
[2008/04/14 04:51:44 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk6.sys
[2008/04/14 04:51:44 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys
[2008/04/14 04:51:44 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arp1394.sys
[2006/06/12 07:24:48 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys
[2008/04/13 23:27:28 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:29:30 | 00,056,623 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1btxx.sys
[2004/08/03 22:29:30 | 00,011,615 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1mdxx.sys
[2004/08/03 22:29:30 | 00,012,047 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1pdxx.sys
[2004/08/03 22:29:32 | 00,030,671 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1raxx.sys
[2004/08/03 22:29:32 | 00,063,663 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1rvxx.sys
[2004/08/03 22:29:32 | 00,026,367 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1snxx.sys
[2004/08/03 22:29:32 | 00,021,343 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1ttxx.sys
[2004/08/03 22:29:32 | 00,036,463 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1tuxx.sys
[2004/08/03 22:29:32 | 00,029,455 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xbxx.sys
[2004/08/03 22:29:32 | 00,034,735 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xsxx.sys
[2004/08/03 22:29:28 | 00,327,040 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys
[2004/08/03 22:29:28 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2004/08/03 22:29:28 | 00,057,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinbtxx.sys
[2004/08/03 22:29:30 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinmdxx.sys
[2004/08/03 22:29:30 | 00,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinpdxx.sys
[2004/08/03 22:29:30 | 00,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinraxx.sys
[2004/08/03 22:29:32 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinrvxx.sys
[2004/08/03 22:29:32 | 00,028,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinsnxx.sys
[2004/08/03 22:29:32 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinttxx.sys
[2004/08/03 22:29:32 | 00,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atintuxx.sys
[2004/08/03 22:29:32 | 00,031,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxbxx.sys
[2004/08/03 22:29:32 | 00,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxsxx.sys
[2008/04/13 23:21:26 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2003/03/31 06:00:00 | 00,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2008/04/13 23:21:32 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmlane.sys
[2003/03/31 06:00:00 | 00,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmuni.sys
[2006/05/31 18:53:25 | 00,025,160 | ---- | M] (America Online) -- C:\WINDOWS\system32\drivers\atwpkt2.sys
[2006/05/31 18:53:26 | 00,032,328 | ---- | M] (America Online) -- C:\WINDOWS\system32\drivers\atwpkt264.sys
[2001/08/17 15:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys
[2003/03/31 06:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\beep.sys
[2008/04/13 23:23:24 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bridge.sys
[2008/04/13 23:16:34 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys
[2008/04/13 23:16:34 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys
[2008/04/13 23:21:36 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys
[2008/06/13 06:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys
[2008/04/13 23:16:32 | 00,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthprint.sys
[2008/04/13 23:16:30 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys
[2003/03/31 06:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2003/03/31 06:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2008/04/13 23:44:22 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdfs.sys
[2006/10/03 12:21:46 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys
[2006/10/03 12:21:46 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdralw2k.sys
[2008/04/13 23:10:48 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys
[2003/03/31 06:00:00 | 00,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2008/04/13 23:46:24 | 00,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\classpnp.sys
[2003/03/31 06:00:00 | 00,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2008/04/14 04:51:44 | 00,036,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\crusoe.sys
[2008/04/13 23:10:48 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 23:10:46 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\diskdump.sys
[2008/04/13 23:14:50 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys
[2008/04/13 23:14:48 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys
[2003/03/31 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys
[2008/04/14 00:15:02 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DMusic.sys
[2008/04/14 00:09:48 | 00,206,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dot4.sys
[2001/08/17 13:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys
[2001/08/17 13:47:32 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4scan.sys
[2001/08/17 13:47:32 | 00,023,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4usb.sys
[2008/04/14 04:51:44 | 00,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmk.sys
[2008/04/14 04:51:44 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2002/06/05 12:21:00 | 00,081,552 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\drvmcdb.sys
[2002/06/06 11:56:00 | 00,040,368 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\drvnddm.sys
[2003/03/31 06:00:00 | 00,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxapi.sys
[2008/04/13 23:08:30 | 00,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxg.sys
[2003/03/31 06:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys
[2007/03/22 11:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elagopro.sys
[2007/03/22 11:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elaunidr.sys
[2001/08/17 16:46:40 | 00,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\enum1394.sys
[2008/04/13 23:44:30 | 00,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fastfat.sys
[2008/04/13 23:10:26 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fdc.sys
[2008/04/13 23:03:30 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fips.sys
[2008/04/13 23:10:26 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2008/04/13 23:03:00 | 00,129,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2003/03/31 06:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys
[2003/03/31 06:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2003/03/31 06:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2008/04/14 00:06:42 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gagp30kx.sys
[2005/03/07 10:52:48 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2008/04/13 21:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys
[2008/04/13 23:16:32 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbth.sys
[2008/04/13 23:15:28 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidclass.sys
[2008/04/14 00:15:28 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidir.sys
[2008/04/13 23:15:24 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidparse.sys
[2008/04/13 23:15:28 | 00,010,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys
[2003/03/09 15:31:00 | 00,051,024 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys
[2003/03/09 15:31:02 | 00,016,080 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys
[2003/03/09 15:31:02 | 00,021,456 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys
[2004/08/03 22:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2004/08/03 22:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys
[2004/08/03 22:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2008/04/13 23:23:54 | 00,264,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys
[2008/04/13 23:48:02 | 00,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2001/08/08 15:13:36 | 00,158,140 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\i81xnt5.sys
[2002/05/22 21:44:06 | 00,069,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys
[2002/05/22 21:42:54 | 00,078,045 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys
[2002/05/22 21:43:56 | 00,090,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys
[2008/04/13 23:11:00 | 00,042,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys
[2008/04/13 23:10:30 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelide.sys
[2008/04/13 23:01:34 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008/04/13 23:23:36 | 00,036,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2003/03/31 06:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008/04/13 23:27:08 | 00,020,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008/04/13 23:27:16 | 00,152,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008/04/13 23:49:44 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008/04/13 23:24:30 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys
[2008/04/13 23:06:42 | 00,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008/04/13 23:09:48 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008/04/13 23:09:50 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys
[2008/04/14 04:51:44 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008/04/14 04:51:44 | 00,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ks.sys
[2009/06/24 06:18:41 | 00,092,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2003/03/31 14:29:00 | 00,625,537 | ---- | M] (LT) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2003/03/31 06:00:00 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mcd.sys
[2004/08/03 22:41:56 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2008/04/14 04:51:44 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys
[2003/03/31 06:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008/04/14 04:51:44 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\modem.sys
[2008/04/14 04:51:44 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys
[2003/03/31 06:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys
[2008/04/13 23:09:48 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2008/04/13 23:02:46 | 00,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008/04/13 23:02:40 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfs.sys
[2008/04/13 23:26:34 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys
[2008/04/14 04:51:44 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mskssrv.sys
[2008/04/14 04:51:44 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspclock.sys
[2008/04/14 04:51:44 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspqm.sys
[2008/04/14 04:51:44 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2004/08/03 22:41:40 | 00,126,686 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys
[2004/08/03 22:41:38 | 01,309,184 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlstrm.sys
[2004/08/03 22:29:38 | 00,452,736 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\drivers\mtxparhm.sys
[2008/04/13 23:47:06 | 00,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mup.sys
[2008/04/14 00:13:56 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mutohpen.sys
[2008/04/13 23:50:38 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndis.sys
[2008/04/13 23:27:28 | 00,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008/04/14 04:51:44 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008/04/13 23:50:44 | 00,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2008/04/13 23:27:30 | 00,040,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008/04/13 23:26:04 | 00,034,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys
[2008/04/13 23:51:02 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys
[2008/04/14 04:51:44 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nic1394.sys
[2003/03/31 06:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008/04/13 23:23:10 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys
[2008/04/13 23:02:40 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\npfs.sys
[2008/04/13 23:45:54 | 00,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 22:41:40 | 00,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys
[2003/03/31 06:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\null.sys
[2001/08/17 14:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4.sys
[2002/05/03 19:06:00 | 00,931,882 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2001/12/07 23:26:00 | 00,013,502 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv_agp.SYS
[2003/03/31 06:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2003/03/31 06:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008/04/13 23:26:08 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2003/03/31 06:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2003/03/31 06:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2008/04/13 23:16:20 | 00,061,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ohci1394.sys
[2003/03/31 06:00:00 | 00,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2008/04/14 04:51:44 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\p3.sys
[2008/04/14 04:51:44 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys
[2008/04/13 23:10:50 | 00,019,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\partmgr.sys
[2003/03/31 06:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parvdm.sys
[2000/03/23 06:42:24 | 00,044,192 | ---- | M] (PC-Doctor Inc.) -- C:\WINDOWS\system32\drivers\PcdrNt.sys
[2008/04/13 23:06:46 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys
[2003/03/31 06:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys
[2008/04/13 23:10:30 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008/04/13 23:06:44 | 00,120,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2002/10/01 08:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys
[2008/04/14 04:51:44 | 00,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\portcls.sys
[2008/04/14 04:51:44 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys
[2001/06/04 16:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys
[2008/04/13 23:26:40 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys
[2003/03/31 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys
[2006/10/03 12:21:48 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys
[2001/08/17 13:53:32 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\qv2kux.sys
[2003/03/31 06:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008/04/13 23:49:44 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008/04/13 23:27:34 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008/04/13 23:49:50 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys
[2003/03/31 06:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys
[2003/03/31 06:00:00 | 00,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008/04/13 23:58:40 | 00,175,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys
[2003/03/31 06:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008/04/14 00:02:52 | 00,196,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2008/04/14 04:43:24 | 00,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 22:41:40 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\recagent.sys
[2008/04/14 00:10:28 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys
[2008/04/13 23:16:34 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys
[2003/03/31 06:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2003/03/31 06:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\riodrv.sys
[2008/05/08 09:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys
[2008/04/13 23:26:50 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008/04/14 00:26:50 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismpx.sys
[2003/03/31 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2008/04/13 22:05:40 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys
[2002/07/13 06:27:04 | 00,155,008 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys
[2008/04/13 23:10:32 | 00,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\scsiport.sys
[2008/04/13 23:06:46 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys
[2008/04/13 21:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
[2002/05/07 11:30:36 | 00,002,619 | ---- | M] (Sensaura Ltd) -- C:\WINDOWS\system32\drivers\sensupgd.sys
[2008/04/13 23:10:14 | 00,015,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serenum.sys
[2008/04/13 23:45:46 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys
[2008/04/13 23:10:48 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008/04/13 23:10:50 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008/04/13 23:10:48 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008/04/13 23:10:50 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2001/12/27 05:52:58 | 00,027,136 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS
[2002/04/09 00:44:56 | 00,188,032 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisgrp.sys
[2004/08/03 22:41:42 | 00,129,535 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnt7554.sys
[2004/08/03 22:41:44 | 00,404,990 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slntamr.sys
[2004/08/03 22:41:46 | 00,095,424 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnthal.sys
[2004/08/03 22:41:46 | 00,013,240 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slwdmsup.sys
[2008/04/14 04:51:44 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smbali.sys
[2003/03/31 06:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smclib.sys
[2001/12/19 20:47:02 | 00,003,744 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smsens.sys
[2002/05/07 13:39:00 | 00,493,896 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys
[2008/04/14 04:51:44 | 00,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2008/04/14 00:15:08 | 00,006,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys
[2008/04/13 23:06:54 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys
[2008/12/11 05:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2002/06/19 18:43:44 | 00,005,589 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys
[2002/06/19 18:42:58 | 00,022,995 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\ssrtln.sys
[2004/12/18 19:32:32 | 00,038,229 | ---- | M] (Generic) -- C:\WINDOWS\system32\drivers\StMp3Rec.sys
[2008/04/14 04:51:44 | 00,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\stream.sys
[2008/04/14 04:51:44 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys
[2008/04/14 04:51:44 | 00,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys
[2004/03/04 22:46:46 | 00,082,832 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[2008/04/14 04:51:44 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008/04/13 23:10:52 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tape.sys
[2008/06/20 06:51:12 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 06:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008/04/13 23:30:06 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdi.sys
[2008/04/14 04:43:22 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2008/04/14 04:43:22 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008/04/14 05:43:22 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys
[2003/03/31 06:00:00 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2003/03/31 06:00:00 | 00,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008/04/14 04:51:44 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys
[2008/04/14 00:06:42 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys
[2008/04/13 23:02:38 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\udfs.sys
[2003/03/31 06:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys
[2008/04/13 23:09:48 | 00,384,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys
[2008/04/13 23:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008/04/14 00:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys
[2004/05/13 13:50:12 | 00,015,576 | R--- | M] () -- C:\WINDOWS\system32\drivers\usbbc.sys
[2008/04/14 04:51:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008/04/14 04:51:44 | 00,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2008/04/13 23:15:40 | 00,032,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2003/03/31 06:00:00 | 00,004,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbd.sys
[2008/04/13 23:15:36 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008/04/13 23:15:38 | 00,059,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008/04/14 04:51:44 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbintel.sys
[2008/04/13 23:15:36 | 00,017,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbohci.sys
[2008/04/13 23:15:38 | 00,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbport.sys
[2008/04/14 00:17:38 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbprint.sys
[2008/04/13 23:15:36 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys
[2008/04/13 23:15:40 | 00,026,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 23:15:36 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbuhci.sys
[2008/04/14 00:16:22 | 00,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2002/05/22 21:43:06 | 00,020,023 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\vch.sys
[2003/03/31 06:00:00 | 00,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008/04/13 23:14:42 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys
[2008/04/14 00:06:42 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys
[2008/04/13 23:10:32 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaide.sys
[2008/04/13 23:14:42 | 00,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008/04/13 23:11:02 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\volsnap.sys
[2002/05/22 21:42:56 | 00,026,681 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\wa301a.sys
[2002/05/22 21:42:56 | 00,026,681 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\wa301b.sys
[2008/04/14 00:13:56 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wacompen.sys
[2001/08/08 15:13:30 | 00,012,479 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV01nt.sys
[2001/08/08 15:13:30 | 00,012,031 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV02NT.sys
[2001/08/08 15:13:30 | 00,011,679 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV05NT.sys
[2001/08/08 15:13:30 | 00,011,743 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV07nt.sys
[2001/08/08 15:13:32 | 00,011,231 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV08NT.sys
[2001/08/08 15:13:32 | 00,011,807 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV09NT.sys
[2004/08/03 22:29:42 | 00,011,935 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv11nt.sys
[2008/04/13 23:27:22 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys
[2003/01/10 15:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys
[2001/08/08 15:13:24 | 00,029,215 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV01nt.sys
[2001/08/08 15:13:24 | 00,019,199 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV02NT.sys
[2001/08/08 15:13:26 | 00,033,503 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV04nt.sys
[2001/08/08 15:13:26 | 00,021,791 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV06nt.sys
[2001/08/08 15:13:28 | 00,025,119 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV10nt.sys
[2001/08/08 15:13:24 | 00,023,519 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys
[2008/04/14 04:51:44 | 00,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2003/03/31 06:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmilib.sys
[2005/01/28 12:44:28 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2003/03/31 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2001/08/08 15:13:28 | 00,011,999 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys
[2001/08/08 15:13:28 | 00,019,359 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\wininit.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xjis.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng1.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpa.bak:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINZM.MB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINSP.MB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINPY.MB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winmine.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBDBT32I.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vmhelper.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TWAIN_32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tfswapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynthCore11Resources.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Syncor11.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sol.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SiSParse.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SiSInst.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SiSApCom.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S3Ovrlay.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S3Info2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S3Gamma2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S3Disply.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S11thk32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PyWinTypes22.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\prc.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PhotoImpression Screen Saver.scr:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phonptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phoncode.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phon.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nwiz.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nvsvc32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.kor:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.jpn:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjava.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msir3jp.lex:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msir3jp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mshearts.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msh261.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdayi.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\miniime.tpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mdimon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mapisvc.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lmpgvd.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lmpgspl.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lmpgad.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lcptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lcphrase.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\korwbrkr.lex:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\korwbrkr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jit.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javacypt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxtray.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxsrvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxress.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhk.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdgps.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdev.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxcpl.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmrnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdev5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdd5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iAlmCoIn_0_pv1102.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hypertrm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpzlnt07.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\HPUNINST.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hplink.ico:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Hphc3204.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpaghlpr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hkcmd.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsroute.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\freecell.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DSndUp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wVchNTxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wSiINTxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wCh7xxNT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wATV04nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wATV02NT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wATV01nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wADV05NT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wADV02NT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wADV01nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ssrtln.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sscdbhk5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\smwdm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sisgrp.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SISAGP.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sensupgd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\s3gnbm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\PS2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pfc.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nv4_mini.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nv4.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ltmdmnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmsbw.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmnt5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmkchw.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\i81xnt5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\GEARAspiWDM.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\e100b325.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drvnddm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drvmcdb.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Dot4Prt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aeaudio.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dbmsvinn.dLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dayiptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dayiphr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CleanUp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\chtbrkr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\chsbrkr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_is2022.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_21027.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20949.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20936.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20932.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20290.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20000.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1361.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10008.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10003.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10002.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10001.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\bopomofo.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\big5.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arrayhw.tab:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\array30.tab:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arphr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acode.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a3d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$ncsp$.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\crlds3d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system.tmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SynCor.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\REGLOCS.OLD:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\NCLAUNCH.EXe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB898461.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB898458.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Owner\My Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Owner\Desktop\Calculator.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Owner\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotec.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPrx.prx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Windows Update.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\win.tmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vminst.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\updspapi.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNWISE.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tsoc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedon.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedoff.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauclt1.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\write.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpscheme.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wjview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WISPTIS.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmioctl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBV32I.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VxDMDcDlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\virtear.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VEN2232.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclx50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclsmp50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcljpg50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclie50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclib50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcldbx50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcldb50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclbde50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcl50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VB5DB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umloader.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\thistle_icon.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\teeui50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\teeqr50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\teedb50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tee50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syscontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spupdwxp.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spupdwxp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\speech.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spdwnwxp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SMMedia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slrundll.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisgrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisgl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sis740.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sis650.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shpshftr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scripto.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\S3uninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\S3Ovrlay.cfg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\S3Info2.cfg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\s3gnb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\S3Gamma2.cfg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\S3Disply.cfg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\runclose.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDBios32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qrpt50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PythonCOM22.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\python22.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ps2.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ps2.bat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pcdr_cs.vxd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PCDLIB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OUTLPERF.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OUTLPERF.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\omano.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrszht.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrszhc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrstr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsptb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrspt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsnl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsko.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsja.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrshu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrshe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrses.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrseng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrscs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsar.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvtuicpl.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvshell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrszht.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrszhc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrstr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsptb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrspt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsnl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsko.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsja.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrshu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrshe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrses.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrseng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrscs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsar.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvoglnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvinstnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nview.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nv4_disp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nv4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\npwmsdrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmfast50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nbicdnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NavLogon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswinsck.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msuni11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTKPRP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTDFMT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msssc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjdbc10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msisam11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msawt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplvw7.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplvpx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplvm6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplva6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplaw7.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplapx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplam6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplaa6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mindex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdmxsdk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keep in touch with HP.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_02-b09.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jdbgmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javart.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaprxy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaee.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\instFunc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\installink.bat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INKED.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetdb50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inet50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtrk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtha.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrsve.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrrus.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptg.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrplk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnld.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrkor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrjpn.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrita.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrhun.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrheb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfrc.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfra.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfin.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxresp.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrenu.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxreng.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrell.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdeu.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdan.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcsy.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcht.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrchs.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrarb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrara.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxpph.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtrk.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtha.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhsve.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhrus.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptg.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhplk.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhnor.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhnld.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhkor.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhjpn.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhita.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhhun.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhheb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfrc.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfra.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfin.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhesp.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhenu.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxheng.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhell.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdeu.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdan.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcsy.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcht.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhchs.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxharb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhara.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxeud.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxdo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxdiag.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxcfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ibevnt50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmrem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgicd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgdev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\i81xgicd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\i81xgdev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\i81xdnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\i81xcoin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hticons.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpREG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpojwia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpo5500a.aio:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpo5400a.aio:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpo5300a.aio:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hphsav04.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hphmon04.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hphipr11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hphipm11.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hphidr11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getuname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsperf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscount.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscfgwz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxdb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FXAB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\faxpatch.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx3j.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wATV10nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wATV06nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wadv11nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wADV09NT.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wADV08NT.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wADV07nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wa301b.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wa301a.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Vchnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vch.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smsens.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\slwdmsup.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\slnthal.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\slntamr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\slnt7554.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SiInt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\recagent.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\PcdrNt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ntmtlfax.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netwlan5.img:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mtxparhm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mtlstrm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mtlmnt5.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mdmxsdk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hsfdpsp2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hsfcxts2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hsfbs2s2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\enum1394.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cxthsfs2.cty:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Ch7xxNT5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atv10nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atv06nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atv04nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atv02nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atv01nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ativmc20.cod:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinxsxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinxbxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atintuxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinttxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinsnxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinrvxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinraxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinpdxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinmdxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinbtxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati2mtag.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati2mtaa.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1xsxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1xbxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1tuxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1ttxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1snxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1rvxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1raxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1pdxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1mdxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1btxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv09nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv08nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv07nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv05nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv02nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv01nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a312.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a311.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a310.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a309.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a308.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a307.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a306.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a305.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a304.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a303.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a302.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmcpl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\delphimm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsadsn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cpuinf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.TMP:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clspack.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cc3250mt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cc3250.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\borlndmm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BOCOLE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Bocof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bfc42d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bfc42.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bdeadmin.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bcbmm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avwav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Audio3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATHPRXY.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\setup.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\hpsysdrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\hpsysdrv.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SynthCoreA.Dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\svcpack.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\spupdsvc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Soap Bubbles.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\smscfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setuperr.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupapi.log.0.old:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupact.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setdebug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\sessmgr.setup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\River Sumida.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\regopt.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q315403.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q315000.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q312370.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q311889.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q311842.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q309691.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q309521.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q308677.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q308676.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Prairie Wind.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\pcdlib32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.isu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\OEWABLog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocmsn.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocgen.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ntdtcsetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ntbtlog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msgsocm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\medctroc.Log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893803v2.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893803.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893086.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB891781.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890923.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890859.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890175.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890047.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB888302.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB888113.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB887742.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB887472.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB886185.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885884.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885836.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885835.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885250.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB873339.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB873333.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB867282.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\jautoexp.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\iis6.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\hphmdl11.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\hpfsched.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Greenstone.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Gone Fishing.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FeatherTexture.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FaxSetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DtcInstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\dla.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\corelpf.lrs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\comsetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Coffee Bean.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\cmsetacl.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blue Lace 16.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ALSndMgr.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\002120_.tmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\_default.pif:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\SiSSetup1.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\SiSSetup.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\Symantec AntiVirus\DefWatch.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\iTunesSetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Install_AIM.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\GoogleToolbarInstaller.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\tempdiff.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\ml2.srt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\ml1.srt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\DeadAIM.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wmsetup.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\prcp.nls:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\a234.tbl:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\a15.tbl:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\setupapi.log.1.old:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB896428.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB896422.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB896358.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB893066.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB890046.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB883939.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\DirectX.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\Owner\ntuser.ini:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\fxsclntR.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oemlogo.bmp:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oeminfo.ini:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\nvqtwk.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\nvcpl.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvcp61.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\LCodcCMP.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\hccutils.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\fxssend.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\nv_agp.SYS:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\Dot4usb.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\Dot4scan.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\NCUNINST.EXe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Desktop\HP Memories Disc.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk:KAVICHS
< End of report >


OTL Extras logfile created on: 11/4/2009 9:41:13 AM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.52 Mb Total Physical Memory | 97.91 Mb Available Physical Memory | 19.18% Memory free
1.22 Gb Paging File | 0.68 Gb Available in Paging File | 56.12% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.50 Gb Total Space | 52.31 Gb Free Space | 75.27% Space Free | Partition Type: NTFS
Drive D: | 5.02 Gb Total Space | 0.98 Gb Free Space | 19.59% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 38.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GJC136
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3615762775-810355832-1822439336-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1150114990\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1150114990\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
"C:\Program Files\Common Files\AOL\1150114990\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1150114990\EE\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1150114990\EE\aim6.exe" = C:\Program Files\Common Files\AOL\1150114990\EE\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F8F3415-CB0A-49A6-A23A-D8390444B127}" = DeadAIM
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = DLA
"{1EEE2A9F-6471-42fa-8923-E8879168CE26}" = HP Photo and Imaging 1.1 - Photosmart Cameras
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Productivity Pack
"{314E509B-5C5D-46C8-AE52-46DC7D0A63B6}" = Microsoft Office Excel 2003 Step by Step
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7BBE7E62-9659-436F-85C4-E61EB4A061FA}" = ConceptDraw VI Professional Trial
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® 845G Chipset Graphics Driver Software
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{93FB47FB-4FDF-4131-B5FD-7A37883868E7}" = hp psc 2170 series
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}" = ArcSoft Camera Suite 1.3
"{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}" = Windows Defender
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F7A4D9BE-D989-45B9-BB49-2C0EA34B9991}" = Kublox
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ArcSoft ShowBiz" = ArcSoft ShowBiz
"ArcSoft Software Suite" = ArcSoft Software Suite
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"CSCLIB" = Canon Camera Support Core Library
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"EOS Utility" = Canon Utilities EOS Utility
"HijackThis" = HijackThis 2.0.2
"HP Instant Support" = hp instant support
"HP PSC 2170 Series" = HP Photo and Imaging 2.0 - hp psc 2170 series
"HPTOOLKIT" = hp toolkit
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"InstallShield_{314E509B-5C5D-46C8-AE52-46DC7D0A63B6}" = Microsoft Office Excel 2003 Step by Step
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maxim Goes To College" = Maxim Goes To College Screen Saver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MSN Music Assistant" = MSN Music Assistant
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Panda ActiveScan" = Panda ActiveScan
"PCDoctor" = PC-Doctor for Windows
"PhotoStitch" = Canon Utilities PhotoStitch
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer Basic
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Verizon Yahoo! Applications" = Verizon Yahoo! Applications
"ViewpointMediaPlayer" = Viewpoint Media Player
"Webshots Desktop" = Webshots Desktop
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WordPerfect Productivity Pack" = WordPerfect Productivity Pack
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3615762775-810355832-1822439336-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/23/2009 10:01:55 AM | Computer Name = GJC136 | Source = ESENT | ID = 489
Description = wuauclt (2084) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 9/23/2009 10:01:55 AM | Computer Name = GJC136 | Source = ESENT | ID = 455
Description = wuaueng.dll (2084) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 9/23/2009 10:02:05 AM | Computer Name = GJC136 | Source = ESENT | ID = 489
Description = wuauclt (2084) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 9/23/2009 10:02:05 AM | Computer Name = GJC136 | Source = ESENT | ID = 455
Description = wuaueng.dll (2084) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 10/15/2009 6:01:07 PM | Computer Name = GJC136 | Source = Application Hang | ID = 1002
Description = Hanging application LinksysAdvisor.exe, version 3.1.2.208, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2009 9:39:50 AM | Computer Name = GJC136 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.IRCBot in File: C:\Documents and Settings\Owner\Desktop\setup(2).exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 11/4/2009 9:39:50 AM | Computer Name = GJC136 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.IRCBot in File: C:\Documents and Settings\Owner\Desktop\setup(3).exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 11/4/2009 10:17:29 AM | Computer Name = GJC136 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.IRCBot in File: C:\Recycler\S-1-5-21-3615762775-810355832-1822439336-1003\Dc2164.exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 11/4/2009 10:20:45 AM | Computer Name = GJC136 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\WINDOWS\system32\uhf270.tmp.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 11/4/2009 10:23:01 AM | Computer Name = GJC136 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: C:\Documents and Settings\Owner\Local
Settings\Temp\uhf270.tmp.exe by: Auto-Protect scan. Action: Quarantine succeeded
: Access denied. Action Description: The file was quarantined successfully.

[ System Events ]
Error - 11/1/2009 11:31:41 AM | Computer Name = GJC136 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/1/2009 11:31:41 AM | Computer Name = GJC136 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 11/1/2009 11:53:02 AM | Computer Name = GJC136 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/1/2009 11:53:02 AM | Computer Name = GJC136 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/1/2009 12:07:42 PM | Computer Name = GJC136 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/1/2009 12:07:42 PM | Computer Name = GJC136 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 11/1/2009 12:37:42 PM | Computer Name = GJC136 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 60 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/1/2009 12:37:42 PM | Computer Name = GJC136 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 60 minutes. NtpClient has no source of accurate
time.

Error - 11/1/2009 12:54:38 PM | Computer Name = GJC136 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/1/2009 12:54:38 PM | Computer Name = GJC136 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >


Malwarebytes' Anti-Malware 1.41
Database version: 3098
Windows 5.1.2600 Service Pack 3

11/4/2009 9:29:00 AM
mbam-log-2009-11-04 (09-29-00).txt

Scan type: Quick Scan
Objects scanned: 105423
Time elapsed: 11 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\BlockWatcher (Rogue.BlockWatcher) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Recycler\S-1-5-21-3615762775-810355832-1822439336-1003\Dc2164.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uhf270.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\uhf270.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:35 PM

Posted 04 November 2009 - 06:29 PM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [39 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
    [1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
    [2009/12/28 08:09:32 | 00,005,051 | ---- | C] () -- C:\WINDOWS\System32\3e54s9ywzre344.bin
    [2009/12/27 01:18:44 | 00,012,220 | ---- | C] () -- C:\WINDOWS\z943t5reat1965.exe
    [2009/12/23 22:59:02 | 00,015,843 | ---- | C] () -- C:\WINDOWS\System32\aafth9e5z33.bin
    [2009/12/23 07:44:38 | 00,004,218 | ---- | C] () -- C:\WINDOWS\21054hac9tooz375.dll
    [2009/12/21 20:37:23 | 00,016,222 | ---- | C] () -- C:\WINDOWS\15e4s9arse23z2.dll
    [2009/12/21 10:52:08 | 00,007,203 | ---- | C] () -- C:\WINDOWS\6558szam5ot3c99.bin
    [2009/12/17 12:24:26 | 00,014,478 | ---- | C] () -- C:\WINDOWS\28212tr95z55.bin
    [2009/12/16 07:05:53 | 00,012,821 | ---- | C] () -- C:\WINDOWS\System32\2a8zdownl9ader1659.ocx
    [2009/12/15 11:21:21 | 00,010,303 | ---- | C] () -- C:\WINDOWS\32086nzt-a-virus75e9.cpl
    [2009/12/13 18:53:19 | 00,017,365 | ---- | C] () -- C:\WINDOWS\System32\5091zspy34d.cpl
    [2009/12/13 18:37:55 | 00,003,699 | ---- | C] () -- C:\WINDOWS\System32\9057virusz335.dll
    [2009/12/11 01:08:39 | 00,007,177 | ---- | C] () -- C:\WINDOWS\System32\92023spy75az.ocx
    [2009/12/10 12:33:26 | 00,017,977 | ---- | C] () -- C:\WINDOWS\71dzthi5f9016.exe
    [2009/12/10 06:52:36 | 00,007,956 | ---- | C] () -- C:\WINDOWS\System32\233s952f7z.dll
    [2009/12/09 10:50:52 | 00,010,212 | ---- | C] () -- C:\WINDOWS\499cstea5317z.exe
    [2009/12/09 03:35:04 | 00,016,217 | ---- | C] () -- C:\WINDOWS\2e515hzeat30999.exe
    [2009/12/08 18:49:32 | 00,013,561 | ---- | C] () -- C:\WINDOWS\29504spazbo97e15.ocx
    [2009/12/08 18:04:16 | 00,004,689 | ---- | C] () -- C:\WINDOWS\1ebspzrse58659.dll
    [2009/12/07 23:46:03 | 00,017,841 | ---- | C] () -- C:\WINDOWS\System32\5z329ownloader1321.bin
    [2009/12/06 09:48:46 | 00,005,214 | ---- | C] () -- C:\WINDOWS\c0zs59al1166.ocx
    [2009/12/04 02:02:49 | 00,010,815 | ---- | C] () -- C:\WINDOWS\27554spaz9ot4df.exe
    [2009/12/03 07:15:49 | 00,007,327 | ---- | C] () -- C:\WINDOWS\System32\355aspywaze969.cpl
    [2009/12/02 19:39:24 | 00,014,363 | ---- | C] () -- C:\WINDOWS\97582spzmbo59.exe
    [2009/12/02 09:52:12 | 00,011,895 | ---- | C] () -- C:\WINDOWS\System32\78a3zddware11599.ocx
    [2009/11/28 17:50:02 | 00,003,894 | ---- | C] () -- C:\WINDOWS\14f95ownloadzr1690.dll
    [2009/11/26 17:14:59 | 00,014,289 | ---- | C] () -- C:\WINDOWS\339z5orme99.dll
    [2009/11/23 04:38:34 | 00,003,214 | ---- | C] () -- C:\WINDOWS\4f93bzckdoo52929.bin
    [2009/11/22 12:54:14 | 00,017,774 | ---- | C] () -- C:\WINDOWS\15994vizus55e.exe
    [2009/11/22 09:15:03 | 00,003,924 | ---- | C] () -- C:\WINDOWS\8z035ir9s2cc.exe
    [2009/11/21 11:29:42 | 00,008,660 | ---- | C] () -- C:\WINDOWS\System32\15505nzt-a-vi9u5432.ocx
    [2009/11/20 05:03:32 | 00,016,825 | ---- | C] () -- C:\WINDOWS\System32\cf35z92313.exe
    [2009/11/19 18:52:01 | 00,006,277 | ---- | C] () -- C:\WINDOWS\63zasparse19685.dll
    [2009/11/19 14:58:56 | 00,016,826 | ---- | C] () -- C:\WINDOWS\System32\z168a95ware654.bin
    [2009/11/17 17:57:13 | 00,017,065 | ---- | C] () -- C:\WINDOWS\System32\53f7sparse9325z.dll
    [2009/11/15 05:05:06 | 00,008,019 | ---- | C] () -- C:\WINDOWS\System32\5e2ezac9door444.bin
    [2009/11/14 03:51:48 | 00,003,097 | ---- | C] () -- C:\WINDOWS\539bspyzare801.dll
    [2009/11/12 16:19:55 | 00,012,890 | ---- | C] () -- C:\WINDOWS\System32\z95ds9y5are3103.cpl
    [2009/11/12 01:59:05 | 00,012,358 | ---- | C] () -- C:\WINDOWS\System32\25637not-9-vi5zs267.ocx
    [2009/11/11 13:53:25 | 00,016,230 | ---- | C] () -- C:\WINDOWS\3z57spa9se548.exe
    [2009/11/11 05:06:13 | 00,017,436 | ---- | C] () -- C:\WINDOWS\5zafspyw5re9535.cpl
    [2009/11/09 17:23:45 | 00,004,313 | ---- | C] () -- C:\WINDOWS\3070z9d5are727.dll
    [2009/11/09 05:23:49 | 00,018,391 | ---- | C] () -- C:\WINDOWS\5a9bv9r582z.ocx
    [2009/11/09 04:51:43 | 00,008,983 | ---- | C] () -- C:\WINDOWS\System32\1b99downl5ader2z19.bin
    [2009/11/07 03:14:28 | 00,009,261 | ---- | C] () -- C:\WINDOWS\System32\4d0zdown5oader9689.bin
    [2009/11/06 11:31:55 | 00,017,064 | ---- | C] () -- C:\WINDOWS\532zdownload5r2619.ocx
    [2009/11/05 21:34:40 | 00,008,929 | ---- | C] () -- C:\WINDOWS\z4a8spywa9e1527.ocx
    [2009/11/04 17:10:41 | 00,007,776 | ---- | C] () -- C:\WINDOWS\295addware198z.ocx
    [2009/11/02 18:03:28 | 00,013,388 | ---- | C] () -- C:\WINDOWS\95b5thief1z03.exe
    [2009/11/01 17:08:04 | 00,005,692 | ---- | C] () -- C:\WINDOWS\57dcste5lz993.ocx
    [2009/11/01 14:46:42 | 00,017,225 | ---- | C] () -- C:\WINDOWS\537steal3z985.cpl
    [2009/10/30 21:10:57 | 00,016,551 | ---- | C] () -- C:\WINDOWS\System32\5b9ast5az70.ocx
    [2009/10/30 21:10:57 | 00,006,924 | ---- | C] () -- C:\WINDOWS\3ez9v591179.dll
    [2009/10/30 21:10:55 | 00,018,271 | ---- | C] () -- C:\WINDOWS\System32\3894vir21z65.cpl
    [2009/10/30 21:10:55 | 00,012,457 | ---- | C] () -- C:\WINDOWS\System32\4ba8bac5dz9r1314.exe
    [2009/10/30 21:10:55 | 00,011,642 | ---- | C] () -- C:\WINDOWS\50589ackdooz2592.dll
    [2009/10/30 21:10:53 | 00,012,916 | ---- | C] () -- C:\WINDOWS\System32\93436spy415z.dll
    [2009/10/30 21:10:53 | 00,010,918 | ---- | C] () -- C:\WINDOWS\3c99zackdo5r1804.dll
    [2009/10/30 21:10:53 | 00,008,682 | ---- | C] () -- C:\WINDOWS\System32\49dcspyware93z5.exe
    [2009/10/30 21:10:53 | 00,003,326 | ---- | C] () -- C:\WINDOWS\62eb5p9rse261z.dll
    [2009/10/30 21:10:53 | 00,002,561 | ---- | C] () -- C:\WINDOWS\System32\4084sp9wzr52794.bin
    [2009/10/30 21:10:52 | 00,009,899 | ---- | C] () -- C:\WINDOWS\System32\2c86sp95sez789.exe
    [2009/10/30 21:10:50 | 00,014,869 | ---- | C] () -- C:\WINDOWS\System32\6eecdownloade91z59.cpl
    [2009/10/30 21:10:50 | 00,009,994 | ---- | C] () -- C:\WINDOWS\System32\28837n9t-a-v5zus6a2.bin
    [2009/10/30 21:10:50 | 00,007,536 | ---- | C] () -- C:\WINDOWS\System32\5bcbackdooz496.cpl
    [2009/10/30 21:10:50 | 00,007,035 | ---- | C] () -- C:\WINDOWS\7f8z9p5ware14.exe
    [2009/10/30 21:10:50 | 00,004,727 | ---- | C] () -- C:\WINDOWS\15999szy59.dll
    [2009/10/30 21:10:50 | 00,004,595 | ---- | C] () -- C:\WINDOWS\592zsparse9628.dll
    [2009/10/30 21:10:50 | 00,003,182 | ---- | C] () -- C:\WINDOWS\System32\zcb195arse1187.ocx
    [2009/10/30 21:10:50 | 00,003,065 | ---- | C] () -- C:\WINDOWS\z340addwa9e3075.exe
    [2009/10/30 21:10:49 | 00,011,681 | ---- | C] () -- C:\WINDOWS\4dc99hreatz959.ocx
    [2009/10/30 21:10:47 | 00,013,199 | ---- | C] () -- C:\WINDOWS\54510tr9z99.ocx
    [2009/10/30 21:10:47 | 00,013,131 | ---- | C] () -- C:\WINDOWS\4087sz5r9e2091.exe
    [2009/10/30 21:10:46 | 00,014,038 | ---- | C] () -- C:\WINDOWS\94759zroj5f5.exe
    [2009/10/30 21:10:46 | 00,012,701 | ---- | C] () -- C:\WINDOWS\9688worz2955.dll
    [2009/10/30 21:10:46 | 00,010,738 | ---- | C] () -- C:\WINDOWS\System32\6945viru514z.bin
    [2009/10/30 21:10:46 | 00,009,666 | ---- | C] () -- C:\WINDOWS\System32\4b92backdoor5z27.bin
    [2009/10/30 21:10:46 | 00,008,311 | ---- | C] () -- C:\WINDOWS\2a95s95zare2058.ocx
    [2009/10/30 21:10:45 | 00,011,252 | ---- | C] () -- C:\WINDOWS\System32\2c89tzi5f692.cpl
    [2009/10/30 21:10:45 | 00,009,601 | ---- | C] () -- C:\WINDOWS\System32\75c1addw9ze1810.cpl
    [2009/10/30 21:10:45 | 00,008,072 | ---- | C] () -- C:\WINDOWS\8735s5z7a9.exe
    [2009/10/30 21:10:45 | 00,005,314 | ---- | C] () -- C:\WINDOWS\System32\1z95parse29919.dll
    [2009/10/30 21:10:45 | 00,002,867 | ---- | C] () -- C:\WINDOWS\System32\1bz1b9ckdoor657.exe
    [2009/10/30 21:10:44 | 00,016,060 | ---- | C] () -- C:\WINDOWS\2052spamzot9a15.ocx
    [2009/10/30 21:10:43 | 00,017,571 | ---- | C] () -- C:\WINDOWS\z9776viru5198.ocx
    [2009/10/30 21:10:43 | 00,016,314 | ---- | C] () -- C:\WINDOWS\102eadzw5re799.ocx
    [2009/10/30 21:10:43 | 00,015,336 | ---- | C] () -- C:\WINDOWS\259bs5arse1z48.ocx
    [2009/10/30 21:10:43 | 00,013,963 | ---- | C] () -- C:\WINDOWS\System32\z848download952550.cpl
    [2009/10/30 21:10:43 | 00,012,344 | ---- | C] () -- C:\WINDOWS\597avzr460.cpl
    [2009/10/30 21:10:43 | 00,003,803 | ---- | C] () -- C:\WINDOWS\5371t5rzat271139.ocx
    [2009/10/30 21:10:43 | 00,003,415 | ---- | C] () -- C:\WINDOWS\9f3downloader91z5.ocx
    [2009/10/30 21:10:43 | 00,002,950 | ---- | C] () -- C:\WINDOWS\2z1cspars928245.dll
    [2009/10/30 21:10:42 | 00,013,855 | ---- | C] () -- C:\WINDOWS\System32\96742spam5ot4eaz.dll
    [2009/10/30 21:10:42 | 00,013,676 | ---- | C] () -- C:\WINDOWS\System32\zebdv5r1659.dll
    [2009/10/30 21:10:42 | 00,013,274 | ---- | C] () -- C:\WINDOWS\System32\5e49v5z3232.exe
    [2009/10/30 21:10:42 | 00,012,274 | ---- | C] () -- C:\WINDOWS\7ca15tezl949.dll
    [2009/10/30 21:10:42 | 00,011,169 | ---- | C] () -- C:\WINDOWS\System32\721b5tezl291.cpl
    [2009/10/30 21:10:42 | 00,010,819 | ---- | C] () -- C:\WINDOWS\21915spambz5539.exe
    [2009/10/30 21:10:42 | 00,010,728 | ---- | C] () -- C:\WINDOWS\System32\18e45own9oadez185.dll
    [2009/10/30 21:10:42 | 00,010,622 | ---- | C] () -- C:\WINDOWS\System32\14dcback9oo5748z.ocx
    [2009/10/30 21:10:42 | 00,009,401 | ---- | C] () -- C:\WINDOWS\System32\5515ztroj1b9.dll
    [2009/10/30 21:10:42 | 00,009,369 | ---- | C] () -- C:\WINDOWS\System32\5429spyw9ze2265.dll
    [2009/10/30 21:10:42 | 00,008,151 | ---- | C] () -- C:\WINDOWS\771095rz35c.ocx
    [2009/10/30 21:10:42 | 00,007,971 | ---- | C] () -- C:\WINDOWS\System32\23908hacztoo5119.dll
    [2009/10/30 21:10:42 | 00,006,900 | ---- | C] () -- C:\WINDOWS\39zathre5t97679.exe
    [2009/10/30 21:10:42 | 00,006,246 | ---- | C] () -- C:\WINDOWS\System32\4260t5zj5e59.dll
    [2009/10/30 21:10:42 | 00,004,221 | ---- | C] () -- C:\WINDOWS\System32\6960t5zeat99094.dll
    [2009/10/30 21:10:42 | 00,002,517 | ---- | C] () -- C:\WINDOWS\System32\1z75v9r1678.cpl
    [2009/10/30 21:10:41 | 00,018,098 | ---- | C] () -- C:\WINDOWS\21165s5z1b19.bin
    [2009/10/30 21:10:41 | 00,017,844 | ---- | C] () -- C:\WINDOWS\62025roj39z.bin
    [2009/10/30 21:10:41 | 00,017,800 | ---- | C] () -- C:\WINDOWS\z4505ot-a-viru9442.exe
    [2009/10/30 21:10:41 | 00,016,839 | ---- | C] () -- C:\WINDOWS\System32\9956viruz653.bin
    [2009/10/30 21:10:41 | 00,015,575 | ---- | C] () -- C:\WINDOWS\12593nzt-9-virus170.dll
    [2009/10/30 21:10:41 | 00,013,988 | ---- | C] () -- C:\WINDOWS\cz7backd9or4275.exe
    [2009/10/30 21:10:41 | 00,013,783 | ---- | C] () -- C:\WINDOWS\System32\1b5zspyware29009.cpl
    [2009/10/30 21:10:41 | 00,013,567 | ---- | C] () -- C:\WINDOWS\System32\1953stezl19215.cpl
    [2009/10/30 21:10:41 | 00,010,319 | ---- | C] () -- C:\WINDOWS\5459addware1920z.cpl
    [2009/10/30 21:10:41 | 00,008,131 | ---- | C] () -- C:\WINDOWS\System32\32240tzoj3159.exe
    [2009/10/30 21:10:41 | 00,004,464 | ---- | C] () -- C:\WINDOWS\9c58vir63z.ocx
    [2009/10/30 21:10:40 | 00,017,827 | ---- | C] () -- C:\WINDOWS\37375orm9z0.exe
    [2009/10/30 21:10:40 | 00,017,065 | ---- | C] () -- C:\WINDOWS\System32\36z09pyware2952.ocx
    [2009/10/30 21:10:40 | 00,015,543 | ---- | C] () -- C:\WINDOWS\System32\21759zroj98.cpl
    [2009/10/30 21:10:40 | 00,014,633 | ---- | C] () -- C:\WINDOWS\90259zrus452.dll
    [2009/10/30 21:10:40 | 00,012,112 | ---- | C] () -- C:\WINDOWS\53414not9a-virus5b0z.bin
    [2009/10/30 21:10:40 | 00,011,989 | ---- | C] () -- C:\WINDOWS\System32\5c599irz278.exe
    [2009/10/30 21:10:40 | 00,011,622 | ---- | C] () -- C:\WINDOWS\1f3b9hrz5t20543.bin
    [2009/10/30 21:10:40 | 00,011,051 | ---- | C] () -- C:\WINDOWS\55999orz353.dll
    [2009/10/30 21:10:40 | 00,008,309 | ---- | C] () -- C:\WINDOWS\System32\5659thre5t1z419.bin
    [2009/10/30 21:10:40 | 00,007,549 | ---- | C] () -- C:\WINDOWS\System32\6c29st5al2586z.dll
    [2009/10/30 21:10:40 | 00,006,890 | ---- | C] () -- C:\WINDOWS\99efdow5lzader2959.bin
    [2009/10/30 21:10:40 | 00,006,844 | ---- | C] () -- C:\WINDOWS\System32\59193trojz9a.cpl
    [2009/10/30 21:10:40 | 00,005,136 | ---- | C] () -- C:\WINDOWS\1z898w9r5146.bin
    [2009/10/30 21:10:40 | 00,003,555 | ---- | C] () -- C:\WINDOWS\System32\z095worm32d9.bin
    [2009/10/30 21:10:39 | 00,017,829 | ---- | C] () -- C:\WINDOWS\System32\55zethre9t5067.ocx
    [2009/10/30 21:10:39 | 00,013,709 | ---- | C] () -- C:\WINDOWS\8b9d9wnlzader8975.cpl
    [2009/10/30 21:10:39 | 00,012,233 | ---- | C] () -- C:\WINDOWS\795backd5or1333z.cpl
    [2009/10/30 21:10:39 | 00,008,823 | ---- | C] () -- C:\WINDOWS\22129nzt-a-vir5s5b9.dll
    [2009/10/30 21:10:39 | 00,002,745 | ---- | C] () -- C:\WINDOWS\System32\166athzef1592.ocx
    [2009/10/30 21:10:38 | 00,015,945 | ---- | C] () -- C:\WINDOWS\77zfsteal1957.cpl
    [2009/10/30 21:10:38 | 00,014,583 | ---- | C] () -- C:\WINDOWS\System32\19291zot-a-virus5be.dll
    [2009/10/30 21:10:38 | 00,008,605 | ---- | C] () -- C:\WINDOWS\2zb9sparse9550.dll
    [2009/10/30 21:10:38 | 00,002,819 | ---- | C] () -- C:\WINDOWS\5450v9z1049.dll
    [2009/10/30 21:10:38 | 00,002,708 | ---- | C] () -- C:\WINDOWS\28855t5o974z.dll
    [2009/10/30 21:10:37 | 00,014,093 | ---- | C] () -- C:\WINDOWS\70dzth9eat25199.dll
    [2009/10/30 21:10:37 | 00,007,122 | ---- | C] () -- C:\WINDOWS\System32\5654ste5lz197.ocx
    [2009/10/30 21:10:37 | 00,006,491 | ---- | C] () -- C:\WINDOWS\6c9azpyware517.dll
    [2009/10/30 21:10:37 | 00,004,047 | ---- | C] () -- C:\WINDOWS\44bfspy5are988z.ocx
    [2009/10/30 21:10:36 | 00,016,950 | ---- | C] () -- C:\WINDOWS\System32\321fsz9w5re681.bin
    [2009/10/30 21:10:36 | 00,016,495 | ---- | C] () -- C:\WINDOWS\5ec8downzo5der908.bin
    [2009/10/30 21:10:36 | 00,012,696 | ---- | C] () -- C:\WINDOWS\System32\29032ha5ktzol8f.cpl
    [2009/10/30 21:10:36 | 00,011,784 | ---- | C] () -- C:\WINDOWS\6714s5yzare9895.ocx
    [2009/10/30 21:10:36 | 00,011,518 | ---- | C] () -- C:\WINDOWS\2985hacktool60z.cpl
    [2009/10/30 21:10:36 | 00,010,887 | ---- | C] () -- C:\WINDOWS\System32\13939sp5mbotza4.bin
    [2009/10/30 21:10:36 | 00,010,430 | ---- | C] () -- C:\WINDOWS\6220haz9too5752.dll
    [2009/10/30 21:10:36 | 00,006,749 | ---- | C] () -- C:\WINDOWS\System32\15110s9y7dz.bin
    [2009/10/30 21:10:36 | 00,005,306 | ---- | C] () -- C:\WINDOWS\System32\90z53hacktool69d.dll
    [2009/10/30 21:10:35 | 00,017,894 | ---- | C] () -- C:\WINDOWS\System32\6beesteal3z95.dll
    [2009/10/30 21:10:35 | 00,012,434 | ---- | C] () -- C:\WINDOWS\System32\f1zhr9at14152.bin
    [2009/10/30 21:10:35 | 00,011,376 | ---- | C] () -- C:\WINDOWS\System32\5195viz52.dll
    [2009/10/30 21:10:35 | 00,009,418 | ---- | C] () -- C:\WINDOWS\System32\4071h5ckt9ozef.ocx
    [2009/10/30 21:10:35 | 00,008,940 | ---- | C] () -- C:\WINDOWS\49255ir108z.ocx
    [2009/10/30 21:10:35 | 00,008,714 | ---- | C] () -- C:\WINDOWS\369zno9-a-v5rus582.dll
    [2009/10/30 21:10:35 | 00,007,963 | ---- | C] () -- C:\WINDOWS\System32\29a9steal315z5.exe
    [2009/10/30 21:10:35 | 00,007,878 | ---- | C] () -- C:\WINDOWS\99cfthi5fz125.dll
    [2009/10/30 21:10:35 | 00,003,414 | ---- | C] () -- C:\WINDOWS\System32\735znot-a-v5ru9e5.dll
    [2009/10/30 21:10:33 | 00,018,312 | ---- | C] () -- C:\WINDOWS\24z7t59ef2751.ocx
    [2009/10/30 21:10:32 | 00,017,537 | ---- | C] () -- C:\WINDOWS\System32\5c889teaz2325.cpl
    [2009/10/30 21:10:32 | 00,011,018 | ---- | C] () -- C:\WINDOWS\7575worz5d49.ocx
    [2009/10/30 21:10:32 | 00,010,123 | ---- | C] () -- C:\WINDOWS\System32\196709ackt5zl456.exe
    [2009/10/30 21:10:32 | 00,008,828 | ---- | C] () -- C:\WINDOWS\9973w9rm35z.ocx
    [2009/10/30 21:10:32 | 00,008,407 | ---- | C] () -- C:\WINDOWS\System32\5049stzal1097.bin
    [2009/10/30 21:10:32 | 00,007,322 | ---- | C] () -- C:\WINDOWS\2efbackd5oz9215.dll
    [2009/10/27 15:29:44 | 00,007,958 | ---- | C] () -- C:\WINDOWS\7571sp59arz398.dll
    [2009/10/27 00:21:59 | 00,003,373 | ---- | C] () -- C:\WINDOWS\z500w59m5dc.ocx
    [2009/10/26 21:53:06 | 00,012,731 | ---- | C] () -- C:\WINDOWS\33b5downlzader1499.bin
    [2009/10/26 15:51:50 | 00,014,991 | ---- | C] () -- C:\WINDOWS\293fthi5f39z.exe
    [2009/10/23 15:33:56 | 00,013,737 | ---- | C] () -- C:\WINDOWS\System32\40a59pyzare527.ocx
    [2009/10/23 12:12:22 | 00,013,109 | ---- | C] () -- C:\WINDOWS\System32\7ef49own5oader125z.cpl
    [2009/10/23 00:52:24 | 00,006,155 | ---- | C] () -- C:\WINDOWS\19700virz54379.exe
    [2009/10/09 03:01:04 | 00,002,788 | ---- | C] () -- C:\WINDOWS\14719sp51c8z.dll
    [2009/10/08 02:02:30 | 00,002,630 | ---- | C] () -- C:\WINDOWS\System32\z5891sp55ac.dll
    [2009/09/13 18:31:40 | 00,015,174 | ---- | C] () -- C:\WINDOWS\4533szars91420.dll
    [2009/09/07 15:11:18 | 00,017,413 | ---- | C] () -- C:\WINDOWS\System32\53329iru57az.dll
    [2009/09/07 09:54:30 | 00,010,605 | ---- | C] () -- C:\WINDOWS\System32\15753zp536e9.dll
    [2009/09/04 08:55:11 | 00,010,073 | ---- | C] () -- C:\WINDOWS\52674wormz2d9.dll
    [2009/08/31 21:48:10 | 00,018,309 | ---- | C] () -- C:\WINDOWS\75c8stea9z15.dll
    [2009/08/23 16:22:01 | 00,008,977 | ---- | C] () -- C:\WINDOWS\56c5addware9z1.dll
    [2009/08/22 00:50:35 | 00,017,380 | ---- | C] () -- C:\WINDOWS\System32\8259t5oj2z8.dll
    [2009/08/21 23:02:35 | 00,009,274 | ---- | C] () -- C:\WINDOWS\25089zrus359.dll
    [2009/08/21 09:10:58 | 00,012,468 | ---- | C] () -- C:\WINDOWS\System32\61z39ir2805.dll
    [2009/08/16 18:31:50 | 00,012,609 | ---- | C] () -- C:\WINDOWS\System32\2z158h5cktoo9265.dll
    [2009/08/15 03:08:32 | 00,002,877 | ---- | C] () -- C:\WINDOWS\7290w5rm79z.dll
    [2009/08/08 07:48:40 | 00,014,925 | ---- | C] () -- C:\WINDOWS\System32\48e0addwarz5039.dll
    [2009/08/07 00:29:21 | 00,013,014 | ---- | C] () -- C:\WINDOWS\z79dstea52963.dll
    [2009/08/05 03:54:40 | 00,017,246 | ---- | C] () -- C:\WINDOWS\System32\1f66zpy9a5e2073.dll
    [2009/08/03 06:10:11 | 00,012,103 | ---- | C] () -- C:\WINDOWS\System32\3331v59us34bz.dll
    [2009/07/20 02:43:32 | 00,007,394 | ---- | C] () -- C:\WINDOWS\z8057spy559.dll
    [2009/07/14 09:37:26 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\41b6backdzo91075.dll
    [2009/07/11 19:30:26 | 00,016,163 | ---- | C] () -- C:\WINDOWS\System32\39z9threat70785.dll
    [2009/07/09 11:55:51 | 00,013,488 | ---- | C] () -- C:\WINDOWS\System32\61bzspywar5196.dll
    [2009/07/05 23:46:00 | 00,015,889 | ---- | C] () -- C:\WINDOWS\5z59viru5299.dll
    [2009/06/26 23:41:59 | 00,015,531 | ---- | C] () -- C:\WINDOWS\System32\4895stezl2699.dll
    [2009/06/23 13:13:01 | 00,002,649 | ---- | C] () -- C:\WINDOWS\z62espy5ar93192.dll
    [2009/06/19 02:08:12 | 00,017,333 | ---- | C] () -- C:\WINDOWS\51bz9teal220.dll
    [2009/06/17 22:17:46 | 00,015,647 | ---- | C] () -- C:\WINDOWS\System32\66czs95al2774.dll
    [2009/06/17 01:36:50 | 00,015,981 | ---- | C] () -- C:\WINDOWS\581zbackd5o92362.dll
    [2009/06/16 16:52:28 | 00,008,621 | ---- | C] () -- C:\WINDOWS\5e53th9eat2372z.dll
    [2009/06/13 14:12:39 | 00,017,661 | ---- | C] () -- C:\WINDOWS\System32\39845spy5z9.dll
    [2009/06/05 09:48:50 | 00,011,599 | ---- | C] () -- C:\WINDOWS\System32\5a79backdoor3z875.dll
    [2009/06/04 08:55:56 | 00,015,891 | ---- | C] () -- C:\WINDOWS\System32\1791z9roj5d.dll
    [2009/06/02 05:58:11 | 00,009,157 | ---- | C] () -- C:\WINDOWS\System32\281z7w9rm59a.dll
    [2009/05/27 11:06:34 | 00,017,473 | ---- | C] () -- C:\WINDOWS\System32\779zn95-a-virus2fc.dll
    [2009/05/17 01:50:26 | 00,004,454 | ---- | C] () -- C:\WINDOWS\System32\47ffd9wnlo5dzr545.dll
    [2009/05/14 15:05:02 | 00,016,924 | ---- | C] () -- C:\WINDOWS\System32\15ffzow9load5r931.dll
    [2009/04/13 04:34:11 | 00,012,215 | ---- | C] () -- C:\WINDOWS\24209wo5z710.dll
    [2009/04/12 05:35:40 | 00,017,818 | ---- | C] () -- C:\WINDOWS\System32\19545pywarz2411.dll
    [2009/04/04 16:50:35 | 00,011,848 | ---- | C] () -- C:\WINDOWS\System32\71f1ba9zdoor1005.dll
    [2009/03/10 02:06:08 | 00,007,924 | ---- | C] () -- C:\WINDOWS\System32\75c5addware27z29.dll
    [2009/03/07 18:56:28 | 00,008,961 | ---- | C] () -- C:\WINDOWS\95724spambozfa.dll
    [2009/03/04 05:20:31 | 00,014,440 | ---- | C] () -- C:\WINDOWS\System32\59efszarse1388.dll
    [2009/03/02 23:42:18 | 00,011,320 | ---- | C] () -- C:\WINDOWS\System32\5566thr9at1195z.dll
    [2009/03/02 02:53:03 | 00,006,523 | ---- | C] () -- C:\WINDOWS\54460wzrm18f9.dll
    [2009/02/24 04:49:59 | 00,006,771 | ---- | C] () -- C:\WINDOWS\System32\2497dowz5oader2297.dll
    [2009/02/11 05:00:15 | 00,007,425 | ---- | C] () -- C:\WINDOWS\System32\38vir297z5.dll
    [2009/01/17 17:50:28 | 00,008,909 | ---- | C] () -- C:\WINDOWS\299275acktool260z.dll
    [2009/01/16 14:20:16 | 00,014,112 | ---- | C] () -- C:\WINDOWS\26574viruzd9.dll
    [2009/01/08 15:14:47 | 00,005,881 | ---- | C] () -- C:\WINDOWS\349zaddwar917195.dll
    [2009/01/06 09:04:03 | 00,010,735 | ---- | C] () -- C:\WINDOWS\7665hackzo5l6559.dll
    [2009/01/05 20:27:38 | 00,005,478 | ---- | C] () -- C:\WINDOWS\System32\651cvir1z609.dll
    [2009/01/05 04:18:47 | 00,008,477 | ---- | C] () -- C:\WINDOWS\25428tro95bz.dll
    [2009/01/01 00:26:21 | 00,002,648 | ---- | C] () -- C:\WINDOWS\59a8s5eal1z94.dll
    [2008/12/18 14:27:17 | 00,013,675 | ---- | C] () -- C:\WINDOWS\System32\343c5ddwa9e24z6.dll
    [2008/12/16 14:07:07 | 00,011,145 | ---- | C] () -- C:\WINDOWS\55c2addzare17985.dll
    [2008/12/11 23:26:54 | 00,004,144 | ---- | C] () -- C:\WINDOWS\255z69roj352.dll
    [2008/12/09 03:54:31 | 00,014,362 | ---- | C] () -- C:\WINDOWS\System32\925zackto9l35b.dll
    [2008/12/08 05:37:29 | 00,011,853 | ---- | C] () -- C:\WINDOWS\15403trzj49.dll
    [2008/12/03 00:14:30 | 00,006,213 | ---- | C] () -- C:\WINDOWS\4350troj5z9.dll
    [2008/11/23 16:40:07 | 00,007,363 | ---- | C] () -- C:\WINDOWS\1z9265orm5e3.dll
    [2008/11/04 19:59:47 | 00,009,017 | ---- | C] () -- C:\WINDOWS\fz9v5r697.dll
    [2008/10/27 05:53:43 | 00,011,337 | ---- | C] () -- C:\WINDOWS\System32\79dbzddware5975.dll
    [2008/10/07 01:23:57 | 00,003,127 | ---- | C] () -- C:\WINDOWS\System32\29ecaz9ware5765.dll
    [2008/10/05 07:05:42 | 00,007,768 | ---- | C] () -- C:\WINDOWS\System32\1c49sp5ware1z59.dll
    [2008/10/02 19:24:15 | 00,011,806 | ---- | C] () -- C:\WINDOWS\3339downlo5der1z94.dll
    [2008/09/15 17:02:53 | 00,015,850 | ---- | C] () -- C:\WINDOWS\System32\19847hacktoo59bdz.dll
    [2008/09/11 07:50:31 | 00,004,351 | ---- | C] () -- C:\WINDOWS\187749p575z.dll
    [2008/08/24 13:19:42 | 00,009,280 | ---- | C] () -- C:\WINDOWS\9984zr5j3b.dll
    [2008/07/24 20:44:34 | 00,011,401 | ---- | C] () -- C:\WINDOWS\306559irzs6a0.dll
    [2008/07/19 11:11:02 | 00,009,315 | ---- | C] () -- C:\WINDOWS\System32\2f0zs9eal765.dll
    [2008/07/19 01:55:13 | 00,003,978 | ---- | C] () -- C:\WINDOWS\6958spa9ze23595.dll
    [2008/07/15 23:05:33 | 00,011,541 | ---- | C] () -- C:\WINDOWS\System32\186es59al206z.dll
    [2008/07/10 10:08:20 | 00,004,991 | ---- | C] () -- C:\WINDOWS\911zdownloade51843.dll
    [2008/07/08 19:38:24 | 00,008,427 | ---- | C] () -- C:\WINDOWS\98b55pywarz230.dll
    [2008/07/06 22:25:51 | 00,003,037 | ---- | C] () -- C:\WINDOWS\System32\9755worm798z.dll
    [2008/07/05 03:14:35 | 00,017,784 | ---- | C] () -- C:\WINDOWS\594esp5rze9456.dll
    [2008/07/04 09:48:18 | 00,017,130 | ---- | C] () -- C:\WINDOWS\System32\13100w5rm719z.dll
    [2008/07/01 23:37:03 | 00,013,313 | ---- | C] () -- C:\WINDOWS\635zv9r1161.dll
    [2008/06/16 13:21:24 | 00,013,464 | ---- | C] () -- C:\WINDOWS\System32\17515zorm2c19.dll
    [2008/05/21 13:07:58 | 00,004,868 | ---- | C] () -- C:\WINDOWS\System32\3a79zhreat112245.dll
    [2008/05/19 13:12:30 | 00,005,114 | ---- | C] () -- C:\WINDOWS\184z35irus559.dll
    [2008/05/18 19:11:22 | 00,008,794 | ---- | C] () -- C:\WINDOWS\9751spy96z5.dll
    [2008/05/11 01:04:55 | 00,003,605 | ---- | C] () -- C:\WINDOWS\6e069ownloaderz50.dll
    [2008/05/09 19:14:56 | 00,008,215 | ---- | C] () -- C:\WINDOWS\5cc75zdwar923.dll
    [2008/05/01 03:39:05 | 00,015,088 | ---- | C] () -- C:\WINDOWS\902wzr51d6.dll
    [2008/04/19 08:11:08 | 00,005,326 | ---- | C] () -- C:\WINDOWS\5z799virus566.dll
    [2008/04/14 06:19:15 | 00,002,789 | ---- | C] () -- C:\WINDOWS\50779hazktool11d.dll
    [2008/03/22 19:15:45 | 00,004,084 | ---- | C] () -- C:\WINDOWS\2z4565i9us3b4.dll
    [2008/03/18 22:09:14 | 00,013,069 | ---- | C] () -- C:\WINDOWS\5z975teal2599.dll
    [2008/03/13 20:45:45 | 00,013,090 | ---- | C] () -- C:\WINDOWS\212szywa9e6535.dll
    [2008/03/13 15:10:44 | 00,009,928 | ---- | C] () -- C:\WINDOWS\System32\28756no9-a-virus3zc.dll
    [2008/03/11 03:43:00 | 00,017,385 | ---- | C] () -- C:\WINDOWS\7166zroj59a.dll
    [2008/03/07 10:57:31 | 00,010,914 | ---- | C] () -- C:\WINDOWS\System32\39c15ir316z.dll
    [2008/03/04 13:09:46 | 00,016,953 | ---- | C] () -- C:\WINDOWS\z640n5t-a-virus93d.dll
    [2008/02/27 22:39:11 | 00,006,758 | ---- | C] () -- C:\WINDOWS\25216spy95z.dll
    [2008/02/26 03:15:47 | 00,013,198 | ---- | C] () -- C:\WINDOWS\System32\38935py4z8.dll
    [2008/02/24 07:05:51 | 00,004,669 | ---- | C] () -- C:\WINDOWS\System32\6754t5rza91259.dll
    [2008/02/20 21:57:48 | 00,002,918 | ---- | C] () -- C:\WINDOWS\30605tzoj1589.dll
    [2008/02/17 15:21:48 | 00,005,221 | ---- | C] () -- C:\WINDOWS\System32\351595eal27z3.dll
    [2008/02/17 10:46:32 | 00,013,782 | ---- | C] () -- C:\WINDOWS\System32\24a3backdoorz5859.dll
    [2008/02/12 10:02:52 | 00,007,262 | ---- | C] () -- C:\WINDOWS\System32\4aecba9kdoo5115z.dll
    [2008/02/07 18:00:22 | 00,015,350 | ---- | C] () -- C:\WINDOWS\System32\z8cfspyware9935.dll
    [2008/01/16 09:03:18 | 00,003,438 | ---- | C] () -- C:\WINDOWS\System32\15725vzrusf59.dll
    [2008/01/12 06:07:04 | 00,016,336 | ---- | C] () -- C:\WINDOWS\System32\769cszeal15365.dll
    [2008/01/08 13:17:00 | 00,012,378 | ---- | C] () -- C:\WINDOWS\System32\2465baczdoor1898.dll
    [2008/01/06 07:57:54 | 00,011,773 | ---- | C] () -- C:\WINDOWS\21968not-z-v5ru9f4.dll
    [2008/01/03 22:21:16 | 00,016,987 | ---- | C] () -- C:\WINDOWS\14734noz5a-virus6329.dll
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 epm522

epm522
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 04 November 2009 - 07:59 PM

I ran the OTL fix you sent. When it was running 'Empty Temp' I got an error window that stated 'Range Check Error'. I closed the window and waited and nothing happened. The OTL message box said the EMpty Temp was running and not to interrupt but after 10 minutes I closed OTL and did manual reboot. When windows opened I got this message in a notepad:



Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

I am not sure what to do now. Should I run OTL scan now?

Thanks

Ed

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:35 PM

Posted 04 November 2009 - 08:07 PM

Yes, go ahead and run it and post the resulting log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 epm522

epm522
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 04 November 2009 - 09:12 PM

Here is the log:

OTL logfile created on: 11/4/2009 9:03:05 PM - Run 2
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.52 Mb Total Physical Memory | 131.00 Mb Available Physical Memory | 25.66% Memory free
1.22 Gb Paging File | 0.67 Gb Available in Paging File | 54.66% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.50 Gb Total Space | 56.33 Gb Free Space | 81.05% Space Free | Partition Type: NTFS
Drive D: | 5.02 Gb Total Space | 0.98 Gb Free Space | 19.59% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 38.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GJC136
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/04 09:39:53 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/10/29 08:42:07 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/24 12:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 12:25:22 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/14 04:42:30 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
PRC - [2008/04/14 04:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 17:16:42 | 00,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2006/05/09 19:24:16 | 00,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1150114990\EE\aolsoftware.exe
PRC - [2006/02/23 14:45:20 | 00,278,528 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2006/02/23 14:45:06 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/03/30 00:35:55 | 00,040,960 | ---- | M] (Northcode Inc.) -- C:\WINDOWS\NCLAUNCH.EXe
PRC - [2004/10/18 16:42:18 | 00,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
PRC - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 00,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/03/12 14:18:32 | 00,124,128 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2004/03/12 14:17:46 | 01,221,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/03/12 14:17:10 | 00,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/02/18 12:55:28 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2003/12/22 07:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2003/04/06 00:06:58 | 00,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/05 23:55:04 | 00,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/05 23:45:10 | 00,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/05 23:37:10 | 00,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2003/03/09 15:31:02 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/03/09 15:30:52 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
PRC - [2002/10/06 23:23:20 | 00,090,112 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
PRC - [2002/07/16 10:03:00 | 00,106,549 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2002/05/15 05:29:02 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2002/05/15 05:20:50 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2001/08/18 07:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\calc.exe
PRC - [2001/07/06 23:56:56 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\KBD.EXE
PRC - [1998/05/07 18:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009/11/04 09:39:53 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/14 04:42:52 | 01,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 04:42:02 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/14 04:41:54 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2007/04/19 13:21:40 | 00,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
MOD - [2001/10/04 16:50:08 | 00,040,820 | ---- | M] (SoundMAX) -- C:\WINDOWS\system32\Syncor11.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (AOL ACS)
SRV - [2008/04/24 12:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2)
SRV - [2008/04/14 04:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/04/03 17:12:14 | 00,014,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/02/23 14:45:06 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/03/12 14:18:06 | 00,169,192 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/03/12 14:17:46 | 01,221,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/03/12 14:17:10 | 00,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/03/09 15:31:02 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/05/03 19:06:00 | 00,061,440 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)


========== Driver Services (SafeList) ==========

DRV - [2009/11/04 04:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091104.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/11/04 04:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091104.009\NAVENG.SYS -- (NAVENG)
DRV - [2008/04/15 03:00:00 | 00,385,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/04/13 22:05:40 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2008/04/13 21:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/22 11:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 11:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/10/03 12:21:48 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2006/10/03 12:21:46 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/03 12:21:46 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/06/12 07:24:48 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/07/04 07:52:50 | 00,018,432 | ---- | M] (First 4 Internet) -- C:\WINDOWS\System32\Drivers\$sys$cor.sys -- ($sys$cor)
DRV - [2005/07/04 05:51:37 | 00,011,904 | ---- | M] (First 4 Internet) -- C:\WINDOWS\system32\$sys$filesystem\crater.sys -- ($sys$crater)
DRV - [2005/03/07 10:52:48 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/10/07 20:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/05/13 13:50:12 | 00,015,576 | R--- | M] () -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)
DRV - [2004/03/04 22:46:46 | 00,082,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/09 14:43:56 | 00,301,200 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 14:43:56 | 00,037,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2003/03/31 14:29:00 | 00,625,537 | ---- | M] (LT) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/03/31 06:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2003/03/31 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/03/09 15:31:02 | 00,021,456 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/09 15:31:02 | 00,016,080 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/09 15:31:00 | 00,051,024 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/01/10 15:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/10/01 08:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/07/16 10:03:00 | 00,095,125 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2002/07/16 10:03:00 | 00,091,156 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2002/07/16 10:03:00 | 00,054,900 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2002/07/16 10:03:00 | 00,034,805 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2002/07/16 10:03:00 | 00,023,701 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2002/07/16 10:03:00 | 00,014,421 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2002/07/16 10:03:00 | 00,006,325 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2002/07/16 10:03:00 | 00,004,117 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2002/07/16 10:03:00 | 00,002,201 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2002/07/13 06:27:04 | 00,155,008 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2002/06/19 18:43:44 | 00,005,589 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2002/06/19 18:42:58 | 00,022,995 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2002/06/06 11:56:00 | 00,040,368 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2002/06/05 12:21:00 | 00,081,552 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2002/05/22 21:44:06 | 00,069,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91})
DRV - [2002/05/22 21:43:56 | 00,090,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E})
DRV - [2002/05/22 21:42:54 | 00,078,045 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2002/05/07 13:39:00 | 00,493,896 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2002/05/03 19:06:00 | 00,931,882 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/04/09 00:44:56 | 00,188,032 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2002/03/23 01:14:52 | 00,095,936 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/12/27 05:52:58 | 00,027,136 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\SISAGP.sys -- (SISAGP)
DRV - [2001/12/07 23:26:00 | 00,013,502 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/08/17 14:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B)
DRV - [2001/08/17 13:53:32 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [2001/08/08 15:13:36 | 00,158,140 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 15:13:30 | 00,012,479 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 15:13:30 | 00,012,031 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 15:13:30 | 00,011,679 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 15:13:28 | 00,019,359 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 15:13:28 | 00,011,999 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 15:13:26 | 00,033,503 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 15:13:24 | 00,029,215 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 15:13:24 | 00,023,519 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 15:13:24 | 00,019,199 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/06/04 16:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 08:42:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 08:42:16 | 00,000,000 | ---D | M]

[2009/01/24 13:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/01/24 13:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/24 13:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\we0yh8y9.default\extensions
[2009/01/24 13:47:26 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/29 08:42:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/29 08:42:07 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 08:42:07 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/29 08:42:10 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/06/25 12:37:05 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/06/25 12:37:05 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/06/25 12:37:05 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/06/25 12:37:05 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/06/25 12:37:05 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/06/25 12:37:05 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/06/25 12:37:05 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (348919 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11964 more lines...
O2 - BHO: (no name) - {4dae4f67-4cc3-4bfd-be7d-dac28d822cfd} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150114990\EE\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Aim6] C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe (America Online, Inc.)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe (Northcode Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1238116034421 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} http://entimg.msn.com/client/msnmusax3913.cab (MsnMusicAx Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ModuleUsage: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 () - C:\Program Files\MSN Gaming Zone\samybixe.html
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/07/24 02:18:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2000/09/30 00:29:56 | 00,000,047 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2f98686a-ad43-11de-a1f7-00e0188b972e}\Shell - "" = AutoRun
O33 - MountPoints2\{2f98686a-ad43-11de-a1f7-00e0188b972e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2f98686a-ad43-11de-a1f7-00e0188b972e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b2badbaa-a0d3-11dc-a0e3-00e0188b972e}\Shell - "" = AutoRun
O33 - MountPoints2\{b2badbaa-a0d3-11dc-a0e3-00e0188b972e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2badbaa-a0d3-11dc-a0e3-00e0188b972e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d6cd8ed4-f2b0-11da-9f06-00e0188b972e}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{e24c65f6-9b1c-11d9-8078-00e0188b972e}\Shell\AutoRun\command - "" = G:\JDSecure\Windows\JDSecure31.exe -- File not found
O33 - MountPoints2\{fd1bc3fc-f984-11dd-a160-00e0188b972e}\Shell\AutoRun\command - "" = H:\CA_EDGEmobile.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Owner\Desktop\CAYF4HYV.
File not found -- C:\Documents and Settings\Owner\Desktop\CAL5BZ24.
[2009/11/04 19:41:25 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/04 09:39:49 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/04 09:14:01 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/04 09:13:58 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/04 09:13:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/04 09:11:05 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/11/03 11:19:25 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/01 16:12:45 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/01 16:10:12 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe
[2009/10/30 23:02:47 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\setup-spybotsd162.exe
[2009/10/27 11:22:52 | 00,000,000 | ---D | C] -- C:\SBS
[2009/10/20 11:57:34 | 00,098,656 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Owner\Desktop\g2m_download(2).exe

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Owner\Desktop\CAYF4HYV.
File not found -- C:\Documents and Settings\Owner\Desktop\CAL5BZ24.
[2009/11/04 19:50:49 | 00,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/11/04 19:50:25 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/04 19:49:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/04 19:49:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/04 10:03:08 | 09,699,328 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/04 10:03:08 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/04 09:39:53 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/04 09:14:05 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/04 09:11:08 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/11/03 17:18:50 | 00,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2009/11/03 11:20:19 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/03 11:19:25 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/03 11:11:52 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/11/02 18:48:41 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Ed week 8.xls
[2009/11/02 18:48:35 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Esther week 8.xls
[2009/11/01 16:16:43 | 00,010,946 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\hijackthis 110109a
[2009/11/01 16:12:47 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/11/01 16:10:19 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe
[2009/10/30 23:07:09 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/10/30 23:04:24 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\setup-spybotsd162.exe
[2009/10/29 01:18:02 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/22 17:38:10 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Ed and Esther Week 7.xls
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/21 20:09:51 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/20 11:57:40 | 00,098,656 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Owner\Desktop\g2m_download(2).exe
[2009/10/19 17:02:40 | 00,015,645 | ---- | M] () -- C:\WINDOWS\992zspy59.cpl
[2009/10/19 16:27:49 | 00,008,048 | ---- | M] () -- C:\WINDOWS\7d0downl95zer3154.cpl
[2009/10/19 11:57:10 | 00,012,580 | ---- | M] () -- C:\WINDOWS\System32\577b5zief2489.exe
[2009/10/19 06:38:39 | 00,014,284 | ---- | M] () -- C:\WINDOWS\System32\23565not-a-viruzdd9.ocx
[2009/10/19 01:28:40 | 00,008,592 | ---- | M] () -- C:\WINDOWS\7c5tz9ef907.exe
[2009/10/18 11:21:56 | 00,011,781 | ---- | M] () -- C:\WINDOWS\System32\16789zor56de.cpl
[2009/10/17 19:32:38 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Ed Esther week 6.xls
[2009/10/16 02:07:18 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/15 18:40:52 | 00,005,165 | ---- | M] () -- C:\WINDOWS\System32\3c5dspywa5917z0.exe
[2009/10/14 12:29:53 | 00,016,324 | ---- | M] () -- C:\WINDOWS\20022n9t-a5virusze.bin
[2009/10/13 23:27:10 | 00,006,104 | ---- | M] () -- C:\WINDOWS\13266hacktzo93d25.bin
[2009/10/13 18:09:41 | 00,007,199 | ---- | M] () -- C:\WINDOWS\System32\59zdsteal3258.exe
[2009/10/11 05:35:48 | 00,009,008 | ---- | M] () -- C:\WINDOWS\5f8fst5al9z1.exe
[2009/10/10 16:55:44 | 00,007,977 | ---- | M] () -- C:\WINDOWS\System32\198zs5eal2329.cpl
[2009/10/10 08:53:28 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Ed and Esther week 5.xls
[2009/10/10 08:02:57 | 00,018,357 | ---- | M] () -- C:\WINDOWS\System32\219425ir9s2z9.bin
[2009/10/07 00:34:37 | 00,003,953 | ---- | M] () -- C:\WINDOWS\725895ambotzd2.bin
[2009/10/06 16:14:10 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Ed and Esther Week 4 picks.xls

========== Files Created - No Company Name ==========

[2009/11/04 09:14:05 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/03 11:20:19 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/03 11:11:47 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/11/01 16:16:43 | 00,010,946 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\hijackthis 110109a
[2009/11/01 16:12:47 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/10/30 18:08:04 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Ed week 8.xls
[2009/10/30 17:58:44 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Esther week 8.xls
[2009/10/22 17:29:36 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Ed and Esther Week 7.xls
[2009/10/19 17:02:40 | 00,015,645 | ---- | C] () -- C:\WINDOWS\992zspy59.cpl
[2009/10/19 16:27:49 | 00,008,048 | ---- | C] () -- C:\WINDOWS\7d0downl95zer3154.cpl
[2009/10/19 11:57:10 | 00,012,580 | ---- | C] () -- C:\WINDOWS\System32\577b5zief2489.exe
[2009/10/19 06:38:39 | 00,014,284 | ---- | C] () -- C:\WINDOWS\System32\23565not-a-viruzdd9.ocx
[2009/10/19 01:28:40 | 00,008,592 | ---- | C] () -- C:\WINDOWS\7c5tz9ef907.exe
[2009/10/18 11:21:56 | 00,011,781 | ---- | C] () -- C:\WINDOWS\System32\16789zor56de.cpl
[2009/10/17 10:27:55 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Ed Esther week 6.xls
[2009/10/15 18:40:52 | 00,005,165 | ---- | C] () -- C:\WINDOWS\System32\3c5dspywa5917z0.exe
[2009/10/14 12:29:53 | 00,016,324 | ---- | C] () -- C:\WINDOWS\20022n9t-a5virusze.bin
[2009/10/13 23:27:10 | 00,006,104 | ---- | C] () -- C:\WINDOWS\13266hacktzo93d25.bin
[2009/10/13 18:09:41 | 00,007,199 | ---- | C] () -- C:\WINDOWS\System32\59zdsteal3258.exe
[2009/10/11 05:35:48 | 00,009,008 | ---- | C] () -- C:\WINDOWS\5f8fst5al9z1.exe
[2009/10/10 16:55:44 | 00,007,977 | ---- | C] () -- C:\WINDOWS\System32\198zs5eal2329.cpl
[2009/10/10 08:53:28 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Ed and Esther week 5.xls
[2009/10/10 08:02:57 | 00,018,357 | ---- | C] () -- C:\WINDOWS\System32\219425ir9s2z9.bin
[2009/10/07 00:34:37 | 00,003,953 | ---- | C] () -- C:\WINDOWS\725895ambotzd2.bin
[2007/05/22 18:00:22 | 02,073,654 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ZBWallpaper_1.bmp
[2007/05/22 17:59:58 | 02,073,654 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ZBWallpaper.bmp
[2007/03/22 19:05:22 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/10/24 19:18:27 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\CDVPreviewEx.dll
[2006/10/09 19:26:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM.INI
[2006/08/05 17:16:05 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/08 10:59:36 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/06/26 18:43:50 | 00,010,829 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2006/06/02 12:45:16 | 00,000,090 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2006/06/02 12:45:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DettoMe.INI
[2006/06/02 12:25:30 | 00,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2006/06/02 11:27:21 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2006/05/28 10:42:17 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/05/28 09:18:22 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/08 03:00:43 | 00,002,733 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/10/19 14:15:07 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/17 07:47:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/06/14 09:26:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/05/08 10:39:35 | 00,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/05/02 07:11:21 | 00,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2005/03/31 13:53:40 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/23 09:39:07 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2005/03/23 09:39:07 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2005/03/22 22:30:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/22 18:24:42 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2005/03/22 16:56:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/03/22 16:53:53 | 00,073,904 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2003/03/09 15:31:04 | 00,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/26 22:41:34 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/07/24 19:39:38 | 00,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2002/07/24 19:39:38 | 00,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2002/07/24 19:32:31 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2002/07/24 19:32:31 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/07/24 18:41:48 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2002/07/24 18:34:36 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2002/07/24 18:15:29 | 06,954,222 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2002/07/24 18:10:35 | 00,000,029 | ---- | C] () -- C:\WINDOWS\ALSndMgr.ini
[2002/07/24 17:58:11 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2002/07/24 17:58:11 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2002/07/24 17:57:49 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/07/24 02:29:49 | 00,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/07/24 02:29:09 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2002/07/24 02:14:33 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/07/24 02:05:50 | 00,000,663 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/07/24 02:05:41 | 00,001,062 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/07/24 02:05:38 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/07/23 19:10:29 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2002/05/22 21:44:14 | 00,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
[2002/05/22 21:04:26 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2002/05/15 05:26:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/09/01 00:33:58 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/08 15:13:22 | 00,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\wininit.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xjis.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng1.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpa.bak:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINZM.MB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINSP.MB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINPY.MB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winmine.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBDBT32I.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vmhelper.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TWAIN_32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tfswapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynthCore11Resources.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Syncor11.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sol.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SiSParse.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SiSInst.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SiSApCom.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S3Ovrlay.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S3Info2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S3Gamma2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S3Disply.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S11thk32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PyWinTypes22.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\prc.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PhotoImpression Screen Saver.scr:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phonptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phoncode.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phon.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nwiz.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nvsvc32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.kor:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.jpn:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjava.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msir3jp.lex:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msir3jp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mshearts.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msh261.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdayi.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\miniime.tpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mdimon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mapisvc.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lmpgvd.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lmpgspl.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lmpgad.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lcptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lcphrase.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\korwbrkr.lex:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\korwbrkr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jit.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javacypt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxtray.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxsrvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxress.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhk.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdgps.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdev.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxcpl.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmrnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdev5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdd5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iAlmCoIn_0_pv1102.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hypertrm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpzlnt07.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\HPUNINST.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hplink.ico:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Hphc3204.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpaghlpr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hkcmd.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsroute.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\freecell.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DSndUp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wVchNTxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wSiINTxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wCh7xxNT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wATV04nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wATV02NT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wATV01nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wADV05NT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wADV02NT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wADV01nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ssrtln.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sscdbhk5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\smwdm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sisgrp.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\SISAGP.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sensupgd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\s3gnbm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\PS2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pfc.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nv4_mini.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nv4.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ltmdmnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmsbw.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmnt5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmkchw.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\i81xnt5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\GEARAspiWDM.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\e100b325.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drvnddm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\drivers\drvmcdb.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Dot4Prt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aeaudio.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dbmsvinn.dLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dayiptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dayiphr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CleanUp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\chtbrkr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\chsbrkr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_is2022.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_21027.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20949.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20936.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20932.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20290.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20000.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1361.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10008.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10003.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10002.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10001.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\bopomofo.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\big5.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arrayhw.tab:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\array30.tab:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arphr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acode.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a3d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$ncsp$.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\crlds3d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SynCor.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\REGLOCS.OLD:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\NCLAUNCH.EXe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB898461.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB898458.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Owner\My Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Owner\Desktop\Calculator.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Owner\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotec.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPrx.prx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Windows Update.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vminst.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\updspapi.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNWISE.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tsoc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedon.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedoff.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauclt1.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\write.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpscheme.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wjview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WISPTIS.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmioctl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBV32I.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VxDMDcDlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\virtear.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VEN2232.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclx50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclsmp50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcljpg50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclie50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclib50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcldbx50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcldb50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclbde50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcl50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VB5DB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umloader.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\thistle_icon.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\teeui50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\teeqr50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\teedb50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tee50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syscontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spupdwxp.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spupdwxp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\speech.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spdwnwxp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SMMedia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slrundll.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisgrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisgl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sis740.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sis650.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shpshftr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scripto.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\S3uninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\S3Ovrlay.cfg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\S3Info2.cfg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\s3gnb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\S3Gamma2.cfg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\S3Disply.cfg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\runclose.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDBios32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qrpt50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PythonCOM22.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\python22.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ps2.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ps2.bat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pcdr_cs.vxd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PCDLIB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OUTLPERF.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OUTLPERF.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\omano.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrszht.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrszhc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrstr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsptb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrspt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsnl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsko.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsja.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrshu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrshe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrses.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrseng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrscs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsar.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvtuicpl.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvshell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrszht.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrszhc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrstr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsptb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrspt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsnl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsko.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsja.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrshu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrshe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrses.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrseng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrscs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsar.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvoglnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvinstnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nview.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nv4_disp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nv4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\npwmsdrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmfast50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nbicdnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NavLogon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswinsck.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msuni11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTKPRP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTDFMT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msssc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjdbc10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msisam11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msawt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplvw7.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplvpx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplvm6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplva6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplaw7.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplapx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplam6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplaa6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mindex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdmxsdk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keep in touch with HP.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_02-b09.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jdbgmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javart.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaprxy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaee.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\instFunc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\installink.bat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INKED.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetdb50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inet50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtrk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtha.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrsve.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrrus.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptg.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrplk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnld.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrkor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrjpn.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrita.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrhun.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrheb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfrc.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfra.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfin.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxresp.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrenu.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxreng.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrell.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdeu.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdan.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcsy.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcht.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrchs.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrarb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrara.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxpph.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtrk.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtha.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhsve.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhrus.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptg.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhplk.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhnor.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhnld.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhkor.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhjpn.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhita.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhhun.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhheb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfrc.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfra.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfin.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhesp.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhenu.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxheng.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhell.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdeu.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdan.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcsy.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcht.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhchs.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxharb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhara.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxeud.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxdo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxdiag.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxcfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ibevnt50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmrem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgicd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgdev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\i81xgicd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\i81xgdev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\i81xdnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\i81xcoin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hticons.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpREG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpojwia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpo5500a.aio:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpo5400a.aio:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpo5300a.aio:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hphsav04.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hphmon04.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hphipr11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hphipm11.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hphidr11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getuname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsperf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscount.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscfgwz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxdb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FXAB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\faxpatch.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx3j.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wATV10nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wATV06nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wadv11nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wADV09NT.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wADV08NT.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wADV07nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wa301b.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wa301a.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Vchnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vch.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smsens.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\slwdmsup.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\slnthal.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\slntamr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\slnt7554.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SiInt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\recagent.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\PcdrNt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ntmtlfax.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netwlan5.img:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mtxparhm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mtlstrm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mtlmnt5.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mdmxsdk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hsfdpsp2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hsfcxts2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hsfbs2s2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\enum1394.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cxthsfs2.cty:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Ch7xxNT5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atv10nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atv06nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atv04nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atv02nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atv01nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ativmc20.cod:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinxsxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinxbxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atintuxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinttxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinsnxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinrvxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinraxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinpdxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinmdxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinbtxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati2mtag.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati2mtaa.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1xsxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1xbxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1tuxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1ttxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1snxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1rvxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1raxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1pdxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1mdxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1btxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv09nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv08nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv07nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv05nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv02nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv01nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a312.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a311.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a310.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a309.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a308.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a307.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a306.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a305.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a304.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a303.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a302.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmcpl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\delphimm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsadsn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cpuinf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clspack.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cc3250mt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cc3250.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\borlndmm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BOCOLE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Bocof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bfc42d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bfc42.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bdeadmin.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bcbmm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avwav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Audio3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATHPRXY.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\setup.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\hpsysdrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\hpsysdrv.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SynthCoreA.Dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\svcpack.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\spupdsvc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Soap Bubbles.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\smscfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setuperr.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupapi.log.0.old:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupact.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setdebug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\sessmgr.setup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\River Sumida.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\regopt.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q315403.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q315000.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q312370.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q311889.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q311842.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q309691.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q309521.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q308677.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q308676.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Prairie Wind.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\pcdlib32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.isu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\OEWABLog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocmsn.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocgen.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ntdtcsetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ntbtlog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msgsocm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\medctroc.Log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893803v2.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893803.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893086.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB891781.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890923.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890859.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890175.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890047.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB888302.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB888113.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB887742.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB887472.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB886185.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885884.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885836.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885835.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885250.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB873339.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB873333.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB867282.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\jautoexp.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\iis6.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\hphmdl11.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\hpfsched.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Greenstone.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Gone Fishing.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FeatherTexture.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FaxSetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DtcInstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\dla.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\corelpf.lrs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\comsetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Coffee Bean.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\cmsetacl.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blue Lace 16.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ALSndMgr.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\_default.pif:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\SiSSetup1.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\SiSSetup.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\Symantec AntiVirus\DefWatch.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\iTunesSetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Install_AIM.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\GoogleToolbarInstaller.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\tempdiff.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\ml2.srt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\ml1.srt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\DeadAIM.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wmsetup.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\prcp.nls:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\a234.tbl:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\a15.tbl:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\setupapi.log.1.old:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB896428.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB896422.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB896358.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB893066.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB890046.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB883939.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\DirectX.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\Owner\ntuser.ini:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\fxsclntR.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oemlogo.bmp:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oeminfo.ini:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\nvqtwk.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\nvcpl.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvcp61.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\LCodcCMP.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\hccutils.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\fxssend.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DRIVERS\nv_agp.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\Dot4usb.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\Dot4scan.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\NCUNINST.EXe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Desktop\HP Memories Disc.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk:KAVICHS
< End of report >

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:35 PM

Posted 05 November 2009 - 08:16 AM

Download and extract this file and then run the tool.
http://downloads2.kaspersky-labs.com/utils...reamremover.zip



Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2009/10/19 17:02:40 | 00,015,645 | ---- | C] () -- C:\WINDOWS\992zspy59.cpl
    [2009/10/19 16:27:49 | 00,008,048 | ---- | C] () -- C:\WINDOWS\7d0downl95zer3154.cpl
    [2009/10/19 11:57:10 | 00,012,580 | ---- | C] () -- C:\WINDOWS\System32\577b5zief2489.exe
    [2009/10/19 06:38:39 | 00,014,284 | ---- | C] () -- C:\WINDOWS\System32\23565not-a-viruzdd9.ocx
    [2009/10/19 01:28:40 | 00,008,592 | ---- | C] () -- C:\WINDOWS\7c5tz9ef907.exe
    [2009/10/18 11:21:56 | 00,011,781 | ---- | C] () -- C:\WINDOWS\System32\16789zor56de.cpl
    [2009/10/15 18:40:52 | 00,005,165 | ---- | C] () -- C:\WINDOWS\System32\3c5dspywa5917z0.exe
    [2009/10/14 12:29:53 | 00,016,324 | ---- | C] () -- C:\WINDOWS\20022n9t-a5virusze.bin
    [2009/10/13 23:27:10 | 00,006,104 | ---- | C] () -- C:\WINDOWS\13266hacktzo93d25.bin
    [2009/10/13 18:09:41 | 00,007,199 | ---- | C] () -- C:\WINDOWS\System32\59zdsteal3258.exe
    [2009/10/11 05:35:48 | 00,009,008 | ---- | C] () -- C:\WINDOWS\5f8fst5al9z1.exe
    [2009/10/10 16:55:44 | 00,007,977 | ---- | C] () -- C:\WINDOWS\System32\198zs5eal2329.cpl
    [2009/10/10 08:02:57 | 00,018,357 | ---- | C] () -- C:\WINDOWS\System32\219425ir9s2z9.bin
    [2009/10/07 00:34:37 | 00,003,953 | ---- | C] () -- C:\WINDOWS\725895ambotzd2.bin
    
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 epm522

epm522
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 05 November 2009 - 10:03 AM

Thanks. Here are the latest logs.

All processes killed
========== OTL ==========
C:\WINDOWS\992zspy59.cpl moved successfully.
C:\WINDOWS\7d0downl95zer3154.cpl moved successfully.
C:\WINDOWS\system32\577b5zief2489.exe moved successfully.
C:\WINDOWS\system32\23565not-a-viruzdd9.ocx moved successfully.
C:\WINDOWS\7c5tz9ef907.exe moved successfully.
C:\WINDOWS\system32\16789zor56de.cpl moved successfully.
C:\WINDOWS\system32\3c5dspywa5917z0.exe moved successfully.
C:\WINDOWS\20022n9t-a5virusze.bin moved successfully.
C:\WINDOWS\13266hacktzo93d25.bin moved successfully.
C:\WINDOWS\system32\59zdsteal3258.exe moved successfully.
C:\WINDOWS\5f8fst5al9z1.exe moved successfully.
C:\WINDOWS\system32\198zs5eal2329.cpl moved successfully.
C:\WINDOWS\system32\219425ir9s2z9.bin moved successfully.
C:\WINDOWS\725895ambotzd2.bin moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 270 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 85907222 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 82.04 mb


OTL by OldTimer - Version 3.1.3.3 log created on 11052009_093932

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL logfile created on: 11/5/2009 9:47:49 AM - Run 3
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.52 Mb Total Physical Memory | 98.78 Mb Available Physical Memory | 19.35% Memory free
1.22 Gb Paging File | 0.70 Gb Available in Paging File | 57.36% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.50 Gb Total Space | 56.36 Gb Free Space | 81.10% Space Free | Partition Type: NTFS
Drive D: | 5.02 Gb Total Space | 0.98 Gb Free Space | 19.59% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 38.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GJC136
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/04 09:39:53 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/10/29 08:42:07 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/24 12:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 12:25:22 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/14 04:42:30 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
PRC - [2008/04/14 04:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 17:16:42 | 00,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2006/05/09 19:24:16 | 00,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1150114990\EE\aolsoftware.exe
PRC - [2006/02/23 14:45:20 | 00,278,528 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2006/02/23 14:45:06 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/03/30 00:35:55 | 00,040,960 | ---- | M] (Northcode Inc.) -- C:\WINDOWS\NCLAUNCH.EXe
PRC - [2004/10/18 16:42:18 | 00,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
PRC - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 00,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/03/12 14:18:32 | 00,124,128 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2004/03/12 14:17:46 | 01,221,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/03/12 14:17:10 | 00,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/02/18 12:55:28 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2003/12/22 07:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2003/04/06 00:06:58 | 00,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/05 23:55:04 | 00,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/05 23:45:10 | 00,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/05 23:37:10 | 00,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2003/03/09 15:31:02 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/03/09 15:30:52 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
PRC - [2002/10/06 23:23:20 | 00,090,112 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
PRC - [2002/07/16 10:03:00 | 00,106,549 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2002/05/15 05:29:02 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2002/05/15 05:20:50 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2001/07/06 23:56:56 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\KBD.EXE
PRC - [1998/05/07 18:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009/11/04 09:39:53 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/14 04:42:52 | 01,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 04:42:02 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/14 04:41:54 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2007/04/19 13:21:40 | 00,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
MOD - [2001/10/04 16:50:08 | 00,040,820 | ---- | M] (SoundMAX) -- C:\WINDOWS\system32\Syncor11.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (AOL ACS)
SRV - [2008/04/24 12:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2)
SRV - [2008/04/14 04:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/04/03 17:12:14 | 00,014,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/02/23 14:45:06 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/03/12 14:18:06 | 00,169,192 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/03/12 14:17:46 | 01,221,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/03/12 14:17:10 | 00,029,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/03/09 15:31:02 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/05/03 19:06:00 | 00,061,440 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)


========== Driver Services (SafeList) ==========

DRV - [2009/11/04 04:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091104.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/11/04 04:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091104.009\NAVENG.SYS -- (NAVENG)
DRV - [2008/04/15 03:00:00 | 00,385,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/04/13 22:05:40 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2008/04/13 21:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/22 11:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 11:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/10/03 12:21:48 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2006/10/03 12:21:46 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/03 12:21:46 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/06/12 07:24:48 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/07/04 07:52:50 | 00,018,432 | ---- | M] (First 4 Internet) -- C:\WINDOWS\System32\Drivers\$sys$cor.sys -- ($sys$cor)
DRV - [2005/07/04 05:51:37 | 00,011,904 | ---- | M] (First 4 Internet) -- C:\WINDOWS\system32\$sys$filesystem\crater.sys -- ($sys$crater)
DRV - [2005/03/07 10:52:48 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/10/07 20:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/05/13 13:50:12 | 00,015,576 | R--- | M] () -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)
DRV - [2004/03/04 22:46:46 | 00,082,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/09 14:43:56 | 00,301,200 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 14:43:56 | 00,037,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2003/03/31 14:29:00 | 00,625,537 | ---- | M] (LT) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/03/31 06:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2003/03/31 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/03/09 15:31:02 | 00,021,456 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/09 15:31:02 | 00,016,080 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/09 15:31:00 | 00,051,024 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/01/10 15:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/10/01 08:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/07/16 10:03:00 | 00,095,125 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2002/07/16 10:03:00 | 00,091,156 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2002/07/16 10:03:00 | 00,054,900 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2002/07/16 10:03:00 | 00,034,805 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2002/07/16 10:03:00 | 00,023,701 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2002/07/16 10:03:00 | 00,014,421 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2002/07/16 10:03:00 | 00,006,325 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2002/07/16 10:03:00 | 00,004,117 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2002/07/16 10:03:00 | 00,002,201 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2002/07/13 06:27:04 | 00,155,008 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2002/06/19 18:43:44 | 00,005,589 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2002/06/19 18:42:58 | 00,022,995 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2002/06/06 11:56:00 | 00,040,368 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2002/06/05 12:21:00 | 00,081,552 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2002/05/22 21:44:06 | 00,069,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91})
DRV - [2002/05/22 21:43:56 | 00,090,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E})
DRV - [2002/05/22 21:42:54 | 00,078,045 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2002/05/07 13:39:00 | 00,493,896 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2002/05/03 19:06:00 | 00,931,882 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/04/09 00:44:56 | 00,188,032 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2002/03/23 01:14:52 | 00,095,936 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/12/27 05:52:58 | 00,027,136 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\SISAGP.sys -- (SISAGP)
DRV - [2001/12/07 23:26:00 | 00,013,502 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/08/17 14:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B)
DRV - [2001/08/17 13:53:32 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [2001/08/08 15:13:36 | 00,158,140 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 15:13:30 | 00,012,479 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 15:13:30 | 00,012,031 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 15:13:30 | 00,011,679 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 15:13:28 | 00,019,359 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 15:13:28 | 00,011,999 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 15:13:26 | 00,033,503 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 15:13:24 | 00,029,215 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 15:13:24 | 00,023,519 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 15:13:24 | 00,019,199 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/06/04 16:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 08:42:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 08:42:16 | 00,000,000 | ---D | M]

[2009/01/24 13:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/01/24 13:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/24 13:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\we0yh8y9.default\extensions
[2009/01/24 13:47:26 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/29 08:42:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/29 08:42:07 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 08:42:07 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/29 08:42:10 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/06/25 12:37:05 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/06/25 12:37:05 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/06/25 12:37:05 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/06/25 12:37:05 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/06/25 12:37:05 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/06/25 12:37:05 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/06/25 12:37:05 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (348919 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11964 more lines...
O2 - BHO: (no name) - {4dae4f67-4cc3-4bfd-be7d-dac28d822cfd} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150114990\EE\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Aim6] C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe (America Online, Inc.)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe (Northcode Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1238116034421 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} http://entimg.msn.com/client/msnmusax3913.cab (MsnMusicAx Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ModuleUsage: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 () - C:\Program Files\MSN Gaming Zone\samybixe.html
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/07/24 02:18:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2000/09/30 00:29:56 | 00,000,047 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2f98686a-ad43-11de-a1f7-00e0188b972e}\Shell - "" = AutoRun
O33 - MountPoints2\{2f98686a-ad43-11de-a1f7-00e0188b972e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2f98686a-ad43-11de-a1f7-00e0188b972e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b2badbaa-a0d3-11dc-a0e3-00e0188b972e}\Shell - "" = AutoRun
O33 - MountPoints2\{b2badbaa-a0d3-11dc-a0e3-00e0188b972e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2badbaa-a0d3-11dc-a0e3-00e0188b972e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d6cd8ed4-f2b0-11da-9f06-00e0188b972e}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{e24c65f6-9b1c-11d9-8078-00e0188b972e}\Shell\AutoRun\command - "" = G:\JDSecure\Windows\JDSecure31.exe -- File not found
O33 - MountPoints2\{fd1bc3fc-f984-11dd-a160-00e0188b972e}\Shell\AutoRun\command - "" = H:\CA_EDGEmobile.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Owner\Desktop\CAYF4HYV.
File not found -- C:\Documents and Settings\Owner\Desktop\CAL5BZ24.
[2009/11/04 19:41:25 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/04 09:39:49 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/04 09:14:01 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/04 09:13:58 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/04 09:13:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/04 09:11:05 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/11/03 11:19:25 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/01 16:12:45 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/01 16:10:12 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe
[2009/10/30 23:02:47 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\setup-spybotsd162.exe
[2009/10/27 11:22:52 | 00,000,000 | ---D | C] -- C:\SBS
[2009/10/20 11:57:34 | 00,098,656 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Owner\Desktop\g2m_download(2).exe

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Owner\Desktop\CAYF4HYV.
File not found -- C:\Documents and Settings\Owner\Desktop\CAL5BZ24.
[2009/11/05 09:44:07 | 00,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/11/05 09:43:21 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/05 09:42:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/05 09:41:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/05 09:40:51 | 09,699,328 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/05 09:40:25 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/04 09:39:53 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/04 09:14:05 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/04 09:11:08 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/11/03 17:18:50 | 00,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2009/11/03 11:20:19 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/03 11:19:25 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/03 11:11:52 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/11/02 18:48:41 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Ed week 8.xls
[2009/11/02 18:48:35 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Esther week 8.xls
[2009/11/01 16:16:43 | 00,010,946 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\hijackthis 110109a
[2009/11/01 16:12:47 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/11/01 16:10:19 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTInstall.exe
[2009/10/30 23:07:09 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/10/30 23:04:24 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\setup-spybotsd162.exe
[2009/10/29 01:18:02 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/22 17:38:10 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Ed and Esther Week 7.xls
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/21 20:09:51 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/20 11:57:40 | 00,098,656 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Owner\Desktop\g2m_download(2).exe
[2009/10/17 19:32:38 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Ed Esther week 6.xls
[2009/10/16 02:07:18 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/10 08:53:28 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Ed and Esther week 5.xls
[2009/10/06 16:14:10 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Ed and Esther Week 4 picks.xls

========== Files Created - No Company Name ==========

[2009/11/04 09:14:05 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/03 11:20:19 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/03 11:11:47 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/11/01 16:16:43 | 00,010,946 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\hijackthis 110109a
[2009/11/01 16:12:47 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/10/30 18:08:04 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Ed week 8.xls
[2009/10/30 17:58:44 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Esther week 8.xls
[2009/10/22 17:29:36 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Ed and Esther Week 7.xls
[2009/10/17 10:27:55 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Ed Esther week 6.xls
[2009/10/10 08:53:28 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Ed and Esther week 5.xls
[2007/05/22 18:00:22 | 02,073,654 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ZBWallpaper_1.bmp
[2007/05/22 17:59:58 | 02,073,654 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ZBWallpaper.bmp
[2007/03/22 19:05:22 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/10/24 19:18:27 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\CDVPreviewEx.dll
[2006/10/09 19:26:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM.INI
[2006/08/05 17:16:05 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/08 10:59:36 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/06/26 18:43:50 | 00,010,829 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2006/06/02 12:45:16 | 00,000,090 | ---- | C] () -- C:\WINDOWS\USBBC.ini
[2006/06/02 12:45:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DettoMe.INI
[2006/06/02 12:25:30 | 00,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2006/06/02 11:27:21 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2006/05/28 10:42:17 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/05/28 09:18:22 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/08 03:00:43 | 00,002,733 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/10/19 14:15:07 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/17 07:47:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/06/14 09:26:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/05/08 10:39:35 | 00,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/05/02 07:11:21 | 00,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2005/03/31 13:53:40 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/23 09:39:07 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2005/03/23 09:39:07 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2005/03/22 22:30:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/22 18:24:42 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2005/03/22 16:56:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/03/22 16:53:53 | 00,073,904 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2003/03/09 15:31:04 | 00,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/26 22:41:34 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/07/24 19:39:38 | 00,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2002/07/24 19:39:38 | 00,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2002/07/24 19:32:31 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2002/07/24 19:32:31 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/07/24 18:41:48 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2002/07/24 18:34:36 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2002/07/24 18:15:29 | 06,954,222 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2002/07/24 18:10:35 | 00,000,029 | ---- | C] () -- C:\WINDOWS\ALSndMgr.ini
[2002/07/24 17:58:11 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2002/07/24 17:58:11 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2002/07/24 17:57:49 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/07/24 02:29:49 | 00,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/07/24 02:29:09 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2002/07/24 02:14:33 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/07/24 02:05:50 | 00,000,663 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/07/24 02:05:41 | 00,001,062 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/07/24 02:05:38 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/07/23 19:10:29 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2002/05/22 21:44:14 | 00,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
[2002/05/22 21:04:26 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2002/05/15 05:26:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/09/01 00:33:58 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/08 15:13:22 | 00,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\wininit.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xjis.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng1.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpa.bak:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINZM.MB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINSP.MB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINPY.MB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winmine.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBDBT32I.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vmhelper.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TWAIN_32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tfswapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynthCore11Resources.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Syncor11.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sol.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SiSParse.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SiSInst.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SiSApCom.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S3Ovrlay.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S3Info2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S3Gamma2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S3Disply.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\S11thk32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PyWinTypes22.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\prc.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PhotoImpression Screen Saver.scr:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phonptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phoncode.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\phon.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nwiz.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nvsvc32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.kor:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\noise.jpn:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjava.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msir3jp.lex:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msir3jp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mshearts.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msh261.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdayi.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\miniime.tpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mdimon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mapisvc.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lmpgvd.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lmpgspl.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lmpgad.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lcptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lcphrase.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\korwbrkr.lex:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\korwbrkr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\jit.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\javacypt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxtray.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxsrvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxress.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhk.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdgps.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdev.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxcpl.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmrnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdev5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdd5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iAlmCoIn_0_pv1102.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hypertrm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpzlnt07.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\HPUNINST.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hplink.ico:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Hphc3204.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpaghlpr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hkcmd.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsroute.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\freecell.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DSndUp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wVchNTxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wSiINTxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wCh7xxNT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wATV04nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wATV02NT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wATV01nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wADV05NT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wADV02NT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wADV01nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ssrtln.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sscdbhk5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\smwdm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sisgrp.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\SISAGP.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\sensupgd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\s3gnbm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\PS2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pfc.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nv4_mini.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nv4.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ltmdmnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmsbw.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmnt5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ialmkchw.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\i81xnt5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\GEARAspiWDM.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\e100b325.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\drvnddm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\drivers\drvmcdb.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Dot4Prt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\aeaudio.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dbmsvinn.dLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dayiptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dayiphr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CleanUp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\chtbrkr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\chsbrkr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_is2022.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_21027.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20949.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20936.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20932.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20290.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20000.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1361.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10008.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10003.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10002.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10001.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\bopomofo.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\big5.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arrayhw.tab:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\array30.tab:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arptr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\arphr.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acode.tbl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a3d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$ncsp$.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\crlds3d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SynCor.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\REGLOCS.OLD:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\NCLAUNCH.EXe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB898461.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB898458.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Owner\My Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Owner\Desktop\Calculator.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Owner\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotec.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WMSysPrx.prx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Windows Update.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vminst.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\updspapi.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\UNWISE.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\tsoc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedon.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedoff.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauclt1.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\write.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpscheme.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wjview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WISPTIS.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmioctl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBV32I.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VxDMDcDlg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\virtear.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VEN2232.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclx50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclsmp50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcljpg50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclie50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclib50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcldbx50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcldb50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclbde50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcl50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAME.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VB5DB.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umloader.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\thistle_icon.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\teeui50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\teeqr50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\teedb50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tee50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syscontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spupdwxp.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spupdwxp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\speech.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spdwnwxp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SMMedia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slrundll.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisgrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisgl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sis740.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sis650.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shpshftr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scripto.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\SCP32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\S3uninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\S3Ovrlay.cfg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\S3Info2.cfg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\s3gnb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\S3Gamma2.cfg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\S3Disply.cfg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\runclose.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDBios32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qrpt50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PythonCOM22.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\python22.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ps2.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ps2.bat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pcdr_cs.vxd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PCDLIB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OUTLPERF.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OUTLPERF.H:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\omano.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrszht.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrszhc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrstr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrssk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsptb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrspt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsnl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsko.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsja.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrshu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrshe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrses.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrseng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrscs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvwrsar.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvtuicpl.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvshell.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrszht.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrszhc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrstr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrssk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsptb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrspt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsnl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsko.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsja.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrshu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrshe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrses.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrseng.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsde.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrscs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvrsar.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvoglnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nvinstnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nview.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nv4_disp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nv4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\npwmsdrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmfast50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nbicdnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NavLogon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswinsck.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msuni11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTKPRP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTDFMT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msssc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjdbc10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msisam11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msawt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplvw7.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplvpx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplvm6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplva6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplaw7.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplapx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplam6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mplaa6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mindex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdmxsdk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPISRVR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keep in touch with HP.htm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_02-b09.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jdbgmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javart.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaprxy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaee.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\instFunc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\installink.bat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\INKED.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetdb50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inet50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtrk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtha.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrsve.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrrus.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptg.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrplk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnld.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrkor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrjpn.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrita.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrhun.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrheb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfrc.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfra.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfin.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxresp.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrenu.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxreng.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrell.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdeu.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdan.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcsy.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcht.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrchs.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrarb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrara.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxpph.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtrk.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtha.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhsve.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhrus.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptg.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhplk.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhnor.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhnld.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhkor.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhjpn.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhita.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhhun.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhheb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfrc.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfra.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfin.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhesp.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhenu.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxheng.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhell.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdeu.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdan.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcsy.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcht.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhchs.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxharb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhara.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxeud.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxdo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxdiag.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxcfg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ibevnt50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmrem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgicd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgdev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\i81xgicd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\i81xgdev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\i81xdnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\i81xcoin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hticons.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpREG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpojwia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpo5500a.aio:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpo5400a.aio:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpo5300a.aio:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hphsav04.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hphmon04.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hphipr11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hphipm11.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hphidr11.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getuname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsperf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscount.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscfgwz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxdb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FXAB32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\faxpatch.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx3j.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wATV10nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wATV06nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wadv11nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wADV09NT.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wADV08NT.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wADV07nt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wa301b.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wa301a.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Vchnt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vch.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smsens.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\slwdmsup.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\slnthal.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\slntamr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\slnt7554.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SiInt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\recagent.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\PcdrNt.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ntmtlfax.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netwlan5.img:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mtxparhm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mtlstrm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mtlmnt5.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mdmxsdk.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hsfdpsp2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hsfcxts2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\hsfbs2s2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\enum1394.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cxthsfs2.cty:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Ch7xxNT5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atv10nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atv06nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atv04nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atv02nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atv01nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ativmc20.cod:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinxsxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinxbxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atintuxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinttxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinsnxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinrvxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinraxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinpdxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinmdxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atinbtxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati2mtag.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati2mtaa.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1xsxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1xbxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1tuxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1ttxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1snxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1rvxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1raxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1pdxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1mdxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ati1btxx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv09nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv08nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv07nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv05nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv02nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\adv01nt5.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a312.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a311.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a310.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a309.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a308.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a307.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a306.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a305.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a304.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a303.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a302.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmcpl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\delphimm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dbmsadsn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cpuinf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CONFIG.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clspack.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cc3250mt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cc3250.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\borlndmm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\BOCOLE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Bocof.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bfc42d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bfc42.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bdeadmin.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bcbmm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avwav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Audio3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ATHPRXY.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\setup.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\hpsysdrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\hpsysdrv.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SynthCoreA.Dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\svcpack.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\spupdsvc.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Soap Bubbles.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\smscfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setuperr.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupapi.log.0.old:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setupact.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setdebug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\sessmgr.setup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\River Sumida.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\regopt.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q315403.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q315000.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q312370.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q311889.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q311842.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q309691.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q309521.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q308677.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q308676.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Prairie Wind.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\pcdlib32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.isu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\OEWABLog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocmsn.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ocgen.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ntdtcsetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ntbtlog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msgsocm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\medctroc.Log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893803v2.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893803.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893086.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB891781.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890923.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890859.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890175.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890047.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB888302.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB888113.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB887742.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB887472.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB886185.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885884.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885836.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885835.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885250.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB873339.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB873333.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB867282.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\jautoexp.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\iis6.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\hphmdl11.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\hpfsched.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Greenstone.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Gone Fishing.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FeatherTexture.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FaxSetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DtcInstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\dla.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\corelpf.lrs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\comsetup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Coffee Bean.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\cmsetacl.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blue Lace 16.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ALSndMgr.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\_default.pif:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\SiSSetup1.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\SiSSetup.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\Symantec AntiVirus\DefWatch.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\iTunesSetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Install_AIM.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\GoogleToolbarInstaller.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\tempdiff.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\ml2.srt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\ml1.srt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\DeadAIM.exe:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wmsetup.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\prcp.nls:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\a234.tbl:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\a15.tbl:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\setupapi.log.1.old:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB896428.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB896422.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB896358.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB893066.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB890046.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB883939.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\DirectX.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\Owner\ntuser.ini:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\fxsclntR.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oemlogo.bmp:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oeminfo.ini:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\nvqtwk.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\nvcpl.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvcp61.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\LCodcCMP.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\hccutils.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\fxssend.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DRIVERS\nv_agp.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\Dot4usb.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\Dot4scan.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\NCUNINST.EXe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Desktop\HP Memories Disc.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk:KAVICHS
< End of report >

#10 epm522

epm522
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 05 November 2009 - 10:10 AM

I just realized I forgot to run the Kapersky piece before running the fix and the OTL. I have since downloaded it and ran the program.

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:35 PM

Posted 05 November 2009 - 06:43 PM

How is your computer behaving now?

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 epm522

epm522
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 05 November 2009 - 06:52 PM

I'll run that one later tonight. SO far I don't see anymore pop ups for Block Watcher and overall it seems to run fine. Friends have recommended AVG for security. What is your opinion?

Thanks

Ed

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:35 PM

Posted 05 November 2009 - 07:18 PM

AVG is good, but the latest versions seem to use a lot of resources, which potentially could slow your computer's performance. I've actually found Avast to be a better option right now.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users